From f79ad6417b2d644a897d06f9f1eab7f5489252a2 Mon Sep 17 00:00:00 2001 From: Joshua Watt Date: Tue, 5 Mar 2024 15:08:44 -0700 Subject: [PATCH] spdx3-data --- tests/data/model/spdx3-context.json | 895 +-- tests/data/model/spdx3.jsonld | 8449 ++++++++++---------- tests/expect/jsonschema/spdx3-context.json | 716 +- tests/expect/python/spdx3-context.py | 1323 ++- tests/expect/raw/spdx3-context.txt | 94 +- 5 files changed, 5671 insertions(+), 5806 deletions(-) diff --git a/tests/data/model/spdx3-context.json b/tests/data/model/spdx3-context.json index f8fc569..d199dc6 100644 --- a/tests/data/model/spdx3-context.json +++ b/tests/data/model/spdx3-context.json @@ -1,623 +1,472 @@ { "@context": { - "AI/SafetyRiskAssessmentType/high": "spdx:AI/SafetyRiskAssessmentType/high", - "AI/SafetyRiskAssessmentType/low": "spdx:AI/SafetyRiskAssessmentType/low", - "AI/SafetyRiskAssessmentType/medium": "spdx:AI/SafetyRiskAssessmentType/medium", - "AI/SafetyRiskAssessmentType/serious": "spdx:AI/SafetyRiskAssessmentType/serious", - "AIPackage": "spdx:AI/AIPackage", - "Agent": "spdx:Core/Agent", - "Annotation": "spdx:Core/Annotation", - "AnnotationType": "spdx:Core/AnnotationType", - "AnyLicenseInfo": "spdx:SimpleLicensing/AnyLicenseInfo", - "Artifact": "spdx:Core/Artifact", - "Bom": "spdx:Core/Bom", - "Build": "spdx:Build/Build", - "Bundle": "spdx:Core/Bundle", - "ConfidentialityLevelType": "spdx:Dataset/ConfidentialityLevelType", - "ConjunctiveLicenseSet": "spdx:ExpandedLicensing/ConjunctiveLicenseSet", - "Core/AnnotationType/other": "spdx:Core/AnnotationType/other", - "Core/AnnotationType/review": "spdx:Core/AnnotationType/review", - "Core/ExternalIdentifierType/cpe22": "spdx:Core/ExternalIdentifierType/cpe22", - "Core/ExternalIdentifierType/cpe23": "spdx:Core/ExternalIdentifierType/cpe23", - "Core/ExternalIdentifierType/cve": "spdx:Core/ExternalIdentifierType/cve", - "Core/ExternalIdentifierType/email": "spdx:Core/ExternalIdentifierType/email", - "Core/ExternalIdentifierType/gitoid": "spdx:Core/ExternalIdentifierType/gitoid", - "Core/ExternalIdentifierType/other": "spdx:Core/ExternalIdentifierType/other", - "Core/ExternalIdentifierType/packageUrl": "spdx:Core/ExternalIdentifierType/packageUrl", - "Core/ExternalIdentifierType/securityOther": "spdx:Core/ExternalIdentifierType/securityOther", - "Core/ExternalIdentifierType/swhid": "spdx:Core/ExternalIdentifierType/swhid", - "Core/ExternalIdentifierType/swid": "spdx:Core/ExternalIdentifierType/swid", - "Core/ExternalIdentifierType/urlScheme": "spdx:Core/ExternalIdentifierType/urlScheme", - "Core/ExternalRefType/altDownloadLocation": "spdx:Core/ExternalRefType/altDownloadLocation", - "Core/ExternalRefType/altWebPage": "spdx:Core/ExternalRefType/altWebPage", - "Core/ExternalRefType/binaryArtifact": "spdx:Core/ExternalRefType/binaryArtifact", - "Core/ExternalRefType/bower": "spdx:Core/ExternalRefType/bower", - "Core/ExternalRefType/buildMeta": "spdx:Core/ExternalRefType/buildMeta", - "Core/ExternalRefType/buildSystem": "spdx:Core/ExternalRefType/buildSystem", - "Core/ExternalRefType/certificationReport": "spdx:Core/ExternalRefType/certificationReport", - "Core/ExternalRefType/chat": "spdx:Core/ExternalRefType/chat", - "Core/ExternalRefType/componentAnalysisReport": "spdx:Core/ExternalRefType/componentAnalysisReport", - "Core/ExternalRefType/documentation": "spdx:Core/ExternalRefType/documentation", - "Core/ExternalRefType/dynamicAnalysisReport": "spdx:Core/ExternalRefType/dynamicAnalysisReport", - "Core/ExternalRefType/eolNotice": "spdx:Core/ExternalRefType/eolNotice", - "Core/ExternalRefType/exportControlAssessment": "spdx:Core/ExternalRefType/exportControlAssessment", - "Core/ExternalRefType/funding": "spdx:Core/ExternalRefType/funding", - "Core/ExternalRefType/issueTracker": "spdx:Core/ExternalRefType/issueTracker", - "Core/ExternalRefType/license": "spdx:Core/ExternalRefType/license", - "Core/ExternalRefType/mailingList": "spdx:Core/ExternalRefType/mailingList", - "Core/ExternalRefType/mavenCentral": "spdx:Core/ExternalRefType/mavenCentral", - "Core/ExternalRefType/metrics": "spdx:Core/ExternalRefType/metrics", - "Core/ExternalRefType/npm": "spdx:Core/ExternalRefType/npm", - "Core/ExternalRefType/nuget": "spdx:Core/ExternalRefType/nuget", - "Core/ExternalRefType/other": "spdx:Core/ExternalRefType/other", - "Core/ExternalRefType/privacyAssessment": "spdx:Core/ExternalRefType/privacyAssessment", - "Core/ExternalRefType/productMetadata": "spdx:Core/ExternalRefType/productMetadata", - "Core/ExternalRefType/purchaseOrder": "spdx:Core/ExternalRefType/purchaseOrder", - "Core/ExternalRefType/qualityAssessmentReport": "spdx:Core/ExternalRefType/qualityAssessmentReport", - "Core/ExternalRefType/releaseHistory": "spdx:Core/ExternalRefType/releaseHistory", - "Core/ExternalRefType/releaseNotes": "spdx:Core/ExternalRefType/releaseNotes", - "Core/ExternalRefType/riskAssessment": "spdx:Core/ExternalRefType/riskAssessment", - "Core/ExternalRefType/runtimeAnalysisReport": "spdx:Core/ExternalRefType/runtimeAnalysisReport", - "Core/ExternalRefType/secureSoftwareAttestation": "spdx:Core/ExternalRefType/secureSoftwareAttestation", - "Core/ExternalRefType/securityAdversaryModel": "spdx:Core/ExternalRefType/securityAdversaryModel", - "Core/ExternalRefType/securityAdvisory": "spdx:Core/ExternalRefType/securityAdvisory", - "Core/ExternalRefType/securityFix": "spdx:Core/ExternalRefType/securityFix", - "Core/ExternalRefType/securityOther": "spdx:Core/ExternalRefType/securityOther", - "Core/ExternalRefType/securityPenTestReport": "spdx:Core/ExternalRefType/securityPenTestReport", - "Core/ExternalRefType/securityPolicy": "spdx:Core/ExternalRefType/securityPolicy", - "Core/ExternalRefType/securityThreatModel": "spdx:Core/ExternalRefType/securityThreatModel", - "Core/ExternalRefType/socialMedia": "spdx:Core/ExternalRefType/socialMedia", - "Core/ExternalRefType/sourceArtifact": "spdx:Core/ExternalRefType/sourceArtifact", - "Core/ExternalRefType/staticAnalysisReport": "spdx:Core/ExternalRefType/staticAnalysisReport", - "Core/ExternalRefType/support": "spdx:Core/ExternalRefType/support", - "Core/ExternalRefType/vcs": "spdx:Core/ExternalRefType/vcs", - "Core/ExternalRefType/vulnerabilityDisclosureReport": "spdx:Core/ExternalRefType/vulnerabilityDisclosureReport", - "Core/ExternalRefType/vulnerabilityExploitabilityAssessment": "spdx:Core/ExternalRefType/vulnerabilityExploitabilityAssessment", - "Core/HashAlgorithm/blake2b256": "spdx:Core/HashAlgorithm/blake2b256", - "Core/HashAlgorithm/blake2b384": "spdx:Core/HashAlgorithm/blake2b384", - "Core/HashAlgorithm/blake2b512": "spdx:Core/HashAlgorithm/blake2b512", - "Core/HashAlgorithm/blake3": "spdx:Core/HashAlgorithm/blake3", - "Core/HashAlgorithm/crystalsDilithium": "spdx:Core/HashAlgorithm/crystalsDilithium", - "Core/HashAlgorithm/crystalsKyber": "spdx:Core/HashAlgorithm/crystalsKyber", - "Core/HashAlgorithm/falcon": "spdx:Core/HashAlgorithm/falcon", - "Core/HashAlgorithm/md2": "spdx:Core/HashAlgorithm/md2", - "Core/HashAlgorithm/md4": "spdx:Core/HashAlgorithm/md4", - "Core/HashAlgorithm/md5": "spdx:Core/HashAlgorithm/md5", - "Core/HashAlgorithm/md6": "spdx:Core/HashAlgorithm/md6", - "Core/HashAlgorithm/other": "spdx:Core/HashAlgorithm/other", - "Core/HashAlgorithm/sha1": "spdx:Core/HashAlgorithm/sha1", - "Core/HashAlgorithm/sha224": "spdx:Core/HashAlgorithm/sha224", - "Core/HashAlgorithm/sha256": "spdx:Core/HashAlgorithm/sha256", - "Core/HashAlgorithm/sha384": "spdx:Core/HashAlgorithm/sha384", - "Core/HashAlgorithm/sha3_224": "spdx:Core/HashAlgorithm/sha3_224", - "Core/HashAlgorithm/sha3_256": "spdx:Core/HashAlgorithm/sha3_256", - "Core/HashAlgorithm/sha3_384": "spdx:Core/HashAlgorithm/sha3_384", - "Core/HashAlgorithm/sha3_512": "spdx:Core/HashAlgorithm/sha3_512", - "Core/HashAlgorithm/sha512": "spdx:Core/HashAlgorithm/sha512", - "Core/LifecycleScopeType/build": "spdx:Core/LifecycleScopeType/build", - "Core/LifecycleScopeType/design": "spdx:Core/LifecycleScopeType/design", - "Core/LifecycleScopeType/development": "spdx:Core/LifecycleScopeType/development", - "Core/LifecycleScopeType/other": "spdx:Core/LifecycleScopeType/other", - "Core/LifecycleScopeType/runtime": "spdx:Core/LifecycleScopeType/runtime", - "Core/LifecycleScopeType/test": "spdx:Core/LifecycleScopeType/test", - "Core/PresenceType/no": "spdx:Core/PresenceType/no", - "Core/PresenceType/noAssertion": "spdx:Core/PresenceType/noAssertion", - "Core/PresenceType/yes": "spdx:Core/PresenceType/yes", - "Core/ProfileIdentifierType/ai": "spdx:Core/ProfileIdentifierType/ai", - "Core/ProfileIdentifierType/build": "spdx:Core/ProfileIdentifierType/build", - "Core/ProfileIdentifierType/core": "spdx:Core/ProfileIdentifierType/core", - "Core/ProfileIdentifierType/dataset": "spdx:Core/ProfileIdentifierType/dataset", - "Core/ProfileIdentifierType/expandedLicensing": "spdx:Core/ProfileIdentifierType/expandedLicensing", - "Core/ProfileIdentifierType/extension": "spdx:Core/ProfileIdentifierType/extension", - "Core/ProfileIdentifierType/security": "spdx:Core/ProfileIdentifierType/security", - "Core/ProfileIdentifierType/simpleLicensing": "spdx:Core/ProfileIdentifierType/simpleLicensing", - "Core/ProfileIdentifierType/software": "spdx:Core/ProfileIdentifierType/software", - "Core/ProfileIdentifierType/usage": "spdx:Core/ProfileIdentifierType/usage", - "Core/RelationshipCompleteness/complete": "spdx:Core/RelationshipCompleteness/complete", - "Core/RelationshipCompleteness/incomplete": "spdx:Core/RelationshipCompleteness/incomplete", - "Core/RelationshipCompleteness/noAssertion": "spdx:Core/RelationshipCompleteness/noAssertion", - "Core/RelationshipType/affects": "spdx:Core/RelationshipType/affects", - "Core/RelationshipType/amendedBy": "spdx:Core/RelationshipType/amendedBy", - "Core/RelationshipType/ancestorOf": "spdx:Core/RelationshipType/ancestorOf", - "Core/RelationshipType/availableFrom": "spdx:Core/RelationshipType/availableFrom", - "Core/RelationshipType/configures": "spdx:Core/RelationshipType/configures", - "Core/RelationshipType/contains": "spdx:Core/RelationshipType/contains", - "Core/RelationshipType/coordinatedBy": "spdx:Core/RelationshipType/coordinatedBy", - "Core/RelationshipType/copiedTo": "spdx:Core/RelationshipType/copiedTo", - "Core/RelationshipType/delegatedTo": "spdx:Core/RelationshipType/delegatedTo", - "Core/RelationshipType/dependsOn": "spdx:Core/RelationshipType/dependsOn", - "Core/RelationshipType/descendantOf": "spdx:Core/RelationshipType/descendantOf", - "Core/RelationshipType/describes": "spdx:Core/RelationshipType/describes", - "Core/RelationshipType/doesNotAffect": "spdx:Core/RelationshipType/doesNotAffect", - "Core/RelationshipType/expandsTo": "spdx:Core/RelationshipType/expandsTo", - "Core/RelationshipType/exploitCreatedBy": "spdx:Core/RelationshipType/exploitCreatedBy", - "Core/RelationshipType/fixedBy": "spdx:Core/RelationshipType/fixedBy", - "Core/RelationshipType/fixedIn": "spdx:Core/RelationshipType/fixedIn", - "Core/RelationshipType/foundBy": "spdx:Core/RelationshipType/foundBy", - "Core/RelationshipType/generates": "spdx:Core/RelationshipType/generates", - "Core/RelationshipType/hasAddedFile": "spdx:Core/RelationshipType/hasAddedFile", - "Core/RelationshipType/hasAssessmentFor": "spdx:Core/RelationshipType/hasAssessmentFor", - "Core/RelationshipType/hasAssociatedVulnerability": "spdx:Core/RelationshipType/hasAssociatedVulnerability", - "Core/RelationshipType/hasConcludedLicense": "spdx:Core/RelationshipType/hasConcludedLicense", - "Core/RelationshipType/hasDataFile": "spdx:Core/RelationshipType/hasDataFile", - "Core/RelationshipType/hasDeclaredLicense": "spdx:Core/RelationshipType/hasDeclaredLicense", - "Core/RelationshipType/hasDeletedFile": "spdx:Core/RelationshipType/hasDeletedFile", - "Core/RelationshipType/hasDependencyManifest": "spdx:Core/RelationshipType/hasDependencyManifest", - "Core/RelationshipType/hasDistributionArtifact": "spdx:Core/RelationshipType/hasDistributionArtifact", - "Core/RelationshipType/hasDocumentation": "spdx:Core/RelationshipType/hasDocumentation", - "Core/RelationshipType/hasDynamicLink": "spdx:Core/RelationshipType/hasDynamicLink", - "Core/RelationshipType/hasEvidence": "spdx:Core/RelationshipType/hasEvidence", - "Core/RelationshipType/hasExample": "spdx:Core/RelationshipType/hasExample", - "Core/RelationshipType/hasHost": "spdx:Core/RelationshipType/hasHost", - "Core/RelationshipType/hasInputs": "spdx:Core/RelationshipType/hasInputs", - "Core/RelationshipType/hasMetadata": "spdx:Core/RelationshipType/hasMetadata", - "Core/RelationshipType/hasOptionalComponent": "spdx:Core/RelationshipType/hasOptionalComponent", - "Core/RelationshipType/hasOptionalDependency": "spdx:Core/RelationshipType/hasOptionalDependency", - "Core/RelationshipType/hasOutputs": "spdx:Core/RelationshipType/hasOutputs", - "Core/RelationshipType/hasPrerequsite": "spdx:Core/RelationshipType/hasPrerequsite", - "Core/RelationshipType/hasProvidedDependency": "spdx:Core/RelationshipType/hasProvidedDependency", - "Core/RelationshipType/hasRequirement": "spdx:Core/RelationshipType/hasRequirement", - "Core/RelationshipType/hasSpecification": "spdx:Core/RelationshipType/hasSpecification", - "Core/RelationshipType/hasStaticLink": "spdx:Core/RelationshipType/hasStaticLink", - "Core/RelationshipType/hasTest": "spdx:Core/RelationshipType/hasTest", - "Core/RelationshipType/hasTestCase": "spdx:Core/RelationshipType/hasTestCase", - "Core/RelationshipType/hasVariant": "spdx:Core/RelationshipType/hasVariant", - "Core/RelationshipType/invokedBy": "spdx:Core/RelationshipType/invokedBy", - "Core/RelationshipType/modifiedBy": "spdx:Core/RelationshipType/modifiedBy", - "Core/RelationshipType/other": "spdx:Core/RelationshipType/other", - "Core/RelationshipType/packagedBy": "spdx:Core/RelationshipType/packagedBy", - "Core/RelationshipType/patchedBy": "spdx:Core/RelationshipType/patchedBy", - "Core/RelationshipType/publishedBy": "spdx:Core/RelationshipType/publishedBy", - "Core/RelationshipType/reportedBy": "spdx:Core/RelationshipType/reportedBy", - "Core/RelationshipType/republishedBy": "spdx:Core/RelationshipType/republishedBy", - "Core/RelationshipType/serializedInArtifact": "spdx:Core/RelationshipType/serializedInArtifact", - "Core/RelationshipType/testedOn": "spdx:Core/RelationshipType/testedOn", - "Core/RelationshipType/trainedOn": "spdx:Core/RelationshipType/trainedOn", - "Core/RelationshipType/underInvestigationFor": "spdx:Core/RelationshipType/underInvestigationFor", - "Core/RelationshipType/usesTool": "spdx:Core/RelationshipType/usesTool", - "Core/SupportType/development": "spdx:Core/SupportType/development", - "Core/SupportType/endOfSupport": "spdx:Core/SupportType/endOfSupport", - "Core/SupportType/limitedSupport": "spdx:Core/SupportType/limitedSupport", - "Core/SupportType/noAssertion": "spdx:Core/SupportType/noAssertion", - "Core/SupportType/noSupport": "spdx:Core/SupportType/noSupport", - "Core/SupportType/support": "spdx:Core/SupportType/support", - "Core/spdxId": "spdx:Core/spdxId", - "CreationInfo": "spdx:Core/CreationInfo", - "CustomLicense": "spdx:ExpandedLicensing/CustomLicense", - "CustomLicenseAddition": "spdx:ExpandedLicensing/CustomLicenseAddition", - "CvssSeverityType": "spdx:Security/CvssSeverityType", - "CvssV2VulnAssessmentRelationship": "spdx:Security/CvssV2VulnAssessmentRelationship", - "CvssV3VulnAssessmentRelationship": "spdx:Security/CvssV3VulnAssessmentRelationship", - "CvssV4VulnAssessmentRelationship": "spdx:Security/CvssV4VulnAssessmentRelationship", - "Dataset": "spdx:Dataset/Dataset", - "Dataset/ConfidentialityLevelType/amber": "spdx:Dataset/ConfidentialityLevelType/amber", - "Dataset/ConfidentialityLevelType/clear": "spdx:Dataset/ConfidentialityLevelType/clear", - "Dataset/ConfidentialityLevelType/green": "spdx:Dataset/ConfidentialityLevelType/green", - "Dataset/ConfidentialityLevelType/red": "spdx:Dataset/ConfidentialityLevelType/red", - "Dataset/DatasetAvailabilityType/clickthrough": "spdx:Dataset/DatasetAvailabilityType/clickthrough", - "Dataset/DatasetAvailabilityType/directDownload": "spdx:Dataset/DatasetAvailabilityType/directDownload", - "Dataset/DatasetAvailabilityType/query": "spdx:Dataset/DatasetAvailabilityType/query", - "Dataset/DatasetAvailabilityType/registration": "spdx:Dataset/DatasetAvailabilityType/registration", - "Dataset/DatasetAvailabilityType/scrapingScript": "spdx:Dataset/DatasetAvailabilityType/scrapingScript", - "Dataset/DatasetType/audio": "spdx:Dataset/DatasetType/audio", - "Dataset/DatasetType/categorical": "spdx:Dataset/DatasetType/categorical", - "Dataset/DatasetType/graph": "spdx:Dataset/DatasetType/graph", - "Dataset/DatasetType/image": "spdx:Dataset/DatasetType/image", - "Dataset/DatasetType/noAssertion": "spdx:Dataset/DatasetType/noAssertion", - "Dataset/DatasetType/numeric": "spdx:Dataset/DatasetType/numeric", - "Dataset/DatasetType/other": "spdx:Dataset/DatasetType/other", - "Dataset/DatasetType/sensor": "spdx:Dataset/DatasetType/sensor", - "Dataset/DatasetType/structured": "spdx:Dataset/DatasetType/structured", - "Dataset/DatasetType/syntactic": "spdx:Dataset/DatasetType/syntactic", - "Dataset/DatasetType/text": "spdx:Dataset/DatasetType/text", - "Dataset/DatasetType/timeseries": "spdx:Dataset/DatasetType/timeseries", - "Dataset/DatasetType/timestamp": "spdx:Dataset/DatasetType/timestamp", - "Dataset/DatasetType/video": "spdx:Dataset/DatasetType/video", - "Dataset/sensitivePersonalInformation": { + "Agent": "https://rdf.spdx.org/v3/Core/Agent", + "Annotation": "https://rdf.spdx.org/v3/Core/Annotation", + "AnnotationType": "https://rdf.spdx.org/v3/Core/AnnotationType", + "Artifact": "https://rdf.spdx.org/v3/Core/Artifact", + "Bom": "https://rdf.spdx.org/v3/Core/Bom", + "Bundle": "https://rdf.spdx.org/v3/Core/Bundle", + "CreationInfo": "https://rdf.spdx.org/v3/Core/CreationInfo", + "DictionaryEntry": "https://rdf.spdx.org/v3/Core/DictionaryEntry", + "Element": "https://rdf.spdx.org/v3/Core/Element", + "ElementCollection": "https://rdf.spdx.org/v3/Core/ElementCollection", + "ExternalIdentifier": "https://rdf.spdx.org/v3/Core/ExternalIdentifier", + "ExternalIdentifierType": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType", + "ExternalMap": "https://rdf.spdx.org/v3/Core/ExternalMap", + "ExternalRef": "https://rdf.spdx.org/v3/Core/ExternalRef", + "ExternalRefType": "https://rdf.spdx.org/v3/Core/ExternalRefType", + "Hash": "https://rdf.spdx.org/v3/Core/Hash", + "HashAlgorithm": "https://rdf.spdx.org/v3/Core/HashAlgorithm", + "IntegrityMethod": "https://rdf.spdx.org/v3/Core/IntegrityMethod", + "LifecycleScopeType": "https://rdf.spdx.org/v3/Core/LifecycleScopeType", + "LifecycleScopedRelationship": "https://rdf.spdx.org/v3/Core/LifecycleScopedRelationship", + "NamespaceMap": "https://rdf.spdx.org/v3/Core/NamespaceMap", + "Organization": "https://rdf.spdx.org/v3/Core/Organization", + "PackageVerificationCode": "https://rdf.spdx.org/v3/Core/PackageVerificationCode", + "Person": "https://rdf.spdx.org/v3/Core/Person", + "PositiveIntegerRange": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange", + "PresenceType": "https://rdf.spdx.org/v3/Core/PresenceType", + "ProfileIdentifierType": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType", + "Relationship": "https://rdf.spdx.org/v3/Core/Relationship", + "RelationshipCompleteness": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness", + "RelationshipType": "https://rdf.spdx.org/v3/Core/RelationshipType", + "SoftwareAgent": "https://rdf.spdx.org/v3/Core/SoftwareAgent", + "SpdxDocument": "https://rdf.spdx.org/v3/Core/SpdxDocument", + "SupportType": "https://rdf.spdx.org/v3/Core/SupportType", + "Tool": "https://rdf.spdx.org/v3/Core/Tool", + "ai_AIPackage": "https://rdf.spdx.org/v3/AI/AIPackage", + "ai_SafetyRiskAssessmentType": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType", + "ai_autonomyType": { "@context": { - "@vocab": "spdx:Core/PresenceType/" + "@vocab": "https://rdf.spdx.org/v3/Core/PresenceType/" }, - "@id": "spdx:Dataset/sensitivePersonalInformation", + "@id": "https://rdf.spdx.org/v3/AI/autonomyType", "@type": "@vocab" }, - "DatasetAvailabilityType": "spdx:Dataset/DatasetAvailabilityType", - "DatasetType": "spdx:Dataset/DatasetType", - "DictionaryEntry": "spdx:Core/DictionaryEntry", - "DisjunctiveLicenseSet": "spdx:ExpandedLicensing/DisjunctiveLicenseSet", - "Element": "spdx:Core/Element", - "ElementCollection": "spdx:Core/ElementCollection", - "EpssVulnAssessmentRelationship": "spdx:Security/EpssVulnAssessmentRelationship", - "ExpandedLicensing/NoAssertionLicense": "spdx:ExpandedLicensing/NoAssertionLicense", - "ExpandedLicensing/NoneLicense": "spdx:ExpandedLicensing/NoneLicense", - "ExploitCatalogType": "spdx:Security/ExploitCatalogType", - "ExploitCatalogVulnAssessmentRelationship": "spdx:Security/ExploitCatalogVulnAssessmentRelationship", - "ExtendableLicense": "spdx:ExpandedLicensing/ExtendableLicense", - "Extension": "spdx:Extension/Extension", - "ExternalIdentifier": "spdx:Core/ExternalIdentifier", - "ExternalIdentifierType": "spdx:Core/ExternalIdentifierType", - "ExternalMap": "spdx:Core/ExternalMap", - "ExternalRef": "spdx:Core/ExternalRef", - "ExternalRefType": "spdx:Core/ExternalRefType", - "File": "spdx:Software/File", - "Hash": "spdx:Core/Hash", - "HashAlgorithm": "spdx:Core/HashAlgorithm", - "IndividualLicensingInfo": "spdx:ExpandedLicensing/IndividualLicensingInfo", - "IntegrityMethod": "spdx:Core/IntegrityMethod", - "License": "spdx:ExpandedLicensing/License", - "LicenseAddition": "spdx:ExpandedLicensing/LicenseAddition", - "LicenseExpression": "spdx:SimpleLicensing/LicenseExpression", - "LifecycleScopeType": "spdx:Core/LifecycleScopeType", - "LifecycleScopedRelationship": "spdx:Core/LifecycleScopedRelationship", - "ListedLicense": "spdx:ExpandedLicensing/ListedLicense", - "ListedLicenseException": "spdx:ExpandedLicensing/ListedLicenseException", - "NamespaceMap": "spdx:Core/NamespaceMap", - "OrLaterOperator": "spdx:ExpandedLicensing/OrLaterOperator", - "Organization": "spdx:Core/Organization", - "Package": "spdx:Software/Package", - "PackageVerificationCode": "spdx:Core/PackageVerificationCode", - "Person": "spdx:Core/Person", - "PositiveIntegerRange": "spdx:Core/PositiveIntegerRange", - "PresenceType": "spdx:Core/PresenceType", - "ProfileIdentifierType": "spdx:Core/ProfileIdentifierType", - "Relationship": "spdx:Core/Relationship", - "RelationshipCompleteness": "spdx:Core/RelationshipCompleteness", - "RelationshipType": "spdx:Core/RelationshipType", - "SafetyRiskAssessmentType": "spdx:AI/SafetyRiskAssessmentType", - "Sbom": "spdx:Software/Sbom", - "SbomType": "spdx:Software/SbomType", - "Security/CvssSeverityType/critical": "spdx:Security/CvssSeverityType/critical", - "Security/CvssSeverityType/high": "spdx:Security/CvssSeverityType/high", - "Security/CvssSeverityType/low": "spdx:Security/CvssSeverityType/low", - "Security/CvssSeverityType/medium": "spdx:Security/CvssSeverityType/medium", - "Security/CvssSeverityType/none": "spdx:Security/CvssSeverityType/none", - "Security/ExploitCatalogType/kev": "spdx:Security/ExploitCatalogType/kev", - "Security/ExploitCatalogType/other": "spdx:Security/ExploitCatalogType/other", - "Security/SsvcDecisionType/act": "spdx:Security/SsvcDecisionType/act", - "Security/SsvcDecisionType/attend": "spdx:Security/SsvcDecisionType/attend", - "Security/SsvcDecisionType/track": "spdx:Security/SsvcDecisionType/track", - "Security/SsvcDecisionType/trackStar": "spdx:Security/SsvcDecisionType/trackStar", - "Security/VexJustificationType/componentNotPresent": "spdx:Security/VexJustificationType/componentNotPresent", - "Security/VexJustificationType/inlineMitigationsAlreadyExist": "spdx:Security/VexJustificationType/inlineMitigationsAlreadyExist", - "Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary": "spdx:Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", - "Security/VexJustificationType/vulnerableCodeNotInExecutePath": "spdx:Security/VexJustificationType/vulnerableCodeNotInExecutePath", - "Security/VexJustificationType/vulnerableCodeNotPresent": "spdx:Security/VexJustificationType/vulnerableCodeNotPresent", - "Security/locator": "spdx:Security/locator", - "SimpleLicensingText": "spdx:SimpleLicensing/SimpleLicensingText", - "Snippet": "spdx:Software/Snippet", - "Software/SbomType/analyzed": "spdx:Software/SbomType/analyzed", - "Software/SbomType/build": "spdx:Software/SbomType/build", - "Software/SbomType/deployed": "spdx:Software/SbomType/deployed", - "Software/SbomType/design": "spdx:Software/SbomType/design", - "Software/SbomType/runtime": "spdx:Software/SbomType/runtime", - "Software/SbomType/source": "spdx:Software/SbomType/source", - "Software/SoftwarePurpose/application": "spdx:Software/SoftwarePurpose/application", - "Software/SoftwarePurpose/archive": "spdx:Software/SoftwarePurpose/archive", - "Software/SoftwarePurpose/bom": "spdx:Software/SoftwarePurpose/bom", - "Software/SoftwarePurpose/configuration": "spdx:Software/SoftwarePurpose/configuration", - "Software/SoftwarePurpose/container": "spdx:Software/SoftwarePurpose/container", - "Software/SoftwarePurpose/data": "spdx:Software/SoftwarePurpose/data", - "Software/SoftwarePurpose/device": "spdx:Software/SoftwarePurpose/device", - "Software/SoftwarePurpose/deviceDriver": "spdx:Software/SoftwarePurpose/deviceDriver", - "Software/SoftwarePurpose/diskImage": "spdx:Software/SoftwarePurpose/diskImage", - "Software/SoftwarePurpose/documentation": "spdx:Software/SoftwarePurpose/documentation", - "Software/SoftwarePurpose/evidence": "spdx:Software/SoftwarePurpose/evidence", - "Software/SoftwarePurpose/executable": "spdx:Software/SoftwarePurpose/executable", - "Software/SoftwarePurpose/file": "spdx:Software/SoftwarePurpose/file", - "Software/SoftwarePurpose/filesystemImage": "spdx:Software/SoftwarePurpose/filesystemImage", - "Software/SoftwarePurpose/firmware": "spdx:Software/SoftwarePurpose/firmware", - "Software/SoftwarePurpose/framework": "spdx:Software/SoftwarePurpose/framework", - "Software/SoftwarePurpose/install": "spdx:Software/SoftwarePurpose/install", - "Software/SoftwarePurpose/library": "spdx:Software/SoftwarePurpose/library", - "Software/SoftwarePurpose/manifest": "spdx:Software/SoftwarePurpose/manifest", - "Software/SoftwarePurpose/model": "spdx:Software/SoftwarePurpose/model", - "Software/SoftwarePurpose/module": "spdx:Software/SoftwarePurpose/module", - "Software/SoftwarePurpose/operatingSystem": "spdx:Software/SoftwarePurpose/operatingSystem", - "Software/SoftwarePurpose/other": "spdx:Software/SoftwarePurpose/other", - "Software/SoftwarePurpose/patch": "spdx:Software/SoftwarePurpose/patch", - "Software/SoftwarePurpose/platform": "spdx:Software/SoftwarePurpose/platform", - "Software/SoftwarePurpose/requirement": "spdx:Software/SoftwarePurpose/requirement", - "Software/SoftwarePurpose/source": "spdx:Software/SoftwarePurpose/source", - "Software/SoftwarePurpose/specification": "spdx:Software/SoftwarePurpose/specification", - "Software/SoftwarePurpose/test": "spdx:Software/SoftwarePurpose/test", - "Software/contentType": "spdx:Software/contentType", - "SoftwareAgent": "spdx:Core/SoftwareAgent", - "SoftwareArtifact": "spdx:Software/SoftwareArtifact", - "SoftwarePurpose": "spdx:Software/SoftwarePurpose", - "SpdxDocument": "spdx:Core/SpdxDocument", - "SsvcDecisionType": "spdx:Security/SsvcDecisionType", - "SsvcVulnAssessmentRelationship": "spdx:Security/SsvcVulnAssessmentRelationship", - "SupportType": "spdx:Core/SupportType", - "Tool": "spdx:Core/Tool", - "VexAffectedVulnAssessmentRelationship": "spdx:Security/VexAffectedVulnAssessmentRelationship", - "VexFixedVulnAssessmentRelationship": "spdx:Security/VexFixedVulnAssessmentRelationship", - "VexJustificationType": "spdx:Security/VexJustificationType", - "VexNotAffectedVulnAssessmentRelationship": "spdx:Security/VexNotAffectedVulnAssessmentRelationship", - "VexUnderInvestigationVulnAssessmentRelationship": "spdx:Security/VexUnderInvestigationVulnAssessmentRelationship", - "VexVulnAssessmentRelationship": "spdx:Security/VexVulnAssessmentRelationship", - "VulnAssessmentRelationship": "spdx:Security/VulnAssessmentRelationship", - "Vulnerability": "spdx:Security/Vulnerability", - "WithAdditionOperator": "spdx:ExpandedLicensing/WithAdditionOperator", - "actionStatement": "spdx:Security/actionStatement", - "actionStatementTime": "spdx:Security/actionStatementTime", - "additionText": "spdx:ExpandedLicensing/additionText", - "additionalPurpose": { - "@context": { - "@vocab": "spdx:Software/SoftwarePurpose/" - }, - "@id": "spdx:Software/additionalPurpose", - "@type": "@vocab" + "ai_domain": "https://rdf.spdx.org/v3/AI/domain", + "ai_energyConsumption": "https://rdf.spdx.org/v3/AI/energyConsumption", + "ai_hyperparameter": { + "@id": "https://rdf.spdx.org/v3/AI/hyperparameter", + "@type": "@id" }, - "algorithm": { + "ai_informationAboutApplication": "https://rdf.spdx.org/v3/AI/informationAboutApplication", + "ai_informationAboutTraining": "https://rdf.spdx.org/v3/AI/informationAboutTraining", + "ai_limitation": "https://rdf.spdx.org/v3/AI/limitation", + "ai_metric": { + "@id": "https://rdf.spdx.org/v3/AI/metric", + "@type": "@id" + }, + "ai_metricDecisionThreshold": { + "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold", + "@type": "@id" + }, + "ai_modelDataPreprocessing": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing", + "ai_modelExplainability": "https://rdf.spdx.org/v3/AI/modelExplainability", + "ai_safetyRiskAssessment": { "@context": { - "@vocab": "spdx:Core/HashAlgorithm/" + "@vocab": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/" }, - "@id": "spdx:Core/algorithm", + "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment", "@type": "@vocab" }, - "annotationType": { + "ai_sensitivePersonalInformation": { "@context": { - "@vocab": "spdx:Core/AnnotationType/" + "@vocab": "https://rdf.spdx.org/v3/Core/PresenceType/" }, - "@id": "spdx:Core/annotationType", + "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation", "@type": "@vocab" }, - "anonymizationMethodUsed": "spdx:Dataset/anonymizationMethodUsed", - "assessedElement": "spdx:Security/assessedElement", - "attributionText": "spdx:Software/attributionText", - "autonomyType": { + "ai_standardCompliance": "https://rdf.spdx.org/v3/AI/standardCompliance", + "ai_typeOfModel": "https://rdf.spdx.org/v3/AI/typeOfModel", + "algorithm": { "@context": { - "@vocab": "spdx:Core/PresenceType/" + "@vocab": "https://rdf.spdx.org/v3/Core/HashAlgorithm/" }, - "@id": "spdx:AI/autonomyType", + "@id": "https://rdf.spdx.org/v3/Core/algorithm", "@type": "@vocab" }, - "beginIntegerRange": "spdx:Core/beginIntegerRange", - "buildEndTime": "spdx:Build/buildEndTime", - "buildId": "spdx:Build/buildId", - "buildStartTime": "spdx:Build/buildStartTime", - "buildType": "spdx:Build/buildType", - "builtTime": "spdx:Core/builtTime", - "byteRange": "spdx:Software/byteRange", - "catalogType": { + "annotationType": { "@context": { - "@vocab": "spdx:Security/ExploitCatalogType/" + "@vocab": "https://rdf.spdx.org/v3/Core/AnnotationType/" }, - "@id": "spdx:Security/catalogType", + "@id": "https://rdf.spdx.org/v3/Core/annotationType", "@type": "@vocab" }, - "comment": "spdx:Core/comment", + "beginIntegerRange": "https://rdf.spdx.org/v3/Core/beginIntegerRange", + "build_Build": "https://rdf.spdx.org/v3/Build/Build", + "build_buildEndTime": "https://rdf.spdx.org/v3/Build/buildEndTime", + "build_buildId": "https://rdf.spdx.org/v3/Build/buildId", + "build_buildStartTime": "https://rdf.spdx.org/v3/Build/buildStartTime", + "build_buildType": "https://rdf.spdx.org/v3/Build/buildType", + "build_configSourceDigest": { + "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest", + "@type": "@id" + }, + "build_configSourceEntrypoint": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint", + "build_configSourceUri": "https://rdf.spdx.org/v3/Build/configSourceUri", + "build_environment": { + "@id": "https://rdf.spdx.org/v3/Build/environment", + "@type": "@id" + }, + "build_parameters": { + "@id": "https://rdf.spdx.org/v3/Build/parameters", + "@type": "@id" + }, + "builtTime": "https://rdf.spdx.org/v3/Core/builtTime", + "comment": "https://rdf.spdx.org/v3/Core/comment", "completeness": { "@context": { - "@vocab": "spdx:Core/RelationshipCompleteness/" + "@vocab": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/" }, - "@id": "spdx:Core/completeness", + "@id": "https://rdf.spdx.org/v3/Core/completeness", "@type": "@vocab" }, - "confidentialityLevel": { + "contentType": "https://rdf.spdx.org/v3/Core/contentType", + "context": "https://rdf.spdx.org/v3/Core/context", + "created": "https://rdf.spdx.org/v3/Core/created", + "createdBy": { + "@id": "https://rdf.spdx.org/v3/Core/createdBy", + "@type": "@id" + }, + "createdUsing": { + "@id": "https://rdf.spdx.org/v3/Core/createdUsing", + "@type": "@id" + }, + "creationInfo": { + "@id": "https://rdf.spdx.org/v3/Core/creationInfo", + "@type": "@id" + }, + "dataLicense": { + "@id": "https://rdf.spdx.org/v3/Core/dataLicense", + "@type": "@id" + }, + "dataset_ConfidentialityLevelType": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType", + "dataset_Dataset": "https://rdf.spdx.org/v3/Dataset/Dataset", + "dataset_DatasetAvailabilityType": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType", + "dataset_DatasetType": "https://rdf.spdx.org/v3/Dataset/DatasetType", + "dataset_anonymizationMethodUsed": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed", + "dataset_confidentialityLevel": { "@context": { - "@vocab": "spdx:Dataset/ConfidentialityLevelType/" + "@vocab": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/" }, - "@id": "spdx:Dataset/confidentialityLevel", + "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel", "@type": "@vocab" }, - "configSourceDigest": "spdx:Build/configSourceDigest", - "configSourceEntrypoint": "spdx:Build/configSourceEntrypoint", - "configSourceUri": "spdx:Build/configSourceUri", - "contentType": "spdx:Core/contentType", - "context": "spdx:Core/context", - "copyrightText": "spdx:Software/copyrightText", - "created": "spdx:Core/created", - "createdBy": "spdx:Core/createdBy", - "createdUsing": "spdx:Core/createdUsing", - "creationInfo": "spdx:Core/creationInfo", - "customIdToUri": "spdx:SimpleLicensing/customIdToUri", - "dataCollectionProcess": "spdx:Dataset/dataCollectionProcess", - "dataLicense": "spdx:Core/dataLicense", - "dataPreprocessing": "spdx:Dataset/dataPreprocessing", - "datasetAvailability": { + "dataset_dataCollectionProcess": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess", + "dataset_dataPreprocessing": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing", + "dataset_datasetAvailability": { "@context": { - "@vocab": "spdx:Dataset/DatasetAvailabilityType/" + "@vocab": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/" }, - "@id": "spdx:Dataset/datasetAvailability", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability", "@type": "@vocab" }, - "datasetNoise": "spdx:Dataset/datasetNoise", - "datasetSize": "spdx:Dataset/datasetSize", - "datasetType": { + "dataset_datasetNoise": "https://rdf.spdx.org/v3/Dataset/datasetNoise", + "dataset_datasetSize": "https://rdf.spdx.org/v3/Dataset/datasetSize", + "dataset_datasetType": { "@context": { - "@vocab": "spdx:Dataset/DatasetType/" + "@vocab": "https://rdf.spdx.org/v3/Dataset/DatasetType/" }, - "@id": "spdx:Dataset/datasetType", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetType", "@type": "@vocab" }, - "datasetUpdateMechanism": "spdx:Dataset/datasetUpdateMechanism", - "decisionType": { + "dataset_datasetUpdateMechanism": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism", + "dataset_intendedUse": "https://rdf.spdx.org/v3/Dataset/intendedUse", + "dataset_knownBias": "https://rdf.spdx.org/v3/Dataset/knownBias", + "dataset_sensitivePersonalInformation": { "@context": { - "@vocab": "spdx:Security/SsvcDecisionType/" + "@vocab": "https://rdf.spdx.org/v3/Core/PresenceType/" }, - "@id": "spdx:Security/decisionType", + "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation", "@type": "@vocab" }, - "definingArtifact": "spdx:Core/definingArtifact", - "deprecatedVersion": "spdx:ExpandedLicensing/deprecatedVersion", - "description": "spdx:Core/description", - "domain": "spdx:AI/domain", - "downloadLocation": "spdx:Software/downloadLocation", - "element": "spdx:Core/element", - "endIntegerRange": "spdx:Core/endIntegerRange", - "endTime": "spdx:Core/endTime", - "energyConsumption": "spdx:AI/energyConsumption", - "environment": "spdx:Build/environment", - "exploited": "spdx:Security/exploited", - "extension": "spdx:Core/extension", - "externalIdentifier": "spdx:Core/externalIdentifier", + "dataset_sensor": { + "@id": "https://rdf.spdx.org/v3/Dataset/sensor", + "@type": "@id" + }, + "definingArtifact": { + "@id": "https://rdf.spdx.org/v3/Core/definingArtifact", + "@type": "@id" + }, + "description": "https://rdf.spdx.org/v3/Core/description", + "element": { + "@id": "https://rdf.spdx.org/v3/Core/element", + "@type": "@id" + }, + "endIntegerRange": "https://rdf.spdx.org/v3/Core/endIntegerRange", + "endTime": "https://rdf.spdx.org/v3/Core/endTime", + "expandedlicensing_ConjunctiveLicenseSet": "https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet", + "expandedlicensing_CustomLicense": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense", + "expandedlicensing_CustomLicenseAddition": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition", + "expandedlicensing_DisjunctiveLicenseSet": "https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet", + "expandedlicensing_ExtendableLicense": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense", + "expandedlicensing_IndividualLicensingInfo": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo", + "expandedlicensing_License": "https://rdf.spdx.org/v3/ExpandedLicensing/License", + "expandedlicensing_LicenseAddition": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition", + "expandedlicensing_ListedLicense": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense", + "expandedlicensing_ListedLicenseException": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException", + "expandedlicensing_OrLaterOperator": "https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator", + "expandedlicensing_WithAdditionOperator": "https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator", + "expandedlicensing_additionText": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText", + "expandedlicensing_deprecatedVersion": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion", + "expandedlicensing_isDeprecatedAdditionId": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId", + "expandedlicensing_isDeprecatedLicenseId": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId", + "expandedlicensing_isFsfLibre": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre", + "expandedlicensing_isOsiApproved": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved", + "expandedlicensing_licenseXml": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml", + "expandedlicensing_listVersionAdded": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded", + "expandedlicensing_member": { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member", + "@type": "@id" + }, + "expandedlicensing_obsoletedBy": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy", + "expandedlicensing_seeAlso": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso", + "expandedlicensing_standardAdditionTemplate": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate", + "expandedlicensing_standardLicenseHeader": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader", + "expandedlicensing_standardLicenseTemplate": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate", + "expandedlicensing_subjectAddition": { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition", + "@type": "@id" + }, + "expandedlicensing_subjectExtendableLicense": { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense", + "@type": "@id" + }, + "expandedlicensing_subjectLicense": { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense", + "@type": "@id" + }, + "extension": { + "@id": "https://rdf.spdx.org/v3/Core/extension", + "@type": "@id" + }, + "extension_Extension": "https://rdf.spdx.org/v3/Extension/Extension", + "externalIdentifier": { + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier", + "@type": "@id" + }, "externalIdentifierType": { "@context": { - "@vocab": "spdx:Core/ExternalIdentifierType/" + "@vocab": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/" }, - "@id": "spdx:Core/externalIdentifierType", + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType", "@type": "@vocab" }, - "externalRef": "spdx:Core/externalRef", + "externalRef": { + "@id": "https://rdf.spdx.org/v3/Core/externalRef", + "@type": "@id" + }, "externalRefType": { "@context": { - "@vocab": "spdx:Core/ExternalRefType/" + "@vocab": "https://rdf.spdx.org/v3/Core/ExternalRefType/" }, - "@id": "spdx:Core/externalRefType", + "@id": "https://rdf.spdx.org/v3/Core/externalRefType", "@type": "@vocab" }, - "externalSpdxId": "spdx:Core/externalSpdxId", - "from": "spdx:Core/from", - "gitoid": "spdx:Software/gitoid", - "hashValue": "spdx:Core/hashValue", - "homePage": "spdx:Software/homePage", - "hyperparameter": "spdx:AI/hyperparameter", - "identifier": "spdx:Core/identifier", - "identifierLocator": "spdx:Core/identifierLocator", - "impactStatement": "spdx:Security/impactStatement", - "impactStatementTime": "spdx:Security/impactStatementTime", - "imports": "spdx:Core/imports", - "informationAboutApplication": "spdx:AI/informationAboutApplication", - "informationAboutTraining": "spdx:AI/informationAboutTraining", - "intendedUse": "spdx:Dataset/intendedUse", - "isDeprecatedAdditionId": "spdx:ExpandedLicensing/isDeprecatedAdditionId", - "isDeprecatedLicenseId": "spdx:ExpandedLicensing/isDeprecatedLicenseId", - "isDirectory": "spdx:Software/isDirectory", - "isFsfLibre": "spdx:ExpandedLicensing/isFsfLibre", - "isOsiApproved": "spdx:ExpandedLicensing/isOsiApproved", - "issuingAuthority": "spdx:Core/issuingAuthority", - "justificationType": { + "externalSpdxId": "https://rdf.spdx.org/v3/Core/externalSpdxId", + "from": { + "@id": "https://rdf.spdx.org/v3/Core/from", + "@type": "@id" + }, + "hashValue": "https://rdf.spdx.org/v3/Core/hashValue", + "identifier": "https://rdf.spdx.org/v3/Core/identifier", + "identifierLocator": "https://rdf.spdx.org/v3/Core/identifierLocator", + "imports": { + "@id": "https://rdf.spdx.org/v3/Core/imports", + "@type": "@id" + }, + "issuingAuthority": "https://rdf.spdx.org/v3/Core/issuingAuthority", + "key": "https://rdf.spdx.org/v3/Core/key", + "locationHint": "https://rdf.spdx.org/v3/Core/locationHint", + "locator": "https://rdf.spdx.org/v3/Core/locator", + "name": "https://rdf.spdx.org/v3/Core/name", + "namespace": "https://rdf.spdx.org/v3/Core/namespace", + "namespaceMap": { + "@id": "https://rdf.spdx.org/v3/Core/namespaceMap", + "@type": "@id" + }, + "originatedBy": { + "@id": "https://rdf.spdx.org/v3/Core/originatedBy", + "@type": "@id" + }, + "packageVerificationCodeExcludedFile": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile", + "prefix": "https://rdf.spdx.org/v3/Core/prefix", + "profileConformance": { "@context": { - "@vocab": "spdx:Security/VexJustificationType/" + "@vocab": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/" }, - "@id": "spdx:Security/justificationType", + "@id": "https://rdf.spdx.org/v3/Core/profileConformance", "@type": "@vocab" }, - "key": "spdx:Core/key", - "knownBias": "spdx:Dataset/knownBias", - "licenseExpression": "spdx:SimpleLicensing/licenseExpression", - "licenseListVersion": "spdx:SimpleLicensing/licenseListVersion", - "licenseText": "spdx:SimpleLicensing/licenseText", - "licenseXml": "spdx:ExpandedLicensing/licenseXml", - "limitation": "spdx:AI/limitation", - "lineRange": "spdx:Software/lineRange", - "listVersionAdded": "spdx:ExpandedLicensing/listVersionAdded", - "locationHint": "spdx:Core/locationHint", - "locator": "spdx:Core/locator", - "member": "spdx:ExpandedLicensing/member", - "metric": "spdx:AI/metric", - "metricDecisionThreshold": "spdx:AI/metricDecisionThreshold", - "modelDataPreprocessing": "spdx:AI/modelDataPreprocessing", - "modelExplainability": "spdx:AI/modelExplainability", - "modifiedTime": "spdx:Security/modifiedTime", - "name": "spdx:Core/name", - "namespace": "spdx:Core/namespace", - "namespaceMap": "spdx:Core/namespaceMap", - "obsoletedBy": "spdx:ExpandedLicensing/obsoletedBy", - "originatedBy": "spdx:Core/originatedBy", - "packageUrl": "spdx:Software/packageUrl", - "packageVerificationCodeExcludedFile": "spdx:Core/packageVerificationCodeExcludedFile", - "packageVersion": "spdx:Software/packageVersion", - "parameters": "spdx:Build/parameters", - "percentile": "spdx:Security/percentile", - "prefix": "spdx:Core/prefix", - "primaryPurpose": { + "relationshipType": { "@context": { - "@vocab": "spdx:Software/SoftwarePurpose/" + "@vocab": "https://rdf.spdx.org/v3/Core/RelationshipType/" }, - "@id": "spdx:Software/primaryPurpose", + "@id": "https://rdf.spdx.org/v3/Core/relationshipType", "@type": "@vocab" }, - "probability": "spdx:Security/probability", - "profileConformance": { + "releaseTime": "https://rdf.spdx.org/v3/Core/releaseTime", + "rootElement": { + "@id": "https://rdf.spdx.org/v3/Core/rootElement", + "@type": "@id" + }, + "scope": { "@context": { - "@vocab": "spdx:Core/ProfileIdentifierType/" + "@vocab": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/" }, - "@id": "spdx:Core/profileConformance", + "@id": "https://rdf.spdx.org/v3/Core/scope", "@type": "@vocab" }, - "publishedTime": "spdx:Security/publishedTime", - "relationshipType": { + "security_CvssSeverityType": "https://rdf.spdx.org/v3/Security/CvssSeverityType", + "security_CvssV2VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship", + "security_CvssV3VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship", + "security_CvssV4VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship", + "security_EpssVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship", + "security_ExploitCatalogType": "https://rdf.spdx.org/v3/Security/ExploitCatalogType", + "security_ExploitCatalogVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship", + "security_SsvcDecisionType": "https://rdf.spdx.org/v3/Security/SsvcDecisionType", + "security_SsvcVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship", + "security_VexAffectedVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship", + "security_VexFixedVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship", + "security_VexJustificationType": "https://rdf.spdx.org/v3/Security/VexJustificationType", + "security_VexNotAffectedVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship", + "security_VexUnderInvestigationVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship", + "security_VexVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship", + "security_VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship", + "security_Vulnerability": "https://rdf.spdx.org/v3/Security/Vulnerability", + "security_actionStatement": "https://rdf.spdx.org/v3/Security/actionStatement", + "security_actionStatementTime": "https://rdf.spdx.org/v3/Security/actionStatementTime", + "security_assessedElement": { + "@id": "https://rdf.spdx.org/v3/Security/assessedElement", + "@type": "@id" + }, + "security_catalogType": { "@context": { - "@vocab": "spdx:Core/RelationshipType/" + "@vocab": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/" }, - "@id": "spdx:Core/relationshipType", + "@id": "https://rdf.spdx.org/v3/Security/catalogType", "@type": "@vocab" }, - "releaseTime": "spdx:Core/releaseTime", - "rootElement": "spdx:Core/rootElement", - "safetyRiskAssessment": { + "security_decisionType": { "@context": { - "@vocab": "spdx:AI/SafetyRiskAssessmentType/" + "@vocab": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/" }, - "@id": "spdx:AI/safetyRiskAssessment", + "@id": "https://rdf.spdx.org/v3/Security/decisionType", "@type": "@vocab" }, - "sbomType": { + "security_exploited": "https://rdf.spdx.org/v3/Security/exploited", + "security_impactStatement": "https://rdf.spdx.org/v3/Security/impactStatement", + "security_impactStatementTime": "https://rdf.spdx.org/v3/Security/impactStatementTime", + "security_justificationType": { "@context": { - "@vocab": "spdx:Software/SbomType/" + "@vocab": "https://rdf.spdx.org/v3/Security/VexJustificationType/" }, - "@id": "spdx:Software/sbomType", + "@id": "https://rdf.spdx.org/v3/Security/justificationType", "@type": "@vocab" }, - "scope": { + "security_locator": "https://rdf.spdx.org/v3/Security/locator", + "security_modifiedTime": "https://rdf.spdx.org/v3/Security/modifiedTime", + "security_percentile": "https://rdf.spdx.org/v3/Security/percentile", + "security_probability": "https://rdf.spdx.org/v3/Security/probability", + "security_publishedTime": "https://rdf.spdx.org/v3/Security/publishedTime", + "security_score": "https://rdf.spdx.org/v3/Security/score", + "security_severity": { "@context": { - "@vocab": "spdx:Core/LifecycleScopeType/" + "@vocab": "https://rdf.spdx.org/v3/Security/CvssSeverityType/" }, - "@id": "spdx:Core/scope", + "@id": "https://rdf.spdx.org/v3/Security/severity", "@type": "@vocab" }, - "score": "spdx:Security/score", - "seeAlso": "spdx:ExpandedLicensing/seeAlso", - "sensitivePersonalInformation": { + "security_statusNotes": "https://rdf.spdx.org/v3/Security/statusNotes", + "security_vectorString": "https://rdf.spdx.org/v3/Security/vectorString", + "security_vexVersion": "https://rdf.spdx.org/v3/Security/vexVersion", + "security_withdrawnTime": "https://rdf.spdx.org/v3/Security/withdrawnTime", + "simplelicensing_AnyLicenseInfo": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo", + "simplelicensing_LicenseExpression": "https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression", + "simplelicensing_SimpleLicensingText": "https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText", + "simplelicensing_customIdToUri": { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri", + "@type": "@id" + }, + "simplelicensing_licenseExpression": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression", + "simplelicensing_licenseListVersion": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion", + "simplelicensing_licenseText": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText", + "software_File": "https://rdf.spdx.org/v3/Software/File", + "software_Package": "https://rdf.spdx.org/v3/Software/Package", + "software_Sbom": "https://rdf.spdx.org/v3/Software/Sbom", + "software_SbomType": "https://rdf.spdx.org/v3/Software/SbomType", + "software_Snippet": "https://rdf.spdx.org/v3/Software/Snippet", + "software_SoftwareArtifact": "https://rdf.spdx.org/v3/Software/SoftwareArtifact", + "software_SoftwarePurpose": "https://rdf.spdx.org/v3/Software/SoftwarePurpose", + "software_additionalPurpose": { "@context": { - "@vocab": "spdx:Core/PresenceType/" + "@vocab": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/" }, - "@id": "spdx:AI/sensitivePersonalInformation", + "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose", "@type": "@vocab" }, - "sensor": "spdx:Dataset/sensor", - "severity": { + "software_attributionText": "https://rdf.spdx.org/v3/Software/attributionText", + "software_byteRange": "https://rdf.spdx.org/v3/Software/byteRange", + "software_contentType": "https://rdf.spdx.org/v3/Software/contentType", + "software_copyrightText": "https://rdf.spdx.org/v3/Software/copyrightText", + "software_downloadLocation": "https://rdf.spdx.org/v3/Software/downloadLocation", + "software_gitoid": "https://rdf.spdx.org/v3/Software/gitoid", + "software_homePage": "https://rdf.spdx.org/v3/Software/homePage", + "software_isDirectory": "https://rdf.spdx.org/v3/Software/isDirectory", + "software_lineRange": "https://rdf.spdx.org/v3/Software/lineRange", + "software_packageUrl": "https://rdf.spdx.org/v3/Software/packageUrl", + "software_packageVersion": "https://rdf.spdx.org/v3/Software/packageVersion", + "software_primaryPurpose": { "@context": { - "@vocab": "spdx:Security/CvssSeverityType/" + "@vocab": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/" }, - "@id": "spdx:Security/severity", + "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose", "@type": "@vocab" }, - "snippetFromFile": "spdx:Software/snippetFromFile", - "sourceInfo": "spdx:Software/sourceInfo", + "software_sbomType": { + "@context": { + "@vocab": "https://rdf.spdx.org/v3/Software/SbomType/" + }, + "@id": "https://rdf.spdx.org/v3/Software/sbomType", + "@type": "@vocab" + }, + "software_snippetFromFile": { + "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile", + "@type": "@id" + }, + "software_sourceInfo": "https://rdf.spdx.org/v3/Software/sourceInfo", "spdx": "https://rdf.spdx.org/v3/", "spdxId": "@id", - "specVersion": "spdx:Core/specVersion", - "standardAdditionTemplate": "spdx:ExpandedLicensing/standardAdditionTemplate", - "standardCompliance": "spdx:AI/standardCompliance", - "standardLicenseHeader": "spdx:ExpandedLicensing/standardLicenseHeader", - "standardLicenseTemplate": "spdx:ExpandedLicensing/standardLicenseTemplate", - "standardName": "spdx:Core/standardName", - "startTime": "spdx:Core/startTime", - "statement": "spdx:Core/statement", - "statusNotes": "spdx:Security/statusNotes", - "subject": "spdx:Core/subject", - "subjectAddition": "spdx:ExpandedLicensing/subjectAddition", - "subjectExtendableLicense": "spdx:ExpandedLicensing/subjectExtendableLicense", - "subjectLicense": "spdx:ExpandedLicensing/subjectLicense", - "summary": "spdx:Core/summary", - "suppliedBy": "spdx:Core/suppliedBy", + "specVersion": "https://rdf.spdx.org/v3/Core/specVersion", + "standardName": "https://rdf.spdx.org/v3/Core/standardName", + "startTime": "https://rdf.spdx.org/v3/Core/startTime", + "statement": "https://rdf.spdx.org/v3/Core/statement", + "subject": { + "@id": "https://rdf.spdx.org/v3/Core/subject", + "@type": "@id" + }, + "summary": "https://rdf.spdx.org/v3/Core/summary", + "suppliedBy": { + "@id": "https://rdf.spdx.org/v3/Core/suppliedBy", + "@type": "@id" + }, "supportLevel": { "@context": { - "@vocab": "spdx:Core/SupportType/" + "@vocab": "https://rdf.spdx.org/v3/Core/SupportType/" }, - "@id": "spdx:Core/supportLevel", + "@id": "https://rdf.spdx.org/v3/Core/supportLevel", "@type": "@vocab" }, - "to": "spdx:Core/to", + "to": { + "@id": "https://rdf.spdx.org/v3/Core/to", + "@type": "@id" + }, "type": "@type", - "typeOfModel": "spdx:AI/typeOfModel", - "validUntilTime": "spdx:Core/validUntilTime", - "value": "spdx:Core/value", - "vectorString": "spdx:Security/vectorString", - "verifiedUsing": "spdx:Core/verifiedUsing", - "vexVersion": "spdx:Security/vexVersion", - "withdrawnTime": "spdx:Security/withdrawnTime" + "validUntilTime": "https://rdf.spdx.org/v3/Core/validUntilTime", + "value": "https://rdf.spdx.org/v3/Core/value", + "verifiedUsing": { + "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing", + "@type": "@id" + } } } \ No newline at end of file diff --git a/tests/data/model/spdx3.jsonld b/tests/data/model/spdx3.jsonld index c7b9717..66862ff 100644 --- a/tests/data/model/spdx3.jsonld +++ b/tests/data/model/spdx3.jsonld @@ -1,6 +1,6 @@ [ { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDependencyManifest", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/coordinatedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -8,53 +8,89 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has manifest files that contain dependency information in each `to` Element" + "@value": "(Security) The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasDependencyManifest" + "@value": "coordinatedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType/other", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/directDownload", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/AnnotationType" + "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element)." + "@value": "the dataset is publicly available and can be downloaded directly." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "directDownload" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md2", + "@id": "https://rdf.spdx.org/v3/AI/metric", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records the measurement of prediction quality of the AI model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Software/SbomType/deployed", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://datatracker.ietf.org/doc/rfc1319/" + "@value": "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "md2" + "@value": "deployed" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasHost", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. The host that the build runs on)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasHost" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/AI/AIPackage", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -63,338 +99,440 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an exploit assessment of a vulnerability." + "@value": "Provides information about the fields in the AI package profile." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" + "@id": "https://rdf.spdx.org/v3/Software/Package" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N777c4c5f2cb84b0cbe29c3c413397cca" + "@id": "_:N3ad9d7a0bee34f0fa4a55cb8d06b4cd9" }, { - "@id": "_:N2f62f9d436d7474cbc22ab8d375892b2" + "@id": "_:Na7e257f2b7864d40b793c21be9c8ab29" }, { - "@id": "_:N16daa00f5c9c4218bc889c5ebbdecffd" + "@id": "_:Nb999a06306de4a9088c8927b1d146536" + }, + { + "@id": "_:N973bf1ddb84c4fd6afb8b35249541d7a" + }, + { + "@id": "_:N680c3fa4323f4e2f9c96725c25ea3744" + }, + { + "@id": "_:N11fe61cd5f7948f5b207b9583b4d5f3f" + }, + { + "@id": "_:N837cc645adad44209549a4f204ed5f67" + }, + { + "@id": "_:N1f5796f1961d4ad59772b52a2dd8f716" + }, + { + "@id": "_:Nd7308b04e03c4a1b9236cab802733cc8" + }, + { + "@id": "_:Nd4f992722a1e4673ad01094bca621db3" + }, + { + "@id": "_:Naa06465045da4739955156dd94b9898a" + }, + { + "@id": "_:Ne6cfbf49d44f488281d7049bda8900f4" + }, + { + "@id": "_:N950b9ac6780145c7a46e4cbcef9fd2f8" + }, + { + "@id": "_:Na31b70a033114e9b882ae581ced05f4d" + }, + { + "@id": "_:N042cb82778e94dfca10b23016eaad07e" } ] }, { - "@id": "_:N777c4c5f2cb84b0cbe29c3c413397cca", + "@id": "_:N3ad9d7a0bee34f0fa4a55cb8d06b4cd9", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/AI/energyConsumption" } - ], + ] + }, + { + "@id": "_:Na7e257f2b7864d40b793c21be9c8ab29", "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/catalogType" + "@id": "https://rdf.spdx.org/v3/AI/standardCompliance" } ] }, { - "@id": "_:N2f62f9d436d7474cbc22ab8d375892b2", + "@id": "_:Nb999a06306de4a9088c8927b1d146536", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/AI/limitation" } - ], + ] + }, + { + "@id": "_:N973bf1ddb84c4fd6afb8b35249541d7a", "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/exploited" + "@id": "https://rdf.spdx.org/v3/AI/typeOfModel" } ] }, { - "@id": "_:N16daa00f5c9c4218bc889c5ebbdecffd", + "@id": "_:N680c3fa4323f4e2f9c96725c25ea3744", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/AI/informationAboutTraining" + } + ] + }, + { + "@id": "_:N11fe61cd5f7948f5b207b9583b4d5f3f", + "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/locator" + "@id": "https://rdf.spdx.org/v3/AI/informationAboutApplication" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/summary", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N837cc645adad44209549a4f204ed5f67", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "A short description of an Element." + "@id": "https://rdf.spdx.org/v3/AI/hyperparameter" + } + ] + }, + { + "@id": "_:N1f5796f1961d4ad59772b52a2dd8f716", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing" + } + ] + }, + { + "@id": "_:Nd7308b04e03c4a1b9236cab802733cc8", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/AI/modelExplainability" + } + ] + }, + { + "@id": "_:Nd4f992722a1e4673ad01094bca621db3", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/releaseNotes", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "@id": "_:Naa06465045da4739955156dd94b9898a", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "A reference to the release notes for a package." + "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold" + } + ] + }, + { + "@id": "_:Ne6cfbf49d44f488281d7049bda8900f4", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "releaseNotes" + "@id": "https://rdf.spdx.org/v3/AI/metric" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha384", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "@id": "_:N950b9ac6780145c7a46e4cbcef9fd2f8", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/AI/domain" + } + ] + }, + { + "@id": "_:Na31b70a033114e9b882ae581ced05f4d", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "secure hashing algorithm with a digest length of 384 https://www.rfc-editor.org/rfc/rfc4634" + "@id": "https://rdf.spdx.org/v3/AI/autonomyType" + } + ] + }, + { + "@id": "_:N042cb82778e94dfca10b23016eaad07e", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "sha384" + "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutTraining", + "@id": "https://rdf.spdx.org/v3/Core/imports", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes relevant information about different steps of the training process." + "@value": "Provides an ExternalMap of Element identifiers." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/ExternalMap" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/application", + "@id": "https://rdf.spdx.org/v3/Core/PresenceType/yes", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/PresenceType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a software application" + "@value": "Indicates presence of the field." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "application" + "@value": "yes" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/timestamp", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "timestamp" + "@value": "Enumeration of the valid profiles." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/dependsOn", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/certificationReport", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element depends on each `to` Element during a LifecycleScopeType period." + "@value": "A reference to a certification report for a package from an accredited/independent body." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "dependsOn" + "@value": "certificationReport" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Hash", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityPolicy", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A mathematically calculated representation of a grouping of data." + "@value": "A reference to instructions for reporting newly discovered security vulnerabilities for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" + "@value": "securityPolicy" } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md5", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "_:Nf4705ab6569b48199fcd1e7180963cb4" - }, + "@language": "en", + "@value": "https://datatracker.ietf.org/doc/html/rfc1321" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N36d4ef7f53c2466a84440e12385dd05a" + "@value": "md5" } ] }, { - "@id": "_:Nf4705ab6569b48199fcd1e7180963cb4", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/SupportType/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/SupportType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "no assertion about the type of support is made. This is considered the default if no other support type is used." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/algorithm" + "@value": "noAssertion" } ] }, { - "@id": "_:N36d4ef7f53c2466a84440e12385dd05a", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "data type is not known." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/hashValue" + "@value": "noAssertion" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/clickthrough", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/releaseHistory", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage." + "@value": "A reference to a published list of releases for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "clickthrough" + "@value": "releaseHistory" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/assessedElement", + "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies an element contained in a piece of software where a vulnerability was\nfound." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "Categories of safety risk impact of the application." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdvisory", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/contains", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a published security advisory (where advisory as defined per ISO 29147:2018) that may affect one or more elements, e.g., vendor advisories or specific NVD entries." + "@value": "The `from` Element contains each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityAdvisory" + "@value": "contains" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/timestamp", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of an external identifier." + "@value": "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "timestamp" } ] }, { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression", + "@id": "https://rdf.spdx.org/v3/Core/endIntegerRange", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -402,71 +540,70 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A string in the license expression format." + "@value": "Defines the end of a range." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre", + "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies whether the License is listed as free by the\n[Free Software Foundation (FSF)](https://fsf.org)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@value": "Specifies the CVSS base, temporal, threat, or environmental severity type." } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/NoneLicense", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Abstract class representing a License or an OrLaterOperator." + "@value": "An Individual Value for License where the SPDX data creator determines that no license is present." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo" + } + ], + "http://www.w3.org/2002/07/owl#sameAs": [ + { + "@id": "https://rdf.spdx.org/v3/Licensing/None" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing", + "@id": "https://rdf.spdx.org/v3/Core/Tool", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes all the preprocessing steps applied to the training data before the model training." + "@value": "An element of hardware and/or software utilized to carry out a particular function." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasTest", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasMetadata", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -474,136 +611,125 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period" + "@value": "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasTest" + "@value": "hasMetadata" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/secureSoftwareAttestation", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF)](https://csrc.nist.gov/publications/detail/sp/800-218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf)." + "@value": "data is of a type not included in this list." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "secureSoftwareAttestation" + "@value": "other" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/CreationInfo", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/evidence", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the creation of the Element." + "@value": "the Element is the evidence that a specification or requirement has been fulfilled" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nf165a6210e9749e9ae73aca27eabe1fa" - }, - { - "@id": "_:Na1b327a6716348c985dd3d432e59e7fd" - }, - { - "@id": "_:Nb4cf021f76f849cd8f3cbab72338fabb" - }, - { - "@id": "_:N1007efbeaa174539910ce0ae834e6e78" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:Nbcb8a3daabfd4b789db673fe26b63fbe" + "@value": "evidence" } ] }, { - "@id": "_:Nf165a6210e9749e9ae73aca27eabe1fa", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDocumentation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The `from` Element is documented by each `to` Element" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/specVersion" + "@value": "hasDocumentation" } ] }, { - "@id": "_:Na1b327a6716348c985dd3d432e59e7fd", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Categorizes safety risk impact of AI software." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/comment" + "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" } ] }, { - "@id": "_:Nb4cf021f76f849cd8f3cbab72338fabb", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/standardName", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The name of a relevant standard that may apply to an artifact." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/created" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:N1007efbeaa174539910ce0ae834e6e78", - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/reportedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Core/createdBy" + "@language": "en", + "@value": "(Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent" } - ] - }, - { - "@id": "_:Nbcb8a3daabfd4b789db673fe26b63fbe", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/createdUsing" + "@value": "reportedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class" @@ -611,221 +737,179 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Enumeration of dataset types." + "@value": "Abstract class representing a License or an OrLaterOperator." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Security/impactStatementTime", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a CVSS version 4 assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N07462b0c129543b09ca8cb547b83bc15" - }, - { - "@id": "_:Nfd7efafa9e9b42019616822da0476785" - }, - { - "@id": "_:N6c3327baca894dd0b3b4e90aab2d0d2d" - } - ] - }, - { - "@id": "_:N07462b0c129543b09ca8cb547b83bc15", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 + "@value": "Timestamp of impact statement." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/score" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "_:Nfd7efafa9e9b42019616822da0476785", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/medium", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/CvssSeverityType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "When a CVSS score is between 4 - 6.9" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Security/severity" + "@value": "medium" } ] }, { - "@id": "_:N6c3327baca894dd0b3b4e90aab2d0d2d", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Dataset/sensor", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Describes a sensor used for collecting the data." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/vectorString" + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/namespace", + "@id": "https://rdf.spdx.org/v3/Core/algorithm", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an unambiguous mechanism for conveying a URI fragment portion of an ElementID." + "@value": "Specifies the algorithm used for calculating the hash value." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/firmware", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A key with an associated value." + "@value": "the Element provides low level control over a device's hardware" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N0a041e553d6b4cd5b8783d86b8b91613" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N0a7bece7c4e24eddb7719c0b9538559f" + "@value": "firmware" } ] }, { - "@id": "_:N0a041e553d6b4cd5b8783d86b8b91613", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md2", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/key" - } - ] - }, - { - "@id": "_:N0a7bece7c4e24eddb7719c0b9538559f", - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "https://datatracker.ietf.org/doc/rfc1319/" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/value" + "@value": "md2" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/downloadLocation", + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the download Uniform Resource Identifier for the package at the time that the document was created." + "@value": "Abstract class representing a license combination consisting of one or more\nlicenses (optionally including additional text), which may be combined\naccording to the SPDX license expression syntax." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime", + "@id": "https://rdf.spdx.org/v3/Core/externalRef", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the time when a vulnerability was published." + "@value": "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "https://rdf.spdx.org/v3/Core/ExternalRef" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha224", + "@id": "https://rdf.spdx.org/v3/Core/AnnotationType/review", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/AnnotationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "secure hashing algorithm with a digest length of 224 https://datatracker.ietf.org/doc/html/draft-ietf-pkix-sha224-01" + "@value": "Used when someone reviews the Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha224" + "@value": "review" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet", + "@id": "https://rdf.spdx.org/v3/Core/Element", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -834,368 +918,356 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + "@value": "Base domain class from which all other SPDX-3.0 domain classes derive." } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N60e13d92a971445d855e3788b53a957b" + "@id": "_:N57d3dda3b5ea4a3e8495c1b0b5623f47" + }, + { + "@id": "_:Nb77d0925effd41ffa56b1ea2919c7336" + }, + { + "@id": "_:N52405516def745d1a1380c949cc579b0" + }, + { + "@id": "_:Nff7b960340c744f1bef3f63ae5a23235" + }, + { + "@id": "_:Ne9099755ceb04282957188afde591675" + }, + { + "@id": "_:N52d67857967a438180a6cfeda54e2141" + }, + { + "@id": "_:N94c89c19115c47e9806e0d2260c5a114" + }, + { + "@id": "_:N74ab4ee67685483c8201ae3dc821b2d2" + }, + { + "@id": "_:N6796d4dae4dc42f78d1d6b992f9a4ba6" } ] }, { - "@id": "_:N60e13d92a971445d855e3788b53a957b", - "http://www.w3.org/ns/shacl#minCount": [ + "@id": "_:N57d3dda3b5ea4a3e8495c1b0b5623f47", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 2 + "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member" + "@id": "https://rdf.spdx.org/v3/Core/name" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/executable", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nb77d0925effd41ffa56b1ea2919c7336", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Element is an Artifact that can be run on a computer" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "executable" + "@id": "https://rdf.spdx.org/v3/Core/summary" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/simpleLicensing", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N52405516def745d1a1380c949cc579b0", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "the element follows the simple Licensing profile specification" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "simpleLicensing" + "@id": "https://rdf.spdx.org/v3/Core/description" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/prefix", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nff7b960340c744f1bef3f63ae5a23235", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A substitute for a URI." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/comment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityDisclosureReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "@id": "_:Ne9099755ceb04282957188afde591675", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/CreationInfo" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161](https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final)." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "vulnerabilityDisclosureReport" + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/creationInfo" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N52d67857967a438180a6cfeda54e2141", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile." + "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "@id": "_:N94c89c19115c47e9806e0d2260c5a114", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "https://rdf.spdx.org/v3/Core/ExternalRef" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N6487b3beb8a14087b93bafc75f463598" - }, - { - "@id": "_:N1f0d8e6c5c074e6daf2fa5bab487a3c4" - }, - { - "@id": "_:Nd31a4a2cfc5940d4801d7c33ddd210eb" - }, - { - "@id": "_:Neb4de46bafdd42468ab25790a9915eb4" - }, - { - "@id": "_:N5c9f4548e8094f6f9d59042f3d7d7b3c" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N92793b82513e4ef9aa2149e1486a5dcb" + "@id": "https://rdf.spdx.org/v3/Core/externalRef" } ] }, { - "@id": "_:N6487b3beb8a14087b93bafc75f463598", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ + "@id": "_:N74ab4ee67685483c8201ae3dc821b2d2", + "http://www.w3.org/ns/shacl#class": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifier" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText" + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier" } ] }, { - "@id": "_:N1f0d8e6c5c074e6daf2fa5bab487a3c4", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "_:N6796d4dae4dc42f78d1d6b992f9a4ba6", + "http://www.w3.org/ns/shacl#class": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/Extension/Extension" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate" + "@id": "https://rdf.spdx.org/v3/Core/extension" } ] }, { - "@id": "_:Nd31a4a2cfc5940d4801d7c33ddd210eb", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId" + "@language": "en", + "@value": "Specifies the type of an external identifier." } ] }, { - "@id": "_:Neb4de46bafdd42468ab25790a9915eb4", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Security/vexVersion", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Specifies the version of the VEX document." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:N5c9f4548e8094f6f9d59042f3d7d7b3c", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/graph", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml" + "@language": "en", + "@value": "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends." } - ] - }, - { - "@id": "_:N92793b82513e4ef9aa2149e1486a5dcb", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso" + "@value": "graph" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/generates", + "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/red", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element generates each `to` Element" + "@value": "Data points in the dataset are highly confidential and can only be shared with named recipients." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "generates" + "@value": "red" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/directDownload", + "@id": "https://rdf.spdx.org/v3/Core/releaseTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the dataset is publicly available and can be downloaded directly." + "@value": "Specifies the time an artifact was released." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "directDownload" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/syntactic", + "@id": "https://rdf.spdx.org/v3/Security/actionStatementTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing." + "@value": "Records the time when a recommended action was communicated in a VEX statement \nto mitigate a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "syntactic" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/development", + "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/critical", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" + "https://rdf.spdx.org/v3/Security/CvssSeverityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the artifact is in active development and is not considered ready for formal support from the supplier." + "@value": "When a CVSS score is between 9.0 - 10.0" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "development" + "@value": "critical" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/test", + "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the VEX justification type." + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/image", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during an element's testing phase, during development." + "@value": "data is a collection of images such as pictures of animals." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "test" + "@value": "image" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasSpecification", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated." + "@value": "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "hasSpecification" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/usage", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/patch", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Usage profile specification" + "@value": "Element contains a set of changes to update, fix, or improve another Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "usage" + "@value": "patch" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/score", + "@id": "https://rdf.spdx.org/v3/Software/copyrightText", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -1203,120 +1275,125 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a numerical (0-10) representation of the severity of a vulnerability." + "@value": "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/from", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/republishedBy", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "References the Element on the left-hand side of a relationship." + "@value": "(Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s)" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "republishedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/model", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe23", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a machine learning or artificial intelligence model" + "@value": "https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "model" + "@value": "cpe23" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/usesTool", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element uses each `to` Element as a tool during a LifecycleScopeType period." + "@value": "The field describes the availability of a dataset." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "usesTool" + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutApplication", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/clickthrough", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides relevant information about the AI software, not including the model description." + "@value": "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "clickthrough" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SbomType", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/data", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a set of values to be used to describe the common types of SBOMs that tools may create." + "@value": "Element is data" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "data" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/categorical", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data that is classified into a discrete number of categories, such as the eye color of a population of people." + "@value": "the Element doesn't fit into any of the other categories" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "categorical" + "@value": "other" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/Snippet", + "@id": "https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -1325,54 +1402,43 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes a certain part of a file." + "@value": "Provides a CVSS version 2.0 assessment for a vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" + "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Ncdb9455801424bd1b3b04281b0261fa8" - }, - { - "@id": "_:N7d9402f4a4da41f8a20e171361de5ab2" + "@id": "_:N2d58f3c2d14c40bea0ab9b440b7fd44d" }, { - "@id": "_:N10094fe908234db5a95e47665735ddf5" + "@id": "_:Ne94c06881fe644099fdab39ec63dbba1" } ] }, { - "@id": "_:Ncdb9455801424bd1b3b04281b0261fa8", + "@id": "_:N2d58f3c2d14c40bea0ab9b440b7fd44d", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://rdf.spdx.org/v3/Software/byteRange" - } - ] - }, - { - "@id": "_:N7d9402f4a4da41f8a20e171361de5ab2", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 + "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/lineRange" + "@id": "https://rdf.spdx.org/v3/Security/score" } ] }, { - "@id": "_:N10094fe908234db5a95e47665735ddf5", + "@id": "_:Ne94c06881fe644099fdab39ec63dbba1", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1385,48 +1451,48 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile" + "@id": "https://rdf.spdx.org/v3/Security/vectorString" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/packageUrl", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The field describes the availability of a dataset." + "@value": "https://github.com/package-url/purl-spec" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" + "@value": "packageUrl" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/extension", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/invokedBy", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies an Extension characterization of some aspect of an Element." + "@value": "The `from` Element was invoked by the `to` Agent during a LifecycleScopeType period (for example, a Build element that describes a build step)" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Extension/Extension" + "@value": "invokedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/isDirectory", + "@id": "https://rdf.spdx.org/v3/Software/byteRange", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -1434,35 +1500,53 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "If true, denotes the Element is a directory." + "@value": "Defines the byte range in the original host file that the snippet information applies to." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/createdUsing", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/falcon", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "https://falcon-sign.info/falcon.pdf" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "falcon" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/specVersion", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the tooling that was used during the creation of the Element." + "@value": "Provides a reference number that can be used to understand how to parse and interpret an Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/Tool" + "@id": "https://rdf.spdx.org/v3/Core/SemVer" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Relationship", + "@id": "https://rdf.spdx.org/v3/Software/Sbom", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -1471,81 +1555,110 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes a relationship between one or more elements." + "@value": "A collection of SPDX Elements describing a single package." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "https://rdf.spdx.org/v3/Core/Bom" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nfdf3dcc20f1e485aad71d90cbeded063" - }, - { - "@id": "_:Ne92dd3e1527d4ff481a305437abf06b9" - }, - { - "@id": "_:N3e6512e1a9804bd5b65a9318327f90ee" - }, - { - "@id": "_:Nc450578896704e3fa51e11bd6392be34" - }, - { - "@id": "_:N8efd520cc0524e1e96bd587395afea52" - }, - { - "@id": "_:Na1694a0a86e74a85a9169377c622c60c" + "@id": "_:N6854604b931e4ae3af55e51f92fdadbe" } ] }, { - "@id": "_:Nfdf3dcc20f1e485aad71d90cbeded063", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "_:N6854604b931e4ae3af55e51f92fdadbe", + "http://www.w3.org/ns/shacl#path": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/Software/sbomType" } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/none", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/CvssSeverityType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "When a CVSS score is 0" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/from" + "@value": "none" } ] }, { - "@id": "_:Ne92dd3e1527d4ff481a305437abf06b9", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Software/Package", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Core/to" + "@language": "en", + "@value": "Refers to any unit of content that can be associated with a distribution of software." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N5b9782d59d99439c8acb08233a6e6f3c" + }, + { + "@id": "_:N90ae7e2e743b423aa1cb474d5aec0ec4" + }, + { + "@id": "_:Ncb2e8ae9ded545769f97085f8792d152" + }, + { + "@id": "_:N1747e242bcdc469cbf4ebbb2ee47c17a" + }, + { + "@id": "_:Nfb2c80d62027437b87df7e7fb9397daa" } ] }, { - "@id": "_:N3e6512e1a9804bd5b65a9318327f90ee", + "@id": "_:N5b9782d59d99439c8acb08233a6e6f3c", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Software/packageVersion" + } + ] + }, + { + "@id": "_:N90ae7e2e743b423aa1cb474d5aec0ec4", + "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/relationshipType" + "@id": "https://rdf.spdx.org/v3/Software/downloadLocation" } ] }, { - "@id": "_:Nc450578896704e3fa51e11bd6392be34", + "@id": "_:Ncb2e8ae9ded545769f97085f8792d152", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1553,12 +1666,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/completeness" + "@id": "https://rdf.spdx.org/v3/Software/packageUrl" } ] }, { - "@id": "_:N8efd520cc0524e1e96bd587395afea52", + "@id": "_:N1747e242bcdc469cbf4ebbb2ee47c17a", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1566,12 +1679,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/startTime" + "@id": "https://rdf.spdx.org/v3/Software/homePage" } ] }, { - "@id": "_:Na1694a0a86e74a85a9169377c622c60c", + "@id": "_:Nfb2c80d62027437b87df7e7fb9397daa", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1579,30 +1692,30 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/endTime" + "@id": "https://rdf.spdx.org/v3/Software/sourceInfo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/staticAnalysisReport", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/fixedIn", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a static analysis report for a package." + "@value": "(Security/VEX) A `from` Vulnerability has been fixed in each of the `to` Element(s)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "staticAnalysisReport" + "@value": "fixedIn" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/fixedBy", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/delegatedTo", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -1610,71 +1723,71 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability has been fixed by the `to` Agent(s)" + "@value": "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "fixedBy" + "@value": "delegatedTo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/device", + "@id": "https://rdf.spdx.org/v3/Software/downloadLocation", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element refers to a chipset, processor, or electronic board" + "@value": "Identifies the download Uniform Resource Identifier for the package at the time that the document was created." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "device" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b512", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/modifiedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "blake2b algorithm with a digest size of 512 https://datatracker.ietf.org/doc/html/rfc7693#section-4" + "@value": "The `from` Element is modified by each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "blake2b512" + "@value": "modifiedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/modifiedBy", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/syntactic", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is modified by each `to` Element" + "@value": "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "modifiedBy" + "@value": "syntactic" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -1682,7 +1795,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the full text of a LicenseAddition, in SPDX templating format." + "@value": "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -1692,25 +1805,43 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsDilithium", + "@id": "https://rdf.spdx.org/v3/Build/configSourceUri", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property that describes the URI of the build configuration source file." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Software/SbomType/analyzed", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://pq-crystals.org/dilithium/index.shtml" + "@value": "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a “3rd party” SBOM." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "crystalsDilithium" + "@value": "analyzed" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/Package", + "@id": "https://rdf.spdx.org/v3/Core/Artifact", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -1719,47 +1850,58 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Refers to any unit of content that can be associated with a distribution of software." + "@value": "A distinct article or unit within the digital domain." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Ne75417c631c54a24a5a4359e73f3859f" + "@id": "_:Na5526f67772b4ef1acd34ec9c505c700" + }, + { + "@id": "_:N2b0955c02d294196bf7b8378564a275c" + }, + { + "@id": "_:N1067b9828c20474086ec3c9076ce8b20" }, { - "@id": "_:Nb7b753912a334436833858e9aebc121f" + "@id": "_:Nca6e5e04f54948718460368facdb6030" }, { - "@id": "_:Ndb2e2fe962d5478fa186eb2c4a1001cf" + "@id": "_:Naebf14255e9d42cb84d9dc0bda700a1d" }, { - "@id": "_:N1179ca13ae024498b6db6fc7e50027fa" + "@id": "_:N41f3a28ee7a44aab851b18f385aecb0f" }, { - "@id": "_:N77c2aee537e04fa695ce28aa7c271ac2" + "@id": "_:Nf4ba3d986dec4aa5831424131bd1dab3" } ] }, { - "@id": "_:Ne75417c631c54a24a5a4359e73f3859f", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "_:Na5526f67772b4ef1acd34ec9c505c700", + "http://www.w3.org/ns/shacl#class": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/Core/Agent" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/packageVersion" + "@id": "https://rdf.spdx.org/v3/Core/originatedBy" } ] }, { - "@id": "_:Nb7b753912a334436833858e9aebc121f", + "@id": "_:N2b0955c02d294196bf7b8378564a275c", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Agent" + } + ], "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1767,12 +1909,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/downloadLocation" + "@id": "https://rdf.spdx.org/v3/Core/suppliedBy" } ] }, { - "@id": "_:Ndb2e2fe962d5478fa186eb2c4a1001cf", + "@id": "_:N1067b9828c20474086ec3c9076ce8b20", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1780,12 +1922,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/packageUrl" + "@id": "https://rdf.spdx.org/v3/Core/builtTime" } ] }, { - "@id": "_:N1179ca13ae024498b6db6fc7e50027fa", + "@id": "_:Nca6e5e04f54948718460368facdb6030", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1793,12 +1935,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/homePage" + "@id": "https://rdf.spdx.org/v3/Core/releaseTime" } ] }, { - "@id": "_:N77c2aee537e04fa695ce28aa7c271ac2", + "@id": "_:Naebf14255e9d42cb84d9dc0bda700a1d", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -1806,211 +1948,219 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/sourceInfo" + "@id": "https://rdf.spdx.org/v3/Core/validUntilTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/republishedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N41f3a28ee7a44aab851b18f385aecb0f", + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s)" + "@id": "https://rdf.spdx.org/v3/Core/standardName" } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + ] + }, + { + "@id": "_:Nf4ba3d986dec4aa5831424131bd1dab3", + "http://www.w3.org/ns/shacl#path": [ { - "@value": "republishedBy" + "@id": "https://rdf.spdx.org/v3/Core/supportLevel" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/vexVersion", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the version of the VEX document." + "@value": "A License participating in an 'or later' model." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/packageUrl", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/copiedTo", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://github.com/package-url/purl-spec" + "@value": "The `from` Element has been copied to each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "packageUrl" + "@value": "copiedTo" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId", + "@id": "https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies whether a license or additional text identifier has been marked as\ndeprecated." + "@value": "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N4b53023bbb404c908096820a08917c2c" + }, + { + "@id": "_:N2d4efd907a14439a857cccf1fdad86ed" } ] }, { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N4b53023bbb404c908096820a08917c2c", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Abstract class representing a license combination consisting of one or more\nlicenses (optionally including additional text), which may be combined\naccording to the SPDX license expression syntax." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "https://rdf.spdx.org/v3/Security/actionStatement" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/amber", + "@id": "_:N2d4efd907a14439a857cccf1fdad86ed", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Security/actionStatementTime" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/npm", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis." + "@value": "A reference to an npm package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "amber" + "@value": "npm" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasEvidence", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Dataset) Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)" + "@value": "A license exception that is listed on the SPDX Exceptions list." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "hasEvidence" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N03d29a41a4f2464d8fc355721e27cb23" + }, + { + "@id": "_:N501b23153224426f83d56d7ff0c7cbf0" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N03d29a41a4f2464d8fc355721e27cb23", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Contains a URL where the License or LicenseAddition can be found in use." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasMetadata", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N501b23153224426f83d56d7ff0c7cbf0", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasMetadata" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet", + "@id": "https://rdf.spdx.org/v3/Core/description", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere only any one of the elements applies." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + "@value": "Provides a detailed description of the Element." } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:Nddb91ffda6354c72980de15255a8c43e" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:Nddb91ffda6354c72980de15255a8c43e", - "http://www.w3.org/ns/shacl#minCount": [ + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/filesystemImage", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 2 + "@language": "en", + "@value": "the Element is a file system image that can be written to a disk (or virtual) partition" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member" + "@value": "filesystemImage" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -2019,7 +2169,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Asbtract ancestor class for all VEX relationships" + "@value": "Provides an SSVC assessment for a vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ @@ -2029,41 +2179,30 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nc1c520396c2d416ea07d33e68df49c38" - }, - { - "@id": "_:N903934de642349179d13b477a99ff56a" + "@id": "_:N0da36d80c2fe4f61b5cfe4f788bc18df" } ] }, { - "@id": "_:Nc1c520396c2d416ea07d33e68df49c38", + "@id": "_:N0da36d80c2fe4f61b5cfe4f788bc18df", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/vexVersion" - } - ] - }, - { - "@id": "_:N903934de642349179d13b477a99ff56a", - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#minCount": [ { "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/statusNotes" + "@id": "https://rdf.spdx.org/v3/Security/decisionType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose", + "@id": "https://rdf.spdx.org/v3/Core/Organization", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class" @@ -2071,52 +2210,35 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the primary purpose of an Element." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/delegatedTo", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)" + "@value": "A group of people who work together in an organized way for a shared purpose." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "delegatedTo" + "@id": "https://rdf.spdx.org/v3/Core/Agent" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/NoneLicense", + "@id": "https://rdf.spdx.org/v3/Core/AnnotationType/other", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/AnnotationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An Individual Value for License where the SPDX data creator determines that no license is present." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo" + "@value": "Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element)." } ], - "http://www.w3.org/2002/07/owl#sameAs": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Licensing/None" + "@value": "other" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded", + "@id": "https://rdf.spdx.org/v3/Security/actionStatement", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -2124,7 +2246,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added." + "@value": "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -2134,106 +2256,83 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/metrics", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/specification", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to metrics related to package such as OpenSSF scorecards." + "@value": "the Element is a plan, guideline or strategy how to create, perform or analyse an application" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "metrics" + "@value": "specification" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/email", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/mailingList", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc3696#section-3" + "@value": "A reference to the mailing list used by the maintainer for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "email" + "@value": "mailingList" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/riskAssessment", + "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a risk assessment for a package." + "@value": "Provides an IntegrityMethod with which the integrity of an Element can be asserted." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "riskAssessment" + "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/patch", + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element contains a set of changes to update, fix, or improve another Element" + "@value": "A key with an associated value." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "patch" + "@id": "_:N39c716b2248f493c9938ab489aed4c7d" + }, + { + "@id": "_:N81779ef94cb4446e867074d6b4d2f97f" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a CVSS version 2.0 assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N97d78170bd6845a39893e1a211170fb8" - }, - { - "@id": "_:Nd8e52b75d73141f6badf26ebec40285c" - } - ] - }, - { - "@id": "_:N97d78170bd6845a39893e1a211170fb8", + "@id": "_:N39c716b2248f493c9938ab489aed4c7d", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -2246,331 +2345,328 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/score" + "@id": "https://rdf.spdx.org/v3/Core/key" } ] }, { - "@id": "_:Nd8e52b75d73141f6badf26ebec40285c", + "@id": "_:N81779ef94cb4446e867074d6b4d2f97f", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/vectorString" + "@id": "https://rdf.spdx.org/v3/Core/value" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/endOfSupport", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact." + "@value": "A license expression participating in a license set." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "endOfSupport" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Organization", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/operatingSystem", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A group of people who work together in an organized way for a shared purpose." + "@value": "the Element is an operating system" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/Agent" + "@value": "operatingSystem" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/serializedInArtifact", + "@id": "https://rdf.spdx.org/v3/Build/buildId", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` SPDXDocument can be found in a serialized form in each `to` Artifact" + "@value": "A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "serializedInArtifact" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/attend", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "@value": "Specifies whether the License is listed as approved by the\n[Open Source Initiative (OSI)](https://opensource.org)." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "attend" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/kev", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAssessmentFor", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/ExploitCatalogType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "CISA's Known Exploited Vulnerability (KEV) Catalog" + "@value": "(Security) Relates a `from` Vulnerability and each `to` Element(s) with a security assessment. To be used with `VulnAssessmentRelationship` types" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "kev" + "@value": "hasAssessmentFor" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/extension", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Extension profile specification" + "@value": "Provides a License author's preferred text to indicate that a file is covered\nby the License." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "extension" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/locator", + "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides the location of an exploit catalog." + "@value": "Describes the confidentiality level of the data points contained in the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/text", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityFix", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data consists of unstructured text, such as a book, wikipedia article (without images), or transcript." + "@value": "A reference to the patch or source code that fixes a vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "text" + "@value": "securityFix" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType", + "@id": "https://rdf.spdx.org/v3/Software/packageUrl", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Categories of presence or absence." + "@value": "Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/core", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)." + "@value": "the element follows the Core profile specification" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "vulnerabilityExploitabilityAssessment" + "@value": "core" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasConcludedLicense", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/license", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Software Artifact is concluded by the SPDX data creator to be governed by each `to` license" + "@value": "A reference to additional license information related to an artifact." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasConcludedLicense" + "@value": "license" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityFix", + "@id": "https://rdf.spdx.org/v3/Security/Vulnerability", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the patch or source code that fixes a vulnerability." + "@value": "Specifies a vulnerability and its associated information." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "securityFix" + "@id": "https://rdf.spdx.org/v3/Core/Artifact" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N5f9bf06eea5a4103bd7c83f43df6f8e4" + }, + { + "@id": "_:Nb66ae40f0cb74326a12ac45ae32f75f0" + }, + { + "@id": "_:Naa8c035ca5a9432f9dbb5fb0f7de1935" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Agent", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N5f9bf06eea5a4103bd7c83f43df6f8e4", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Agent represents anything with the potential to act on a system." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "https://rdf.spdx.org/v3/Security/publishedTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/operatingSystem", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nb66ae40f0cb74326a12ac45ae32f75f0", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "the Element is an operating system" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "operatingSystem" + "@id": "https://rdf.spdx.org/v3/Security/modifiedTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/startTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Naa8c035ca5a9432f9dbb5fb0f7de1935", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Specifies the time from which an element is applicable / valid." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/red", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOutputs", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Data points in the dataset are highly confidential and can only be shared with named recipients." + "@value": "The `from` Build element generates each `to` Element as an output during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "red" + "@value": "hasOutputs" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/exploited", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/source", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog." + "@value": "the Element is a single or a collection of source files" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@value": "source" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/trainedOn", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/generates", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -2578,291 +2674,311 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(AI, Dataset) The `from` Element has been trained by the `to` Element(s)" + "@value": "The `from` Element generates each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "trainedOn" + "@value": "generates" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/attributionText", + "@id": "https://rdf.spdx.org/v3/Core/subject", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet." + "@value": "An Element an annotator has made an assertion about." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/percentile", + "@id": "https://rdf.spdx.org/v3/Core/dataLicense", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The percentile of the current probability score." + "@value": "Provides the license under which the SPDX documentation of the Element can be used." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalDependency", + "@id": "https://rdf.spdx.org/v3/Core/from", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element optionally depends on each `to` Element during a LifecycleScopeType period" + "@value": "References the Element on the left-hand side of a relationship." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasOptionalDependency" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/rootElement", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDeletedFile", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "This property is used to denote the root Element(s) of a tree of elements contained in an SBOM." + "@value": "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "hasDeletedFile" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/comment", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/library", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provide consumers with comments by the creator of the Element about the Element." + "@value": "the Element is a software library" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "library" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/bower", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a bower package." + "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere only any one of the elements applies." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "bower" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N43945fad352745c58e1c7d42e60a91f3" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/configuration", + "@id": "_:N43945fad352745c58e1c7d42e60a91f3", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 2 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/trackStar", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Security/SsvcDecisionType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element is configuration data" + "@value": "(Track* in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "configuration" + "@value": "trackStar" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/locator", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/numeric", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides the location of an external reference." + "@value": "data consists only of numeric entries." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "numeric" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/NamespaceMap", + "@id": "https://rdf.spdx.org/v3/Core/SoftwareAgent", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A mapping between prefixes and namespace partial URIs." + "@value": "A software agent." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N0512a61d194944abbd3430975599e2be" - }, + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "_:N6cd5bc30b654499d84a6863145ce32ac" + "@id": "https://rdf.spdx.org/v3/Core/Agent" } ] }, { - "@id": "_:N0512a61d194944abbd3430975599e2be", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides additional purpose information of the software artifact." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/prefix" + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose" } ] }, { - "@id": "_:N6cd5bc30b654499d84a6863145ce32ac", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Security/exploited", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/namespace" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri", + "@id": "https://rdf.spdx.org/v3/Software/SbomType/source", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID." + "@value": "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + "@value": "source" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/parameters", + "@id": "https://rdf.spdx.org/v3/Core/context", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property describing the parameters used in an instance of a build." + "@value": "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing", + "@id": "https://rdf.spdx.org/v3/Dataset/knownBias", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an IntegrityMethod with which the integrity of an Element can be asserted." + "@value": "Records the biases that the dataset is known to encompass." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/impactStatement", + "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/track", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/SsvcDecisionType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label." + "@value": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "track" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class" @@ -2870,66 +2986,66 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Categories of confidentiality level." + "@value": "Information about the relationship between two Elements." } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/lineRange", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/urlScheme", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Defines the line range in the original host file that the snippet information applies to." + "@value": "the scheme used in order to locate a resource https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" + "@value": "urlScheme" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/documentation", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetNoise", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the documentation for a package." + "@value": "Describes potentially noisy elements of the dataset." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "documentation" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/nuget", + "@id": "https://rdf.spdx.org/v3/Core/summary", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a nuget package." + "@value": "A short description of an Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "nuget" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/underInvestigationFor", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/describes", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -2937,122 +3053,84 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security/VEX) The `from` Vulnerability impact is being investigated for each `to` Element" + "@value": "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "underInvestigationFor" + "@value": "describes" } ] }, { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression", + "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An SPDX Element containing an SPDX license expression string." + "@value": "Specifies the exploit catalog type." } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/AI/modelExplainability", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + "@language": "en", + "@value": "Describes methods that can be used to explain the model." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N8d320f84e6a246a1a9907462151c1961" - }, - { - "@id": "_:Nda31cbe23b594ceea79e0df855fee11b" - }, + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:N271dfdbdab544df2b534ea70ccaaf258" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:N8d320f84e6a246a1a9907462151c1961", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/extension", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "the element follows the Extension profile specification" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression" + "@value": "extension" } ] }, { - "@id": "_:Nda31cbe23b594ceea79e0df855fee11b", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion" - } - ] - }, - { - "@id": "_:N271dfdbdab544df2b534ea70ccaaf258", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/data", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element is data" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "data" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasProvidedDependency", + "@id": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has a dependency on each `to` Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period" + "@value": "Describes the preprocessing steps that were applied to the raw data to create the given dataset." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasProvidedDependency" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/builtTime", + "@id": "https://rdf.spdx.org/v3/Core/namespace", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -3060,293 +3138,282 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the time an artifact was built." + "@value": "Provides an unambiguous mechanism for conveying a URI fragment portion of an ElementID." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack." + "@value": "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "vulnerableCodeCannotBeControlledByAdversary" + "@id": "https://rdf.spdx.org/v3/Core/Element" } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/domain", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#property": [ { - "@language": "en", - "@value": "Captures the domain in which the AI package can be used." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "@id": "_:N617917262eca4018bf3dfe60e932080b" + }, { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "_:Nd844f88e97bd4752be5cbfe7229ee0d2" + }, + { + "@id": "_:Nef87fae97798444da2d534e87236882e" + }, + { + "@id": "_:N460b98b6c0914392972975a905275295" + }, + { + "@id": "_:Ne01ffcc48be24a72bf132711f59091eb" + }, + { + "@id": "_:Nb665a71665eb423d87a4e4b09e00c4e6" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/altDownloadLocation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "@id": "_:N617917262eca4018bf3dfe60e932080b", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "A reference to an alternative download location." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "altDownloadLocation" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/audio", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nd844f88e97bd4752be5cbfe7229ee0d2", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "data is audio based, such as a collection of music from the 80s." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "audio" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nef87fae97798444da2d534e87236882e", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Describes the anonymization methods used." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "@id": "_:N460b98b6c0914392972975a905275295", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" + "@value": 1 } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:Na8de838403934cd6afb66ba0b7d2d332" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy" } ] }, { - "@id": "_:Na8de838403934cd6afb66ba0b7d2d332", + "@id": "_:Ne01ffcc48be24a72bf132711f59091eb", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml" } - ], + ] + }, + { + "@id": "_:Nb665a71665eb423d87a4e4b09e00c4e6", "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/altWebPage", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/NoAssertionLicense", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#NamedIndividual" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to an alternative web page." + "@value": "An Individual Value for License when no assertion can be made about its actual value." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "altWebPage" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo" + } + ], + "http://www.w3.org/2002/07/owl#sameAs": [ + { + "@id": "https://rdf.spdx.org/v3/Licensing/NoAssertion" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/noAssertion", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/ancestorOf", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data type is not known." + "@value": "The `from` Element is an ancestor of each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "noAssertion" + "@value": "ancestorOf" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/build", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha512", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during an element's build phase, during development." + "@value": "secure hashing algorithm with a digest length of 512 https://www.rfc-editor.org/rfc/rfc4634" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "build" + "@value": "sha512" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/falcon", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasEvidence", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://falcon-sign.info/falcon.pdf" + "@value": "(Dataset) Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "falcon" + "@value": "hasEvidence" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/fixedIn", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/support", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security/VEX) A `from` Vulnerability has been fixed in each of the `to` Element(s)" + "@value": "A reference to the software support channel or other support information for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "fixedIn" + "@value": "support" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/foundBy", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/registration", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)" + "@value": "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "foundBy" + "@value": "registration" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType", + "@id": "https://rdf.spdx.org/v3/Core/hashValue", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of the external identifier." + "@value": "The result of applying a hash algorithm to an Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/diskImage", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_224", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc." + "@value": "sha3 with a digest length of 224 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "diskImage" + "@value": "sha3_224" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasInputs", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/packagedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -3354,424 +3421,215 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Build has each `to` Elements as an input during a LifecycleScopeType period." + "@value": "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasInputs" + "@value": "packagedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/modelExplainability", + "@id": "https://rdf.spdx.org/v3/Core/profileConformance", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes methods that can be used to explain the model." + "@value": "Describes one a profile which the creator of this ElementCollection intends to conform to." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator", + "@id": "https://rdf.spdx.org/v3/Core/contentType", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N148ab4d9af454522a76bb6b9ac2e46d2" - }, - { - "@id": "_:N59f9a69cf6a74e30af7db24c92c1c82d" - } - ] - }, - { - "@id": "_:N148ab4d9af454522a76bb6b9ac2e46d2", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense" - } - ] - }, - { - "@id": "_:N59f9a69cf6a74e30af7db24c92c1c82d", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 + "@value": "Specifies the media type of an Element or Property." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition" + "@id": "https://rdf.spdx.org/v3/Core/MediaType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/Vulnerability", + "@id": "https://rdf.spdx.org/v3/Core/validUntilTime", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies a vulnerability and its associated information." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Artifact" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nc404883f77bf4a868059f6290b79e083" - }, - { - "@id": "_:Nb07e915458e449d8b372c608d8d88f2f" - }, - { - "@id": "_:Nfa62f6d433ef44409798f2abbca44e3e" - } - ] - }, - { - "@id": "_:Nc404883f77bf4a868059f6290b79e083", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime" - } - ] - }, - { - "@id": "_:Nb07e915458e449d8b372c608d8d88f2f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/modifiedTime" - } - ] - }, - { - "@id": "_:Nfa62f6d433ef44409798f2abbca44e3e", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 + "@value": "Specifies until when the artifact can be used before its usage needs to be reassessed." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/File", + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/runtime", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/LifecycleScopeType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Refers to any object that stores content on a computer." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nfdfedc82d8834f1f8b3e0991230b62a1" - }, - { - "@id": "_:N8c04cd8891cc45cf9f205adc95fd7050" - } - ] - }, - { - "@id": "_:Nfdfedc82d8834f1f8b3e0991230b62a1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/contentType" - } - ] - }, - { - "@id": "_:N8c04cd8891cc45cf9f205adc95fd7050", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 + "@value": "A relationship has specific context implications during the execution phase of an element." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Software/isDirectory" + "@value": "runtime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifier", + "@id": "https://rdf.spdx.org/v3/Core/SupportType/noSupport", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/SupportType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a resource outside the scope of SPDX-3.0 content that uniquely identifies an Element." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Ne82ae667c324479e9768acc13fcd027c" - }, - { - "@id": "_:N434ede953537494d80a979e7046d4a97" - }, - { - "@id": "_:N7bb68652a85b433e8ed5feb11bb9e7b1" - }, - { - "@id": "_:N2b7160ee81544225b66cb5f07589c816" - }, - { - "@id": "_:Nf9ef34b2b980484491548dda1b4b3894" - } - ] - }, - { - "@id": "_:Ne82ae667c324479e9768acc13fcd027c", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType" - } - ] - }, - { - "@id": "_:N434ede953537494d80a979e7046d4a97", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/identifier" - } - ] - }, - { - "@id": "_:N7bb68652a85b433e8ed5feb11bb9e7b1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/comment" - } - ] - }, - { - "@id": "_:N2b7160ee81544225b66cb5f07589c816", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/identifierLocator" - } - ] - }, - { - "@id": "_:Nf9ef34b2b980484491548dda1b4b3894", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 + "@value": "there is no support for the artifact from the supplier, consumer assumes any support obligations." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/issuingAuthority" + "@value": "noSupport" } ] }, { - "@id": "https://rdf.spdx.org/v3/Extension/Extension", + "@id": "https://rdf.spdx.org/v3/Build/buildType", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion." + "@value": "A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/ai", + "@id": "https://rdf.spdx.org/v3/Dataset/intendedUse", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the AI profile specification" + "@value": "Describes what the given dataset should be used for." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "ai" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake3", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies whether the License is listed as approved by the\n[Open Source Initiative (OSI)](https://opensource.org)." + "@value": "https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@value": "blake3" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/gitoid", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license that is not listed on the SPDX License List." + "@value": "https://www.iana.org/assignments/uri-schemes/prov/gitoid Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document); this ambiguity exists because the OmniBOR Document is itself an artifact, and the gitoid of that artifact is its valid identifier. Omnibor is a minimalistic schema to describe software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-dependency-graph-adg). Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's ContentIdentifier property. Gitoids calculated on the OmniBOR Document (OmniBOR Identifiers) should be recorded in the SPDX 3.0 Element's ExternalIdentifier property." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" + "@value": "gitoid" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/key", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetType", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A key used in a generic key-value pair." + "@value": "Describes the type of the given dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/eolNotice", + "@id": "https://rdf.spdx.org/v3/Core/PresenceType/no", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/PresenceType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package." + "@value": "Indicates absence of the field." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "eolNotice" + "@value": "no" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation", + "@id": "https://rdf.spdx.org/v3/Core/definingArtifact", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -3779,17 +3637,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records if sensitive personal information is used during model training." + "@value": "Artifact representing a serialization instance of SPDX data containing the definition of a particular Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType" + "@id": "https://rdf.spdx.org/v3/Core/Artifact" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/typeOfModel", + "@id": "https://rdf.spdx.org/v3/Core/startTime", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -3797,17 +3655,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records the type of the model used in the AI software." + "@value": "Specifies the time from which an element is applicable / valid." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense", + "@id": "https://rdf.spdx.org/v3/Security/assessedElement", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -3815,65 +3673,66 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A License participating in a 'with addition' model." + "@value": "Specifies an element contained in a piece of software where a vulnerability was\nfound." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/testedOn", + "@id": "https://rdf.spdx.org/v3/Core/CreationInfo", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(AI, Dataset) The `from` Element has been tested on the `to` Element" + "@value": "Provides information about the creation of the Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "testedOn" + "@id": "_:N7563d422ae0b478a8b5a9becc509afe9" + }, + { + "@id": "_:N65f9ba3bc39c45979bacb20b2ae4784e" + }, + { + "@id": "_:N26e14f7218814db2bf53c8ddcd915b1c" + }, + { + "@id": "_:N11cb4e9cee004a2bafd36b4893f93870" + }, + { + "@id": "_:N608546fee49d48c4baa2b463c6e2e81d" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N7563d422ae0b478a8b5a9becc509afe9", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" + "@value": 1 } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N5cf429dd04c34f31a65ccc172e8c2e7c" - }, - { - "@id": "_:Nf3203be42d8e470b925f779b04973d35" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:Nde9d51e655114ccb9f450c547faae53d" + "@id": "https://rdf.spdx.org/v3/Core/specVersion" } ] }, { - "@id": "_:N5cf429dd04c34f31a65ccc172e8c2e7c", + "@id": "_:N65f9ba3bc39c45979bacb20b2ae4784e", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -3881,169 +3740,199 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/justificationType" + "@id": "https://rdf.spdx.org/v3/Core/comment" } ] }, { - "@id": "_:Nf3203be42d8e470b925f779b04973d35", + "@id": "_:N26e14f7218814db2bf53c8ddcd915b1c", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/impactStatement" + "@id": "https://rdf.spdx.org/v3/Core/created" } ] }, { - "@id": "_:Nde9d51e655114ccb9f450c547faae53d", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "_:N11cb4e9cee004a2bafd36b4893f93870", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ { "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/impactStatementTime" + "@id": "https://rdf.spdx.org/v3/Core/createdBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/low", + "@id": "_:N608546fee49d48c4baa2b463c6e2e81d", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Tool" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/createdUsing" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Low/no risk is posed by the AI software." + "@value": "Used when the type doesn't match any of the other options." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "low" + "@value": "other" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/graph", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends." + "@value": "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "graph" + "@value": "other" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/byteRange", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/other", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Defines the byte range in the original host file that the snippet information applies to." + "@value": "any hashing algorithm that does not exist in this list of entries" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" + "@value": "other" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Annotation", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsDilithium", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An assertion made in relation to one or more elements." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "https://pq-crystals.org/dilithium/index.shtml" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N9fe5860fd70349a3a77815bf905cc7ee" - }, - { - "@id": "_:N9d1ce00f46c140e4ba4a6e91edce4dff" - }, - { - "@id": "_:N8d13396748c54ff3979ba028f56435df" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N3e8b784610ec407d87a0263108de37b1" + "@value": "crystalsDilithium" } ] }, { - "@id": "_:N9fe5860fd70349a3a77815bf905cc7ee", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/exploitCreatedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "(Security) The `from` Vulnerability has had an exploit created against it by each `to` Agent" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/annotationType" + "@value": "exploitCreatedBy" } ] }, { - "@id": "_:N9d1ce00f46c140e4ba4a6e91edce4dff", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/simpleLicensing", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "the element follows the simple Licensing profile specification" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/contentType" + "@value": "simpleLicensing" } ] }, { - "@id": "_:N8d13396748c54ff3979ba028f56435df", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides an exploit assessment of a vulnerability." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/statement" + "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N321b72a099524eff8f38e0e592c28913" + }, + { + "@id": "_:Nfba1618400ab480d82548011c293aba1" + }, + { + "@id": "_:Na33bfa12f09147a29c75bb5887527b35" } ] }, { - "@id": "_:N3e8b784610ec407d87a0263108de37b1", + "@id": "_:N321b72a099524eff8f38e0e592c28913", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -4056,184 +3945,182 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/subject" + "@id": "https://rdf.spdx.org/v3/Security/catalogType" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/NoAssertionLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nfba1618400ab480d82548011c293aba1", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "An Individual Value for License when no assertion can be made about its actual value." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo" + "@value": 1 } ], - "http://www.w3.org/2002/07/owl#sameAs": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Licensing/NoAssertion" + "@id": "https://rdf.spdx.org/v3/Security/exploited" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/clear", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" + "@id": "_:Na33bfa12f09147a29c75bb5887527b35", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "Dataset may be distributed freely, without restriction." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "clear" + "@id": "https://rdf.spdx.org/v3/Security/locator" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md4", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc1186" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "md4" + "@value": "Specifies the type of an external reference." } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/high", + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/development", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" + "https://rdf.spdx.org/v3/Core/LifecycleScopeType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "When a CVSS score is between 7.0 - 8.9" + "@value": "A relationship has specific context implications during development phase of an element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "high" + "@value": "development" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an SSVC assessment for a vulnerability." + "@value": "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness." } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md6", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" + "@language": "en", + "@value": "https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf" } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:Nd51f4af11b5747d986900f877b222ef4" + "@value": "md6" } ] }, { - "@id": "_:Nd51f4af11b5747d986900f877b222ef4", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/AI/informationAboutTraining", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Describes relevant information about different steps of the training process." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/decisionType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/runtime", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/deviceDriver", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during the execution phase of an element." + "@value": "Element represents software that controls hardware devices" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "runtime" + "@value": "deviceDriver" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/software", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/metrics", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Software profile specification" + "@value": "A reference to metrics related to package such as OpenSSF scorecards." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "software" + "@value": "metrics" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/qualityAssessmentReport", + "@id": "https://rdf.spdx.org/v3/Core/value", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a quality assessment for a package." + "@value": "A value used in a generic key-value pair." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "qualityAssessmentReport" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetSize", + "@id": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -4241,35 +4128,35 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Captures the size of the dataset." + "@value": "Describes how the dataset was collected." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/descendantOf", + "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/kev", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Security/ExploitCatalogType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is a descendant of each `to` Element" + "@value": "CISA's Known Exploited Vulnerability (KEV) Catalog" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "descendantOf" + "@value": "kev" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/intendedUse", + "@id": "https://rdf.spdx.org/v3/Core/locator", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -4277,7 +4164,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes what the given dataset should be used for." + "@value": "Provides the location of an external reference." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -4287,7 +4174,25 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SpdxDocument", + "@id": "https://rdf.spdx.org/v3/Core/issuingAuthority", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An entity that is authorized to issue identification credentials." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Dataset/Dataset", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -4296,44 +4201,84 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A collection of SPDX Elements that could potentially be serialized." + "@value": "Provides information about the fields in the Dataset profile." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/ElementCollection" + "@id": "https://rdf.spdx.org/v3/Software/Package" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nb803440a23f54353bd79d012540ffe8b" + "@id": "_:Ndbfa04b3407e4b329dcee9562a7750bb" + }, + { + "@id": "_:N8005730bed984ef095633448542cf52f" + }, + { + "@id": "_:N12878ec7a5524c94869ea90b5378507a" + }, + { + "@id": "_:N87ac976193354cc3ae8b253cb5dfe049" + }, + { + "@id": "_:N017ec44406514c378332b6a24b18aa2f" + }, + { + "@id": "_:N235c9cd3809c4f10bf218e6cf2a1d476" + }, + { + "@id": "_:N605f83322ac74fb496757d02ca338f7b" + }, + { + "@id": "_:N975e75fd9af84b5495e6c87a1637e31d" + }, + { + "@id": "_:Nd95de412d53d49f4a6ffd2384b9bbcee" }, { - "@id": "_:N0178bd74d7374777a731c5d5da83d7be" + "@id": "_:N6eebdd64e76f4cb6a51afb76eb3519f0" }, { - "@id": "_:Naa452372923f41c986481445c4d36ae3" + "@id": "_:N64fa98114675402ea04e0103be7f4f8a" + }, + { + "@id": "_:Nbdff262bbf25499ca29719de340d9134" + }, + { + "@id": "_:N1308627406024954afb0132c3316b0db" } ] }, { - "@id": "_:Nb803440a23f54353bd79d012540ffe8b", + "@id": "_:Ndbfa04b3407e4b329dcee9562a7750bb", + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/imports" + "@id": "https://rdf.spdx.org/v3/Dataset/datasetType" } ] }, { - "@id": "_:N0178bd74d7374777a731c5d5da83d7be", + "@id": "_:N8005730bed984ef095633448542cf52f", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/namespaceMap" + "@id": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess" } ] }, { - "@id": "_:Naa452372923f41c986481445c4d36ae3", + "@id": "_:N12878ec7a5524c94869ea90b5378507a", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -4341,111 +4286,101 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/dataLicense" + "@id": "https://rdf.spdx.org/v3/Dataset/intendedUse" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N87ac976193354cc3ae8b253cb5dfe049", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Property that describes the digest of the build configuration file used to invoke a build." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/Hash" + "@id": "https://rdf.spdx.org/v3/Dataset/datasetSize" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/identifier", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N017ec44406514c378332b6a24b18aa2f", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Uniquely identifies an external element." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Dataset/datasetNoise" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/dataLicense", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N235c9cd3809c4f10bf218e6cf2a1d476", + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Provides the license under which the SPDX documentation of the Element can be used." + "@id": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing" + } + ] + }, + { + "@id": "_:N605f83322ac74fb496757d02ca338f7b", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + "@id": "https://rdf.spdx.org/v3/Dataset/sensor" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/analyzed", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N975e75fd9af84b5495e6c87a1637e31d", + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a “3rd party” SBOM." + "@id": "https://rdf.spdx.org/v3/Dataset/knownBias" + } + ] + }, + { + "@id": "_:Nd95de412d53d49f4a6ffd2384b9bbcee", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "analyzed" + "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N6eebdd64e76f4cb6a51afb76eb3519f0", + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability." + "@id": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed" } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + ] + }, + { + "@id": "_:N64fa98114675402ea04e0103be7f4f8a", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" + "@value": 1 } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N025081813ec7451483be29fd7e4c0670" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:Nb187ae47c6ef4f71a0ba6db4de231ea4" + "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel" } ] }, { - "@id": "_:N025081813ec7451483be29fd7e4c0670", + "@id": "_:Nbdff262bbf25499ca29719de340d9134", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -4453,38 +4388,43 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/actionStatement" + "@id": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism" } ] }, { - "@id": "_:Nb187ae47c6ef4f71a0ba6db4de231ea4", + "@id": "_:N1308627406024954afb0132c3316b0db", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/actionStatementTime" + "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/medium", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/socialMedia", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The third-highest level of risk posed by an AI software." + "@value": "A reference to a social media channel for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "medium" + "@value": "socialMedia" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy", + "@id": "https://rdf.spdx.org/v3/Build/buildStartTime", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -4492,174 +4432,189 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition." + "@value": "Property describing the start time of a build." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/other", + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/design", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "https://rdf.spdx.org/v3/Core/LifecycleScopeType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used when the type doesn't match any of the other options." + "@value": "A relationship has specific context implications during an element's design." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "design" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/track", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/mavenCentral", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "@value": "A reference to a maven repository artifact." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "track" + "@value": "mavenCentral" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/software", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes if any sensitive personal information is present in the dataset." + "@value": "the element follows the Software profile specification" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType" + "@value": "software" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType", + "@id": "https://rdf.spdx.org/v3/Core/name", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Categories of safety risk impact of the application." + "@value": "Identifies the name of an Element as designated by the creator." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDistributionArtifact", + "@id": "https://rdf.spdx.org/v3/Core/ElementCollection", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is distributed as an artifact in each Element `to`, (e.g. an RPM or archive file)" + "@value": "A collection of Elements, not necessarily with unifying context." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "hasDistributionArtifact" + "@id": "https://rdf.spdx.org/v3/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Ne9b6d836a08345ccaa03ea6be9b17d79" + }, + { + "@id": "_:N46a93010d911476da9bd2c98fac3d441" + }, + { + "@id": "_:N035c2feed3b14cce9a5215eaa8576ba1" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/registration", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Ne9b6d836a08345ccaa03ea6be9b17d79", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms." + "@id": "https://rdf.spdx.org/v3/Core/Element" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "registration" + "@id": "https://rdf.spdx.org/v3/Core/element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/support", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N46a93010d911476da9bd2c98fac3d441", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "A reference to the software support channel or other support information for a package." + "@id": "https://rdf.spdx.org/v3/Core/Element" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "support" + "@id": "https://rdf.spdx.org/v3/Core/rootElement" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/design", + "@id": "_:N035c2feed3b14cce9a5215eaa8576ba1", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/profileConformance" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityOther", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during an element's design." + "@value": "A reference to related security information of unspecified type." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "design" + "@value": "securityOther" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml", + "@id": "https://rdf.spdx.org/v3/Software/sbomType", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies all the text and metadata associated with a license in the license XML format." + "@value": "Provides information about the type of an SBOM." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Software/SbomType" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifier", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -4668,46 +4623,29 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Abstract class for the portion of an AnyLicenseInfo representing a license." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" + "@value": "A reference to a resource outside the scope of SPDX-3.0 content that uniquely identifies an Element." } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nac930f6698de4f8dbbdc5c77a9261232" + "@id": "_:N107d44bab0e74660ba9561ece8b40ad8" }, { - "@id": "_:Nd0c9df5d1f0842fb801d03749a7978f8" + "@id": "_:Nd3d50208f2f34dc98d75e2eb9c7b56c7" }, { - "@id": "_:Na0602565895f483ebb14beff8e9caf94" + "@id": "_:N4469e925f02d43ef842a47f9c917a0f7" }, { - "@id": "_:N82b472e8fdc84d9d93f3cbc21fa42703" + "@id": "_:N25fc25f77fa44211913625401668ce1d" }, { - "@id": "_:Nf26ee00da23140b59fd3e766d30e66bd" - }, - { - "@id": "_:N8ba0781f293240b5963de12382649a2b" - }, - { - "@id": "_:N9e1e7641225a4b5ea1ab59b1d94c7f85" - }, - { - "@id": "_:N8deb72a21c26430eabce500833190421" - }, - { - "@id": "_:N358d4b9073a14cdf8c77bef10560ddcb" + "@id": "_:N2bdfc967258b4823b6e7beebb3b5143d" } ] }, { - "@id": "_:Nac930f6698de4f8dbbdc5c77a9261232", + "@id": "_:N107d44bab0e74660ba9561ece8b40ad8", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -4720,25 +4658,30 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText" + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType" } ] }, { - "@id": "_:Nd0c9df5d1f0842fb801d03749a7978f8", + "@id": "_:Nd3d50208f2f34dc98d75e2eb9c7b56c7", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved" + "@id": "https://rdf.spdx.org/v3/Core/identifier" } ] }, { - "@id": "_:Na0602565895f483ebb14beff8e9caf94", + "@id": "_:N4469e925f02d43ef842a47f9c917a0f7", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -4746,12 +4689,20 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre" + "@id": "https://rdf.spdx.org/v3/Core/comment" + } + ] + }, + { + "@id": "_:N25fc25f77fa44211913625401668ce1d", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/identifierLocator" } ] }, { - "@id": "_:N82b472e8fdc84d9d93f3cbc21fa42703", + "@id": "_:N2bdfc967258b4823b6e7beebb3b5143d", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -4759,51 +4710,96 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader" + "@id": "https://rdf.spdx.org/v3/Core/issuingAuthority" } ] }, { - "@id": "_:Nf26ee00da23140b59fd3e766d30e66bd", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_384", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "sha3 with a digest length of 384 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate" + "@value": "sha3_384" } ] }, { - "@id": "_:N8ba0781f293240b5963de12382649a2b", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/ExploitCatalogType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Other exploit catalogs" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId" + "@value": "other" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An SPDX Element containing an SPDX license expression string." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N63ab2536475342c78c19f27347753c77" + }, + { + "@id": "_:Na679b2d701ca4f38acf4c61b5ae134f2" + }, + { + "@id": "_:N37841c46331246a38352f1c34c0d4feb" } ] }, { - "@id": "_:N9e1e7641225a4b5ea1ab59b1d94c7f85", + "@id": "_:N63ab2536475342c78c19f27347753c77", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression" } ] }, { - "@id": "_:N8deb72a21c26430eabce500833190421", + "@id": "_:Na679b2d701ca4f38acf4c61b5ae134f2", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -4811,56 +4807,97 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion" } ] }, { - "@id": "_:N358d4b9073a14cdf8c77bef10560ddcb", + "@id": "_:N37841c46331246a38352f1c34c0d4feb", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/scrapingScript", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "scrapingScript" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies whether a license or additional text identifier has been marked as\ndeprecated." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAddedFile", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/configuration", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is is a file added to the `from` Element (`from` hasAddedFile `to`)" + "@value": "Element is configuration data" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasAddedFile" + "@value": "configuration" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/support", + "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/amber", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" + "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support." + "@value": "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "support" + "@value": "amber" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/privacyAssessment", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/exportControlAssessment", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/ExternalRefType" @@ -4868,382 +4905,341 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a privacy assessment for a package." + "@value": "A reference to a export control assessment for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "privacyAssessment" + "@value": "exportControlAssessment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/packagedBy", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_256", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)" + "@value": "sha3 with a digest length of 256 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "packagedBy" + "@value": "sha3_256" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/act", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "@value": "Identifies the full text of a License, in SPDX templating format." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "act" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/license", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/affects", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to additional license information related to an artifact." + "@value": "(Security/VEX) The `from` vulnerability affect each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "license" + "@value": "affects" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/urlScheme", + "@id": "https://rdf.spdx.org/v3/Core/PresenceType/noAssertion", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "https://rdf.spdx.org/v3/Core/PresenceType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the scheme used in order to locate a resource https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml" + "@value": "Makes no assertion about the field." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "urlScheme" + "@value": "noAssertion" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/configures", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/nuget", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is a configuration applied to each `to` Element during a LifecycleScopeType period" + "@value": "A reference to a nuget package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "configures" + "@value": "nuget" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/none", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/patchedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "When a CVSS score is 0" + "@value": "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "none" + "@value": "patchedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/runtimeAnalysisReport", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/device", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a runtime analysis report for a package." + "@value": "the Element refers to a chipset, processor, or electronic board" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "runtimeAnalysisReport" + "@value": "device" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/AIPackage", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vcs", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the fields in the AI package profile." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Software/Package" + "@value": "A reference to a version control system related to a software artifact." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N88185c3546d64b41a879b78be921c0a8" - }, - { - "@id": "_:N4c85a95fc585430abe2bb26b3086a347" - }, - { - "@id": "_:N810693544c8744c7b267697547cd5d84" - }, - { - "@id": "_:N970711f5794345ce928da5f1f971bca5" - }, - { - "@id": "_:N8e8d0d145c844ec695bcea7f6b4d75b9" - }, - { - "@id": "_:N33bfe40fe259476cb10e64afc7029043" - }, - { - "@id": "_:Ne4ac5e39fbdc4d29b35f47a099cbb967" - }, - { - "@id": "_:N6ec5d9488a514fc9aa023003b226d4d8" - }, - { - "@id": "_:Na6937786cd93470ca593957f78d49731" - }, - { - "@id": "_:Nab4f4d4d495c4960b405b787990b7196" - }, - { - "@id": "_:N9e9cc5d8fca84d98bf3fb3adfbd9ddee" - }, - { - "@id": "_:Neabece2980434391a0e5aef907af2879" - }, - { - "@id": "_:Nf904663ca97d4490a4af42d8bca2de4b" - }, - { - "@id": "_:N2c10c784adeb47ca9c9fb876f2cbf136" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N763cab8bc1be407686c4508c08201285" + "@value": "vcs" } ] }, { - "@id": "_:N88185c3546d64b41a879b78be921c0a8", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/externalSpdxId", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/energyConsumption" - } - ] - }, - { - "@id": "_:N4c85a95fc585430abe2bb26b3086a347", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/standardCompliance" - } - ] - }, - { - "@id": "_:N810693544c8744c7b267697547cd5d84", - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Identifies an external Element used within a Document but defined external to that Document." } ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/limitation" - } - ] - }, - { - "@id": "_:N970711f5794345ce928da5f1f971bca5", - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/AI/typeOfModel" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "_:N8e8d0d145c844ec695bcea7f6b4d75b9", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Software/contentType", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides information about the content type of an Element." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutTraining" + "@id": "https://rdf.spdx.org/v3/Core/MediaType" } ] }, { - "@id": "_:N33bfe40fe259476cb10e64afc7029043", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Software/SbomType/runtime", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SbomType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutApplication" + "@language": "en", + "@value": "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an “Instrumented” or “Dynamic” SBOM." } - ] - }, - { - "@id": "_:Ne4ac5e39fbdc4d29b35f47a099cbb967", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/AI/hyperparameter" + "@value": "runtime" } ] }, { - "@id": "_:N6ec5d9488a514fc9aa023003b226d4d8", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing" + "@language": "en", + "@value": "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected." } - ] - }, - { - "@id": "_:Na6937786cd93470ca593957f78d49731", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/AI/modelExplainability" + "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" } ] }, { - "@id": "_:Nab4f4d4d495c4960b405b787990b7196", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/test", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The Element is a test used to verify functionality on an software element" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation" + "@value": "test" } ] }, { - "@id": "_:N9e9cc5d8fca84d98bf3fb3adfbd9ddee", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/dataset", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold" + "@language": "en", + "@value": "the element follows the Dataset profile specification" } - ] - }, - { - "@id": "_:Neabece2980434391a0e5aef907af2879", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/AI/metric" + "@value": "dataset" } ] }, { - "@id": "_:Nf904663ca97d4490a4af42d8bca2de4b", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasStaticLink", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/AI/domain" + "@language": "en", + "@value": "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasStaticLink" } ] }, { - "@id": "_:N2c10c784adeb47ca9c9fb876f2cbf136", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/relationshipType", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Information about the relationship between two Elements." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/AI/autonomyType" + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType" } ] }, { - "@id": "_:N763cab8bc1be407686c4508c08201285", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A license addition that is not listed on the SPDX Exceptions List." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/packageUrl", + "@id": "https://rdf.spdx.org/v3/Core/suppliedBy", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package." + "@value": "Identifies who or what supplied the artifact or VulnAssessmentRelationship referenced by the Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/Core/Agent" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityPolicy", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/chat", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/ExternalRefType" @@ -5251,17 +5247,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to instructions for reporting newly discovered security vulnerabilities for a package." + "@value": "A reference to the instant messaging system used by the maintainer for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityPolicy" + "@value": "chat" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/externalRefType", + "@id": "https://rdf.spdx.org/v3/AI/autonomyType", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -5269,90 +5265,125 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of the external reference." + "@value": "States if a human is involved in the decisions of the AI software." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType" + "@id": "https://rdf.spdx.org/v3/Core/PresenceType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Bundle", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/bom", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A collection of Elements that have a shared context." + "@value": "Element is a bill of materials" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/ElementCollection" + "@value": "bom" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle." } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N104ebe73d17f44d0977ff825490f15bf" + "@value": "other" } ] }, { - "@id": "_:N104ebe73d17f44d0977ff825490f15bf", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDistributionArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The `from` Element is distributed as an artifact in each Element `to`, (e.g. an RPM or archive file)" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/context" + "@value": "hasDistributionArtifact" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/copyrightText", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any." + "@value": "A License participating in a 'with addition' model." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/description", + "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/VexJustificationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a detailed description of the Element." + "@value": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "vulnerableCodeCannotBeControlledByAdversary" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/completeness", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/executable", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Element is an Artifact that can be run on a computer" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "executable" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Security/decisionType", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -5360,17 +5391,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the completeness of relationships." + "@value": "Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf)" } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" + "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/chat", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdversaryModel", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/ExternalRefType" @@ -5378,35 +5409,48 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the instant messaging system used by the maintainer for a package." + "@value": "A reference to the security adversary model for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "chat" + "@value": "securityAdversaryModel" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/environment", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/altWebPage", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property describing the session in which a build is invoked." + "@value": "A reference to an alternative web page." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + "@value": "altWebPage" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/issuingAuthority", + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provide an enumerated set of software lifecycle phases that can provide context to relationships." + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/AI/typeOfModel", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -5414,7 +5458,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An entity that is authorized to issue identification credentials." + "@value": "Records the type of the model used in the AI software." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -5424,7 +5468,7 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ElementCollection", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -5433,178 +5477,166 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A collection of Elements, not necessarily with unifying context." + "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N8b8a6f7d675840daa637fa4fb2e99b3a" - }, - { - "@id": "_:Ne94f93b407f84185a50b5fdd9b33f3d0" - }, - { - "@id": "_:N2cde8ddc8ec149a6922ffbda78542ec5" + "@id": "_:N79ba44e1b21e42b6b795b7da153ca5c6" } ] }, { - "@id": "_:N8b8a6f7d675840daa637fa4fb2e99b3a", - "http://www.w3.org/ns/shacl#path": [ + "@id": "_:N79ba44e1b21e42b6b795b7da153ca5c6", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://rdf.spdx.org/v3/Core/element" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" } - ] - }, - { - "@id": "_:Ne94f93b407f84185a50b5fdd9b33f3d0", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://rdf.spdx.org/v3/Core/rootElement" + "@value": 2 } - ] - }, - { - "@id": "_:N2cde8ddc8ec149a6922ffbda78542ec5", + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/profileConformance" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/bom", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/sensor", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element is a bill of materials" + "@value": "data is recorded from a physical sensor, such as a thermometer reading or biometric device." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "bom" + "@value": "sensor" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityPenTestReport", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha1", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package." + "@value": "https://datatracker.ietf.org/doc/html/rfc3174" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityPenTestReport" + "@value": "sha1" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/query", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasConcludedLicense", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset." + "@value": "The `from` Software Artifact is concluded by the SPDX data creator to be governed by each `to` license" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "query" + "@value": "hasConcludedLicense" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b512", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a License author's preferred text to indicate that a file is covered\nby the License." + "@value": "blake2b algorithm with a digest size of 512 https://datatracker.ietf.org/doc/html/rfc7693#section-4" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "blake2b512" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/underInvestigationFor", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes the confidentiality level of the data points contained in the dataset." + "@value": "(Security/VEX) The `from` Vulnerability impact is being investigated for each `to` Element" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" + "@value": "underInvestigationFor" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/configSourceUri", + "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/low", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/CvssSeverityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property that describes the URI of the build configuration source file." + "@value": "When a CVSS score is between 0 - 3.9" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "low" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/development", + "@id": "https://rdf.spdx.org/v3/Security/impactStatement", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during development phase of an element." + "@value": "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "development" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasTestCase", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/serializedInArtifact", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -5612,53 +5644,53 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)" + "@value": "The `from` SPDXDocument can be found in a serialized form in each `to` Artifact" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasTestCase" + "@value": "serializedInArtifact" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/high", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/text", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The second-highest level of risk posed by an AI software." + "@value": "data consists of unstructured text, such as a book, wikipedia article (without images), or transcript." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "high" + "@value": "text" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Software/homePage", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected." + "@value": "A place for the SPDX document creator to record a website that serves as the package's home page." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Core/NamespaceMap", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -5667,28 +5699,20 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an EPSS assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" + "@value": "A mapping between prefixes and namespace partial URIs." } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N7ce0217e027d423b95e40179e96b3ae3" - }, - { - "@id": "_:Na94ea0a75ba0433c8925996cb936f849" + "@id": "_:N9457ef5269224e85832b1de216c7edf1" }, { - "@id": "_:Ned7017c64f3044adb495ff3d206ed00e" + "@id": "_:N4b6c095938b84f02b39012b219ca8911" } ] }, { - "@id": "_:N7ce0217e027d423b95e40179e96b3ae3", + "@id": "_:N9457ef5269224e85832b1de216c7edf1", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -5701,12 +5725,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/probability" + "@id": "https://rdf.spdx.org/v3/Core/prefix" } ] }, { - "@id": "_:Na94ea0a75ba0433c8925996cb936f849", + "@id": "_:N4b6c095938b84f02b39012b219ca8911", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -5719,211 +5743,192 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/percentile" + "@id": "https://rdf.spdx.org/v3/Core/namespace" } ] }, { - "@id": "_:Ned7017c64f3044adb495ff3d206ed00e", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Records if sensitive personal information is used during model training." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime" + "@id": "https://rdf.spdx.org/v3/Core/PresenceType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/gitoid", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/requirement", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification." + "@value": "the Element provides a requirement needed as input for another Element" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "requirement" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/Build", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/audio", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Class that describes a build instance of software/artifacts." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "data is audio based, such as a collection of music from the 80s." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nf8e5284c8a2b4a2e8d2a04e91fa86e16" - }, - { - "@id": "_:Nd6f0f5870f274b7f9933d37d26b6ec4a" - }, - { - "@id": "_:N9e2caeea47bb40989697b297696bef84" - }, - { - "@id": "_:N82bc747ebcc14c07bd4c57652592f5cc" - }, - { - "@id": "_:N46e0c5a60ada468db834979db9f8e973" - }, - { - "@id": "_:N3f4494810cb648e19b9794a01641209f" - }, - { - "@id": "_:N322c6486b06544c29795ff1aa21c72ec" - }, - { - "@id": "_:N11044f79eec44c2a907aaedba28de05a" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N9164badbf8ca40d6a0721b0833822215" + "@value": "audio" } ] }, { - "@id": "_:Nf8e5284c8a2b4a2e8d2a04e91fa86e16", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/componentAnalysisReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A reference to a Software Composition Analysis (SCA) report." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Build/buildType" + "@value": "componentAnalysisReport" } ] }, { - "@id": "_:Nd6f0f5870f274b7f9933d37d26b6ec4a", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/descendantOf", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The `from` Element is a descendant of each `to` Element" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Build/buildId" + "@value": "descendantOf" } ] }, { - "@id": "_:N9e2caeea47bb40989697b297696bef84", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Core/supportLevel", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint" + "@language": "en", + "@value": "Specifies the level of support associated with an artifact." } - ] - }, - { - "@id": "_:N82bc747ebcc14c07bd4c57652592f5cc", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Build/configSourceUri" + "@id": "https://rdf.spdx.org/v3/Core/SupportType" } ] }, { - "@id": "_:N46e0c5a60ada468db834979db9f8e973", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest" + "@language": "en", + "@value": "Identifies the full text of a License or Addition." } - ] - }, - { - "@id": "_:N3f4494810cb648e19b9794a01641209f", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Build/parameters" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:N322c6486b06544c29795ff1aa21c72ec", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/eolNotice", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Build/buildStartTime" + "@value": "eolNotice" } ] }, { - "@id": "_:N11044f79eec44c2a907aaedba28de05a", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/namespaceMap", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Build/buildEndTime" + "@language": "en", + "@value": "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance." } - ] - }, - { - "@id": "_:N9164badbf8ca40d6a0721b0833822215", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Build/environment" + "@id": "https://rdf.spdx.org/v3/Core/NamespaceMap" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDeclaredLicense", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/qualityAssessmentReport", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Software Artifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling." + "@value": "A reference to a quality assessment for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasDeclaredLicense" + "@value": "qualityAssessmentReport" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId", + "@id": "https://rdf.spdx.org/v3/Core/created", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -5931,125 +5936,125 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies whether an additional text identifier has been marked as deprecated." + "@value": "Identifies when the Element was originally created." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/buildSystem", + "@id": "https://rdf.spdx.org/v3/Core/builtTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference build system used to create or publish the package." + "@value": "Specifies the time an artifact was built." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "buildSystem" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/dynamicAnalysisReport", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/configures", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a dynamic analysis report for a package." + "@value": "The `from` Element is a configuration applied to each `to` Element during a LifecycleScopeType period" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "dynamicAnalysisReport" + "@value": "configures" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/other", + "@id": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "any hashing algorithm that does not exist in this list of entries" + "@value": "Describes all the preprocessing steps applied to the training data before the model training." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "other" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasPrerequsite", + "@id": "https://rdf.spdx.org/v3/Software/isDirectory", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has a prerequsite on each `to` Element, during a LifecycleScopeType period" + "@value": "If true, denotes the Element is a directory." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasPrerequsite" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType/review", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/install", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/AnnotationType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used when someone reviews the Element." + "@value": "the Element is used to install software on disk" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "review" + "@value": "install" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/namespaceMap", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/bower", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance." + "@value": "A reference to a bower package." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/NamespaceMap" + "@value": "bower" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopedRelationship", + "@id": "https://rdf.spdx.org/v3/Core/SpdxDocument", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -6058,89 +6063,90 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provide context for a relationship that occurs in the software lifecycle." + "@value": "A collection of SPDX Elements that could potentially be serialized." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/Relationship" + "@id": "https://rdf.spdx.org/v3/Core/ElementCollection" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N130b1ff140494d7d9b6f5ce80634b6cf" + "@id": "_:Na3bbc5c04fe747e785f0d76c951e5675" + }, + { + "@id": "_:N03ff965a1cf2496792c6a67a733f2b93" + }, + { + "@id": "_:Nf070cbcaa35c4b8bbfdd0296f364194f" } ] }, { - "@id": "_:N130b1ff140494d7d9b6f5ce80634b6cf", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "_:Na3bbc5c04fe747e785f0d76c951e5675", + "http://www.w3.org/ns/shacl#class": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/Core/ExternalMap" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/scope" + "@id": "https://rdf.spdx.org/v3/Core/imports" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOutputs", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N03ff965a1cf2496792c6a67a733f2b93", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "The `from` Build element generates each `to` Element as an output during a LifecycleScopeType period." + "@id": "https://rdf.spdx.org/v3/Core/NamespaceMap" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasOutputs" + "@id": "https://rdf.spdx.org/v3/Core/namespaceMap" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/affects", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "@id": "_:Nf070cbcaa35c4b8bbfdd0296f364194f", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "(Security/VEX) The `from` vulnerability affect each `to` Element" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "affects" + "@id": "https://rdf.spdx.org/v3/Core/dataLicense" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/security", + "@id": "https://rdf.spdx.org/v3/Core/createdBy", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Security profile specification" + "@value": "Identifies who or what created the Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "security" + "@id": "https://rdf.spdx.org/v3/Core/Agent" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/sensor", + "@id": "https://rdf.spdx.org/v3/Core/rootElement", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -6148,17 +6154,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes a sensor used for collecting the data." + "@value": "This property is used to denote the root Element(s) of a tree of elements contained in an SBOM." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/buildEndTime", + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -6166,71 +6172,71 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property that describes the time at which a build stops." + "@value": "A string in the license expression format." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/low", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/testedOn", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "When a CVSS score is between 0 - 3.9" + "@value": "(AI, Dataset) The `from` Element has been tested on the `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "low" + "@value": "testedOn" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/productMetadata", + "@id": "https://rdf.spdx.org/v3/AI/informationAboutApplication", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to additional product metadata such as reference within organization's product catalog." + "@value": "Provides relevant information about the AI software, not including the model description." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "productMetadata" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasHost", + "@id": "https://rdf.spdx.org/v3/Security/score", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. The host that the build runs on)" + "@value": "Provides a numerical (0-10) representation of the severity of a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasHost" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/actionStatement", + "@id": "https://rdf.spdx.org/v3/Core/locationHint", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -6238,35 +6244,35 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it." + "@value": "Provides an indication of where to retrieve an external Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/to", + "@id": "https://rdf.spdx.org/v3/Security/probability", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "References an Element on the right-hand side of a relationship." + "@value": "A probability score between 0 and 1 of a vulnerability being exploited." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member", + "@id": "https://rdf.spdx.org/v3/Core/createdUsing", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -6274,17 +6280,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license expression participating in a license set." + "@value": "Identifies the tooling that was used during the creation of the Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" + "@id": "https://rdf.spdx.org/v3/Core/Tool" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Element", + "@id": "https://rdf.spdx.org/v3/Core/ExternalMap", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -6293,41 +6299,57 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Base domain class from which all other SPDX-3.0 domain classes derive." + "@value": "A map of Element identifiers that are used within a Document but defined external to that Document." } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nc59db56e73e445edb2d2a76115c02f90" + "@id": "_:N8acdbb7fc97c49509912faacde3c1234" }, { - "@id": "_:Nc44113719b4944b5933f217741eeb246" + "@id": "_:N112338545d4f48cf91b0fa805df0da7d" }, { - "@id": "_:N2999f4258ddf43cea044802968871897" + "@id": "_:Nec5e6d6e42934755b5f6ab12434b4929" }, { - "@id": "_:N553e40a41e3d454891f06e24563c7d6b" - }, + "@id": "_:Ne623c812ce314a58ad9fe7141e04c1b0" + } + ] + }, + { + "@id": "_:N8acdbb7fc97c49509912faacde3c1234", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "_:N2d28a5ec8b4147d0bf04fa0f82725cba" - }, + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "_:N6e6205d8077c42d9b45cc93d9abcc222" - }, + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N9ca81b684bc348d29571740e470b61c8" - }, + "@id": "https://rdf.spdx.org/v3/Core/externalSpdxId" + } + ] + }, + { + "@id": "_:N112338545d4f48cf91b0fa805df0da7d", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "_:N564a92b87eb1442482a9e9eb138bfb12" - }, + "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N6ce4636b330548b1afcc1f403e5eef3b" + "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing" } ] }, { - "@id": "_:Nc59db56e73e445edb2d2a76115c02f90", + "@id": "_:Nec5e6d6e42934755b5f6ab12434b4929", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -6335,12 +6357,17 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/name" + "@id": "https://rdf.spdx.org/v3/Core/locationHint" } ] }, { - "@id": "_:Nc44113719b4944b5933f217741eeb246", + "@id": "_:Ne623c812ce314a58ad9fe7141e04c1b0", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Artifact" + } + ], "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -6348,38 +6375,97 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/summary" + "@id": "https://rdf.spdx.org/v3/Core/definingArtifact" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/Bundle", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A collection of Elements that have a shared context." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/Core/ElementCollection" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nd65df687879d4defa21a5d765634ddb9" } ] }, { - "@id": "_:N2999f4258ddf43cea044802968871897", + "@id": "_:Nd65df687879d4defa21a5d765634ddb9", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/context" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Security/justificationType", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/description" + "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType" } ] }, { - "@id": "_:N553e40a41e3d454891f06e24563c7d6b", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides a CVSS version 4 assessment for a vulnerability." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/comment" + "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N051e106df6cb4546bd0cc0d7b7bfa73b" + }, + { + "@id": "_:Nca21a69dd5614c879f7e3169049b3d37" + }, + { + "@id": "_:Nd45fd59507d4416fb087c335447776fd" } ] }, { - "@id": "_:N2d28a5ec8b4147d0bf04fa0f82725cba", + "@id": "_:N051e106df6cb4546bd0cc0d7b7bfa73b", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -6392,62 +6478,48 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/creationInfo" + "@id": "https://rdf.spdx.org/v3/Security/score" } ] }, { - "@id": "_:N6e6205d8077c42d9b45cc93d9abcc222", - "http://www.w3.org/ns/shacl#path": [ + "@id": "_:Nca21a69dd5614c879f7e3169049b3d37", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing" + "@value": 1 } - ] - }, - { - "@id": "_:N9ca81b684bc348d29571740e470b61c8", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://rdf.spdx.org/v3/Core/externalRef" + "@value": 1 } - ] - }, - { - "@id": "_:N564a92b87eb1442482a9e9eb138bfb12", + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier" + "@id": "https://rdf.spdx.org/v3/Security/severity" } ] }, { - "@id": "_:N6ce4636b330548b1afcc1f403e5eef3b", - "http://www.w3.org/ns/shacl#path": [ + "@id": "_:Nd45fd59507d4416fb087c335447776fd", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://rdf.spdx.org/v3/Core/extension" + "@value": 1 } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "Describes the type of the given dataset." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType" + "@id": "https://rdf.spdx.org/v3/Security/vectorString" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/filesystemImage", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/platform", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Software/SoftwarePurpose" @@ -6455,462 +6527,447 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a file system image that can be written to a disk (or virtual) partition" + "@value": "Element represents a runtime environment" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "filesystemImage" + "@value": "platform" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasRequirement", + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/build", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/LifecycleScopeType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period" + "@value": "A relationship has specific context implications during an element's build phase, during development." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasRequirement" + "@value": "build" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b256", + "@id": "https://rdf.spdx.org/v3/Core/PresenceType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "blake2b algorithm with a digest size of 256 https://datatracker.ietf.org/doc/html/rfc7693#section-4" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "blake2b256" + "@value": "Categories of presence or absence." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/componentAnalysisReport", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAssociatedVulnerability", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a Software Composition Analysis (SCA) report." + "@value": "(Security) Used to associate a `from` Artifact with each `to` Vulnerability" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "componentAnalysisReport" + "@value": "hasAssociatedVulnerability" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/specVersion", + "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/VexJustificationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a reference number that can be used to understand how to parse and interpret an Element." + "@value": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/SemVer" + "@value": "vulnerableCodeNotInExecutePath" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md6", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasExample", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf" + "@value": "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "md6" + "@value": "hasExample" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/runtimeAnalysisReport", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specified the time and date when a vulnerability was withdrawn." + "@value": "A reference to a runtime analysis report for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@value": "runtimeAnalysisReport" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/deviceDriver", + "@id": "https://rdf.spdx.org/v3/Software/File", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element represents software that controls hardware devices" + "@value": "Refers to any object that stores content on a computer." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "deviceDriver" + "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/metric", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#property": [ { - "@language": "en", - "@value": "Records the measurement of prediction quality of the AI model." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "@id": "_:Nbb4838351049404fb25091e4e17d0b1c" + }, { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + "@id": "_:Nfe1a33c0a2764f59b6e467d81a31dad6" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/buildMeta", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nbb4838351049404fb25091e4e17d0b1c", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A reference build metadata related to a published package." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "buildMeta" + "@id": "https://rdf.spdx.org/v3/Software/contentType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nfe1a33c0a2764f59b6e467d81a31dad6", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifier" + "@id": "https://rdf.spdx.org/v3/Software/isDirectory" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotInExecutePath", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/container", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product." + "@value": "the Element is a container image which can be used by a container runtime application" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "vulnerableCodeNotInExecutePath" + "@value": "container" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/serious", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/trainedOn", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The highest level of risk posed by an AI software." + "@value": "(AI, Dataset) The `from` Element has been trained by the `to` Element(s)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "serious" + "@value": "trainedOn" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityThreatModel", + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopedRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package." + "@value": "Provide context for a relationship that occurs in the software lifecycle." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "securityThreatModel" + "@id": "https://rdf.spdx.org/v3/Core/Relationship" } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#property": [ { - "@language": "en", - "@value": "Specifies the type of an annotation." + "@id": "_:N93efec8621b546d690be1fe7e9b81396" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/requirement", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N93efec8621b546d690be1fe7e9b81396", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "the Element provides a requirement needed as input for another Element" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "requirement" + "@id": "https://rdf.spdx.org/v3/Core/scope" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType/noAssertion", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md4", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/PresenceType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Makes no assertion about the field." + "@value": "https://datatracker.ietf.org/doc/html/rfc1186" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "noAssertion" + "@value": "md4" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake3", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/productMetadata", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf" + "@value": "A reference to additional product metadata such as reference within organization's product catalog." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "blake3" + "@value": "productMetadata" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/critical", + "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/green", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" + "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "When a CVSS score is between 9.0 - 10.0" + "@value": "Dataset can be shared within a community of peers and partners." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "critical" + "@value": "green" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/sensor", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swid", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is recorded from a physical sensor, such as a thermometer reading or biometric device." + "@value": "https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-21.html#section-2.3" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sensor" + "@value": "swid" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/probability", + "@id": "https://rdf.spdx.org/v3/Core/to", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A probability score between 0 and 1 of a vulnerability being exploited." + "@value": "References an Element on the right-hand side of a relationship." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Person", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/privacyAssessment", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An individual human being." + "@value": "A reference to a privacy assessment for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/Agent" + "@value": "privacyAssessment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDynamicLink", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/documentation", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period." + "@value": "Element is documentation" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasDynamicLink" + "@value": "documentation" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/contentType", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRef", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the content type of an Element." + "@value": "A reference to a resource outside the scope of SPDX-3.0 content." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://rdf.spdx.org/v3/Core/MediaType" + "@id": "_:Ndd18caa57c404627b0603d2e9c148c42" + }, + { + "@id": "_:Nad133c9b88d84714ad3e353ceb404df4" + }, + { + "@id": "_:Nfae4076a10fd471692cf5feaa515938d" + }, + { + "@id": "_:N23f5a7c9d60c49538eb6304dbed67d44" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/spdxId", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Ndd18caa57c404627b0603d2e9c148c42", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Identifies an Element to be referenced by other Elements." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/Core/externalRefType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/noAssertion", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" + "@id": "_:Nad133c9b88d84714ad3e353ceb404df4", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/locator" + } + ] + }, + { + "@id": "_:Nfae4076a10fd471692cf5feaa515938d", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "no assertion about the type of support is made. This is considered the default if no other support type is used." + "@id": "https://rdf.spdx.org/v3/Core/contentType" + } + ] + }, + { + "@id": "_:N23f5a7c9d60c49538eb6304dbed67d44", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "noAssertion" + "@id": "https://rdf.spdx.org/v3/Core/comment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsKyber", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_512", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/HashAlgorithm" @@ -6918,17 +6975,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://pq-crystals.org/kyber/index.shtml" + "@value": "sha3 with a digest length of 512 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "crystalsKyber" + "@value": "sha3_512" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/releaseTime", + "@id": "https://rdf.spdx.org/v3/AI/limitation", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -6936,161 +6993,221 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the time an artifact was released." + "@value": "Captures a limitation of the AI software." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/source", + "@id": "https://rdf.spdx.org/v3/Core/Relationship", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact." + "@value": "Describes a relationship between one or more elements." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "source" + "@id": "https://rdf.spdx.org/v3/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N40a6f31b4a67446688fe367b498394a9" + }, + { + "@id": "_:N1c7d7d71fc7341598d54a9a9a258f29d" + }, + { + "@id": "_:N45295a74e4bc4913a78233aa1806f261" + }, + { + "@id": "_:N48e4446286cd4f7181c532b7e42d8587" + }, + { + "@id": "_:Ne6b2aa658dbb44e583310526213af6a0" + }, + { + "@id": "_:Nd8e3f44a9ae9416b90eca68087df2777" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/createdBy", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N40a6f31b4a67446688fe367b498394a9", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Element" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Identifies who or what created the Element." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://rdf.spdx.org/v3/Core/Agent" + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/from" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/created", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N1c7d7d71fc7341598d54a9a9a258f29d", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Element" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Identifies when the Element was originally created." + "@id": "https://rdf.spdx.org/v3/Core/to" + } + ] + }, + { + "@id": "_:N45295a74e4bc4913a78233aa1806f261", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/relationshipType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/scrapingScript", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" + "@id": "_:N48e4446286cd4f7181c532b7e42d8587", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data." + "@id": "https://rdf.spdx.org/v3/Core/completeness" + } + ] + }, + { + "@id": "_:Ne6b2aa658dbb44e583310526213af6a0", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "scrapingScript" + "@id": "https://rdf.spdx.org/v3/Core/startTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/source", + "@id": "_:Nd8e3f44a9ae9416b90eca68087df2777", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/endTime" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Software/SbomType/design", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a single or a collection of source files" + "@value": "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "source" + "@value": "design" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/externalSpdxId", + "@id": "https://rdf.spdx.org/v3/Core/creationInfo", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies an external Element used within a Document but defined external to that Document." + "@value": "Provides information about the creation of the Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/Core/CreationInfo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cve", + "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/act", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "https://rdf.spdx.org/v3/Security/SsvcDecisionType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification as defined by https://csrc.nist.gov/glossary/term/cve_id." + "@value": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "cve" + "@value": "act" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/funding", + "@id": "https://rdf.spdx.org/v3/Core/element", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to funding information related to a package." + "@value": "Refers to one or more Elements that are part of an ElementCollection." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "funding" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/standardCompliance", + "@id": "https://rdf.spdx.org/v3/Core/statement", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -7098,7 +7215,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Captures a standard that is being complied with." + "@value": "Commentary on an assertion that an annotator has made." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -7108,43 +7225,43 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/other", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property describes the invocation entrypoint of a build." + "@value": "Used when the type doesn't match any of the other options." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "other" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/trackStar", + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Track* in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "@value": "The version of the SPDX License List used in the license expression." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "trackStar" + "@id": "https://rdf.spdx.org/v3/Core/SemVer" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -7153,48 +7270,45 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an independently reproducible mechanism that permits verification of a specific Element." + "@value": "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N67f24f6530d94e25ac7499177fd1f7ef" + "@id": "_:Nffbd2efb60bc47ae88e437998da3e5c7" } ] }, { - "@id": "_:N67f24f6530d94e25ac7499177fd1f7ef", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "_:Nffbd2efb60bc47ae88e437998da3e5c7", + "http://www.w3.org/ns/shacl#class": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://rdf.spdx.org/v3/Core/comment" + "@value": 1 } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "A License participating in an 'or later' model." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense" } ] }, { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion", + "@id": "https://rdf.spdx.org/v3/Software/packageVersion", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -7202,279 +7316,264 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The version of the SPDX License List used in the license expression." + "@value": "Identify the version of a package." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/SemVer" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_384", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/structured", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "sha3 with a digest length of 384 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" + "@value": "data is stored in tabular format or retrieved from a relational database." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha3_384" + "@value": "structured" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/gitoid", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://www.iana.org/assignments/uri-schemes/prov/gitoid Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document); this ambiguity exists because the OmniBOR Document is itself an artifact, and the gitoid of that artifact is its valid identifier. Omnibor is a minimalistic schema to describe software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-dependency-graph-adg). Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's ContentIdentifier property. Gitoids calculated on the OmniBOR Document (OmniBOR Identifiers) should be recorded in the SPDX 3.0 Element's ExternalIdentifier property." + "@value": "Identifies the full text of a LicenseAddition, in SPDX templating format." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "gitoid" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasVariant", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/application", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)" + "@value": "the Element is a software application" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasVariant" + "@value": "application" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Artifact", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A distinct article or unit within the digital domain." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N279ad61d045c4a6a981179f40a4f3b9f" - }, - { - "@id": "_:N0ae2187b5c51408aa9ea82fd2323c51f" - }, - { - "@id": "_:N4f258ab0be784998894fb40b19da1c11" - }, - { - "@id": "_:Nd29f047d4b364f179b053e5d9e89e6fc" - }, - { - "@id": "_:Nab6f0c8c4a4a4a25a41efe715247bd06" - }, - { - "@id": "_:N7b1c173453ad4920a003f3208147ed9f" - }, - { - "@id": "_:Neba6e6f4e81448098cc50ce996c6200a" - } - ] - }, - { - "@id": "_:N279ad61d045c4a6a981179f40a4f3b9f", - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/originatedBy" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:N0ae2187b5c51408aa9ea82fd2323c51f", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/amendedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The `from` Element is amended by each `to` Element" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/suppliedBy" + "@value": "amendedBy" } ] }, { - "@id": "_:N4f258ab0be784998894fb40b19da1c11", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/externalRefType", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Specifies the type of the external reference." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/builtTime" + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType" } ] }, { - "@id": "_:Nd29f047d4b364f179b053e5d9e89e6fc", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/framework", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "the Element is a software framework" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/releaseTime" + "@value": "framework" } ] }, { - "@id": "_:Nab6f0c8c4a4a4a25a41efe715247bd06", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/SupportType/endOfSupport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/validUntilTime" + "@value": "endOfSupport" } ] }, { - "@id": "_:N7b1c173453ad4920a003f3208147ed9f", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/doesNotAffect", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Core/standardName" + "@language": "en", + "@value": "(Security/VEX) The `from` Vulnerability has no impact on each `to` Element" } - ] - }, - { - "@id": "_:Neba6e6f4e81448098cc50ce996c6200a", - "http://www.w3.org/ns/shacl#path": [ + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/supportLevel" + "@value": "doesNotAffect" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A LicenseAddition participating in a 'with addition' model." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" + "@value": "A mathematical algorithm that maps data of arbitrary size to a bit string." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/socialMedia", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe22", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a social media channel for a package." + "@value": "https://cpe.mitre.org/files/cpe-specification_2.2.pdf" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "socialMedia" + "@value": "cpe22" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/homePage", + "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/clear", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A place for the SPDX document creator to record a website that serves as the package's home page." + "@value": "Dataset may be distributed freely, without restriction." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "clear" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/deployed", + "@id": "https://rdf.spdx.org/v3/Security/modifiedTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment." + "@value": "Specifies a time when a vulnerability assessment was modified" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "deployed" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/binaryArtifact", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDeclaredLicense", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to binary artifacts related to a package." + "@value": "The `from` Software Artifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "binaryArtifact" + "@value": "hasDeclaredLicense" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact", + "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -7483,47 +7582,38 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A distinct article or unit related to Software." + "@value": "Asbtract ancestor class for all VEX relationships" } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/Artifact" + "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N565f3eb638df41cab5f31240cd3923be" - }, - { - "@id": "_:N124d85cb2f9c4fdf8b1df77d33fbd66f" - }, - { - "@id": "_:N315913f89bc04aaab0cc69c913cc6bc3" - }, - { - "@id": "_:N5387693d2fda4b06a6bc306399b6a5e1" + "@id": "_:N3fe2890d72214c0fb6768b985cd772bc" }, { - "@id": "_:Nefdcfcb457bc48b5af7fda01452e5eb5" + "@id": "_:Nd639b3b173144af7be46a52693c424df" } ] }, { - "@id": "_:N565f3eb638df41cab5f31240cd3923be", + "@id": "_:N3fe2890d72214c0fb6768b985cd772bc", "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 2 + "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/gitoid" + "@id": "https://rdf.spdx.org/v3/Security/vexVersion" } ] }, { - "@id": "_:N124d85cb2f9c4fdf8b1df77d33fbd66f", + "@id": "_:Nd639b3b173144af7be46a52693c424df", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -7531,41 +7621,48 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose" - } - ] - }, - { - "@id": "_:N315913f89bc04aaab0cc69c913cc6bc3", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose" + "@id": "https://rdf.spdx.org/v3/Security/statusNotes" } ] }, { - "@id": "_:N5387693d2fda4b06a6bc306399b6a5e1", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/comment", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provide consumers with comments by the creator of the Element about the Element." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Software/copyrightText" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:Nefdcfcb457bc48b5af7fda01452e5eb5", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasProvidedDependency", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Software/attributionText" + "@language": "en", + "@value": "The `from` Element has a dependency on each `to` Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasProvidedDependency" } ] }, { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText", + "@id": "https://rdf.spdx.org/v3/AI/domain", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -7573,7 +7670,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the full text of a License or Addition." + "@value": "Captures the domain in which the AI package can be used." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -7583,61 +7680,61 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/securityOther", + "@id": "https://rdf.spdx.org/v3/Security/locator", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used when there is a security related identifier of unspecified type." + "@value": "Provides the location of an exploit catalog." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "securityOther" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/timeseries", + "@id": "https://rdf.spdx.org/v3/Core/identifier", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day." + "@value": "Uniquely identifies an external element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "timeseries" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_224", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/noAssertion", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "sha3 with a digest length of 224 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" + "@value": "No assertion can be made about the completeness of the relationship." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha3_224" + "@value": "noAssertion" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/statusNotes", + "@id": "https://rdf.spdx.org/v3/Core/prefix", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -7645,7 +7742,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Conveys information about how VEX status was determined." + "@value": "A substitute for a URI." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -7655,287 +7752,293 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/validUntilTime", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAddedFile", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies until when the artifact can be used before its usage needs to be reassessed." + "@value": "Every `to` Element is is a file added to the `from` Element (`from` hasAddedFile `to`)" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@value": "hasAddedFile" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdversaryModel", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsKyber", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the security adversary model for a package." + "@value": "https://pq-crystals.org/kyber/index.shtml" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityAdversaryModel" + "@value": "crystalsKyber" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense", + "@id": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license that is listed on the SPDX License List." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" + "@value": "Describes the anonymization methods used." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nbaea39fd155e4d4799c5e9c777cdebbd" - }, + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:N13efb0a915d648d9b9c010d495d2c476" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:Nbaea39fd155e4d4799c5e9c777cdebbd", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/documentation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded" - } - ] - }, - { - "@id": "_:N13efb0a915d648d9b9c010d495d2c476", - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A reference to the documentation for a package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion" + "@value": "documentation" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/contentType", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityDisclosureReport", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the media type of an Element or Property." + "@value": "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161](https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/MediaType" + "@value": "vulnerabilityDisclosureReport" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalComponent", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/releaseNotes", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent` `to`)" + "@value": "A reference to the release notes for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasOptionalComponent" + "@value": "releaseNotes" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/suppliedBy", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies who or what supplied the artifact or VulnAssessmentRelationship referenced by the Element." + "@value": "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/Agent" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/expandsTo", + "@id": "https://rdf.spdx.org/v3/Build/Build", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` archive expands out as an artifact described by each `to` Element" + "@value": "Class that describes a build instance of software/artifacts." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "expandsTo" + "@id": "https://rdf.spdx.org/v3/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N3e27362c45904d7e8dff6ed96a578b74" + }, + { + "@id": "_:Nf1b2832ad41e45bd9d1a3173127bb1fc" + }, + { + "@id": "_:Ncd182d7ec7b24a7d8f6fd671fd6a0d56" + }, + { + "@id": "_:Nd847bf73e6604d1c9c91b10e82a30388" + }, + { + "@id": "_:N1c1a83c17f7244fe8e903b9f0e2d0867" + }, + { + "@id": "_:N386776e74ab9455e84ead93c16a7ec18" + }, + { + "@id": "_:N1c7da9fade684ddb82f699285f52c818" + }, + { + "@id": "_:N835106b7a08b485188b6434eb3f06e6f" + }, + { + "@id": "_:Nbbe4190428a642f1b91b615e630e35f0" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/coordinatedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "@id": "_:N3e27362c45904d7e8dff6ed96a578b74", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "(Security) The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)" + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Build/buildType" + } + ] + }, + { + "@id": "_:Nf1b2832ad41e45bd9d1a3173127bb1fc", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "coordinatedBy" + "@id": "https://rdf.spdx.org/v3/Build/buildId" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/knownBias", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Ncd182d7ec7b24a7d8f6fd671fd6a0d56", + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Records the biases that the dataset is known to encompass." + "@id": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint" } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + ] + }, + { + "@id": "_:Nd847bf73e6604d1c9c91b10e82a30388", + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Build/configSourceUri" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/sbomType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N1c1a83c17f7244fe8e903b9f0e2d0867", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "Provides information about the type of an SBOM." + "@id": "https://rdf.spdx.org/v3/Core/Hash" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Software/SbomType" + "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest" } ] }, { - "@id": "https://rdf.spdx.org/v3/", - "@type": [ - "http://www.w3.org/2002/07/owl#Ontology" + "@id": "_:N386776e74ab9455e84ead93c16a7ec18", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + } ], - "http://www.w3.org/2002/07/owl#versionIRI": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/" + "@id": "https://rdf.spdx.org/v3/Build/parameters" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/complete", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N1c7da9fade684ddb82f699285f52c818", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "The relationship is known to be exhaustive." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "complete" + "@id": "https://rdf.spdx.org/v3/Build/buildStartTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/copiedTo", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N835106b7a08b485188b6434eb3f06e6f", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "The `from` Element has been copied to each `to` Element" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "copiedTo" + "@id": "https://rdf.spdx.org/v3/Build/buildEndTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/specification", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nbbe4190428a642f1b91b615e630e35f0", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "the Element is a plan, guideline or strategy how to create, perform or analyse an application" + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "specification" + "@id": "https://rdf.spdx.org/v3/Build/environment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/element", + "@id": "https://rdf.spdx.org/v3/Security/catalogType", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -7943,53 +8046,53 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Refers to one or more Elements that are part of an ElementCollection." + "@value": "Specifies the exploit catalog type." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/video", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/foundBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is video based, such as a collection of movie clips featuring Tom Hanks." + "@value": "(Security) Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "video" + "@value": "foundBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/other", + "@id": "https://rdf.spdx.org/v3/Core/SupportType/support", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + "https://rdf.spdx.org/v3/Core/SupportType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle." + "@value": "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "support" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Bom", + "@id": "https://rdf.spdx.org/v3/Core/Agent", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class" @@ -7997,121 +8100,107 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product." + "@value": "Agent represents anything with the potential to act on a system." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/Bundle" + "@id": "https://rdf.spdx.org/v3/Core/Element" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/standardName", + "@id": "https://rdf.spdx.org/v3/Core/extension", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The name of a relevant standard that may apply to an artifact." + "@value": "Specifies an Extension characterization of some aspect of an Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Extension/Extension" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_256", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDataFile", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "sha3 with a digest length of 256 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" + "@value": "The `from` Element treats each `to` Element as a data file" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha3_256" + "@value": "hasDataFile" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/energyConsumption", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/publishedBy", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Indicates the amount of energy consumed to build the AI package." + "@value": "(Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "publishedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_512", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/query", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "sha3 with a digest length of 512 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" + "@value": "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha3_512" + "@value": "query" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/Sbom", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/timeseries", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A collection of SPDX Elements describing a single package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Bom" + "@value": "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N3498400428394015b82e804bc9710896" - } - ] - }, - { - "@id": "_:N3498400428394015b82e804bc9710896", - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Software/sbomType" + "@value": "timeseries" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType", + "@id": "https://rdf.spdx.org/v3/Extension/Extension", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class" @@ -8119,218 +8208,237 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Enumeration of the valid profiles." + "@value": "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion." } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition", + "@id": "https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license addition that is not listed on the SPDX Exceptions List." + "@value": "Provides an EPSS assessment for a vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" + "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N41b32644bf6f4087b89f9424f07480c6" + }, + { + "@id": "_:Nc8c99e446aa1483191581caba236624a" + }, + { + "@id": "_:N019dffc47249417b8c4e10732e7c9c7f" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SupportType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "@id": "_:N41b32644bf6f4087b89f9424f07480c6", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "Indicates the type of support that is associated with an artifact." + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Security/probability" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b384", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "@id": "_:Nc8c99e446aa1483191581caba236624a", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "blake2b algorithm with a digest size of 384 https://datatracker.ietf.org/doc/html/rfc7693#section-4" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "blake2b384" + "@id": "https://rdf.spdx.org/v3/Security/percentile" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/test", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "@id": "_:N019dffc47249417b8c4e10732e7c9c7f", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "The Element is a test used to verify functionality on an software element" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "test" + "@id": "https://rdf.spdx.org/v3/Security/publishedTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha512", + "@id": "https://rdf.spdx.org/v3/Core/originatedBy", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "secure hashing algorithm with a digest length of 512 https://www.rfc-editor.org/rfc/rfc4634" + "@value": "Identifies from where or whom the Element originally came." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "sha512" + "@id": "https://rdf.spdx.org/v3/Core/Agent" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType", + "@id": "https://rdf.spdx.org/v3/", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#Ontology" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/2002/07/owl#versionIRI": [ { - "@language": "en", - "@value": "Specifies the VEX justification type." + "@id": "https://rdf.spdx.org/v3/" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swhid", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/manifest", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." + "@value": "the Element is a software manifest" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "swhid" + "@value": "manifest" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha256", + "@id": "https://rdf.spdx.org/v3/Core/endTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "secure hashing algorithm with a digest length of 256 https://www.rfc-editor.org/rfc/rfc4634" + "@value": "Specifies the time from which an element is no longer applicable / valid." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "sha256" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/packageVersion", + "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identify the version of a package." + "@value": "A tuple of two positive integers that define a range." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "_:N27455a739949469e87d697c9b2e6f405" + }, + { + "@id": "_:Nd84d23bc00ee40769a1995cc5707d295" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/scope", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N27455a739949469e87d697c9b2e6f405", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "Capture the scope of information about a specific relationship between elements." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType" + "@id": "https://rdf.spdx.org/v3/Core/beginIntegerRange" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/doesNotAffect", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "@id": "_:Nd84d23bc00ee40769a1995cc5707d295", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "(Security/VEX) The `from` Vulnerability has no impact on each `to` Element" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "doesNotAffect" + "@id": "https://rdf.spdx.org/v3/Core/endIntegerRange" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/endIntegerRange", + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/test", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/LifecycleScopeType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Defines the end of a range." + "@value": "A relationship has specific context implications during an element's testing phase, during development." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + "@value": "test" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityOther", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/buildMeta", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/ExternalRefType" @@ -8338,30 +8446,30 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to related security information of unspecified type." + "@value": "A reference build metadata related to a published package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityOther" + "@value": "buildMeta" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/releaseHistory", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/file", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a published list of releases for a package." + "@value": "the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "releaseHistory" + "@value": "file" } ] }, @@ -8384,7 +8492,7 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAssociatedVulnerability", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/usesTool", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -8392,89 +8500,106 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security) Used to associate a `from` Artifact with each `to` Vulnerability" + "@value": "The `from` Element uses each `to` Element as a tool during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasAssociatedVulnerability" + "@value": "usesTool" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/framework", + "@id": "https://rdf.spdx.org/v3/Software/Snippet", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a software framework" + "@value": "Describes a certain part of a file." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "framework" + "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Ne60d266ecabb43118f4187fa8420989c" + }, + { + "@id": "_:N47d6cb2c5eb74e8aa57f71b63c83b235" + }, + { + "@id": "_:Nfd0e1c38f7ae4d588ea90fe5a1b8ff81" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/purchaseOrder", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "@id": "_:Ne60d266ecabb43118f4187fa8420989c", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A reference to a purchase order for a package." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "purchaseOrder" + "@id": "https://rdf.spdx.org/v3/Software/byteRange" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/file", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "@id": "_:N47d6cb2c5eb74e8aa57f71b63c83b235", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc)" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "file" + "@id": "https://rdf.spdx.org/v3/Software/lineRange" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "@id": "_:Nfd0e1c38f7ae4d588ea90fe5a1b8ff81", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Software/File" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "data is of a type not included in this list." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "other" + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDataFile", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/availableFrom", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -8482,17 +8607,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element treats each `to` Element as a data file" + "@value": "The `from` Element is available from the additional supplier described by each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasDataFile" + "@value": "availableFrom" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/Dataset", + "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -8501,84 +8626,47 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the fields in the Dataset profile." + "@value": "A distinct article or unit related to Software." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Software/Package" + "@id": "https://rdf.spdx.org/v3/Core/Artifact" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nec59330f92ad4f27b9c607c53619c49b" - }, - { - "@id": "_:N9afad2d79c70425d9214b62484890a94" - }, - { - "@id": "_:N91068d7ab51e48c387341dabcae991da" - }, - { - "@id": "_:Nf588fe09f38546eda592e171f713aed1" - }, - { - "@id": "_:Nbe9a5a772cc341e3b1732f290dd0fd1c" - }, - { - "@id": "_:Ne25977897e0f4e5fac36306382553469" - }, - { - "@id": "_:N2db83c268b77468aa2fa73e3f13b8710" - }, - { - "@id": "_:Nf39c7cfde07c4dbb92a4ac22300369b6" - }, - { - "@id": "_:Ncdbfc8b9f8b4444bad468bb950790257" + "@id": "_:Ndb1e43b1695f4895ac45dd6cbe2111d9" }, { - "@id": "_:N72e3fc143220430894d9e7fe080147ea" + "@id": "_:N112f8470503843a48ba7838ed3e7c41e" }, { - "@id": "_:N1d8548200c8e421bbd8f2e187ad209cc" + "@id": "_:N65d1a7524cd0468286a0e8f6fdd90054" }, { - "@id": "_:N1c29f8b898d241d182158124e0538c25" + "@id": "_:N639bb557fc0240c79c5dfff5c6d20ad3" }, { - "@id": "_:Nad3d44ab075245d18f50a389f4dd1c68" - } - ] - }, - { - "@id": "_:Nec59330f92ad4f27b9c607c53619c49b", - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetType" + "@id": "_:N4c82227e7b1f406b913a15f67223f8dd" } ] }, { - "@id": "_:N9afad2d79c70425d9214b62484890a94", + "@id": "_:Ndb1e43b1695f4895ac45dd6cbe2111d9", "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 + "@value": 2 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess" + "@id": "https://rdf.spdx.org/v3/Software/gitoid" } ] }, { - "@id": "_:N91068d7ab51e48c387341dabcae991da", + "@id": "_:N112f8470503843a48ba7838ed3e7c41e", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -8586,25 +8674,20 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/intendedUse" + "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose" } ] }, { - "@id": "_:Nf588fe09f38546eda592e171f713aed1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], + "@id": "_:N65d1a7524cd0468286a0e8f6fdd90054", "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetSize" + "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose" } ] }, { - "@id": "_:Nbe9a5a772cc341e3b1732f290dd0fd1c", + "@id": "_:N639bb557fc0240c79c5dfff5c6d20ad3", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -8612,240 +8695,263 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetNoise" - } - ] - }, - { - "@id": "_:Ne25977897e0f4e5fac36306382553469", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing" - } - ] - }, - { - "@id": "_:N2db83c268b77468aa2fa73e3f13b8710", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/sensor" + "@id": "https://rdf.spdx.org/v3/Software/copyrightText" } ] }, { - "@id": "_:Nf39c7cfde07c4dbb92a4ac22300369b6", + "@id": "_:N4c82227e7b1f406b913a15f67223f8dd", "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/knownBias" + "@id": "https://rdf.spdx.org/v3/Software/attributionText" } ] }, { - "@id": "_:Ncdbfc8b9f8b4444bad468bb950790257", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Software/lineRange", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Defines the line range in the original host file that the snippet information applies to." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation" + "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" } ] }, { - "@id": "_:N72e3fc143220430894d9e7fe080147ea", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed" + "@language": "en", + "@value": "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it." } - ] - }, - { - "@id": "_:N1d8548200c8e421bbd8f2e187ad209cc", - "http://www.w3.org/ns/shacl#maxCount": [ + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": 1 + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel" + "@id": "_:Ncdf25486837946e3a1a501bf45df99fa" + }, + { + "@id": "_:N7a5659a3f31f40caa4859e4e836f2773" } ] }, { - "@id": "_:N1c29f8b898d241d182158124e0538c25", + "@id": "_:Ncdf25486837946e3a1a501bf45df99fa", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" + } + ], "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense" } ] }, { - "@id": "_:Nad3d44ab075245d18f50a389f4dd1c68", + "@id": "_:N7a5659a3f31f40caa4859e4e836f2773", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" + } + ], "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md5", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/purchaseOrder", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc1321" + "@value": "A reference to a purchase order for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "md5" + "@value": "purchaseOrder" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/dataset", + "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/serious", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Dataset profile specification" + "@value": "The highest level of risk posed by an AI software." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "dataset" + "@value": "serious" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAssessmentFor", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security) Relates a `from` Vulnerability and each `to` Element(s) with a security assessment. To be used with `VulnAssessmentRelationship` types" + "@value": "A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "hasAssessmentFor" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/vectorString", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdvisory", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the CVSS vector string for a vulnerability." + "@value": "A reference to a published security advisory (where advisory as defined per ISO 29147:2018) that may affect one or more elements, e.g., vendor advisories or specific NVD entries." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "securityAdvisory" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/numeric", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/funding", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data consists only of numeric entries." + "@value": "A reference to funding information related to a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "numeric" + "@value": "funding" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swid", + "@id": "https://rdf.spdx.org/v3/Software/SbomType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-21.html#section-2.3" + "@value": "Provides a set of values to be used to describe the common types of SBOMs that tools may create." } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": "swid" + "@language": "en", + "@value": "Specifies the SSVC decision type." } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/sourceInfo", + "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/inlineMitigationsAlreadyExist", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/VexJustificationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records any relevant background information or additional comments\nabout the origin of the package." + "@value": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "inlineMitigationsAlreadyExist" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/catalogType", + "@id": "https://rdf.spdx.org/v3/Build/buildEndTime", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the exploit catalog type." + "@value": "Property that describes the time at which a build stops." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalMap", + "@id": "https://rdf.spdx.org/v3/Core/PackageVerificationCode", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -8854,26 +8960,25 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A map of Element identifiers that are used within a Document but defined external to that Document." + "@value": "An SPDX version 2.X compatible verification method for software packages." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nd30232919c82426f86812db7194608ea" - }, + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "_:N63684d5497a240709e7fe27d1d262e50" - }, + "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N2585600ef9204aedaea02324fcc2c766" + "@id": "_:Nbfa454398c7e4b62bf97478b74fa3ddb" }, { - "@id": "_:N5112214eac4147b680d82ab194fafc38" + "@id": "_:Nb352ba95c497462e946e70cd2a87aef3" } ] }, { - "@id": "_:Nd30232919c82426f86812db7194608ea", + "@id": "_:Nbfa454398c7e4b62bf97478b74fa3ddb", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -8886,665 +8991,643 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/externalSpdxId" + "@id": "https://rdf.spdx.org/v3/Core/hashValue" } ] }, { - "@id": "_:N63684d5497a240709e7fe27d1d262e50", + "@id": "_:Nb352ba95c497462e946e70cd2a87aef3", "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing" + "@id": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile" } ] }, { - "@id": "_:N2585600ef9204aedaea02324fcc2c766", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/scope", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/locationHint" - } - ] - }, - { - "@id": "_:N5112214eac4147b680d82ab194fafc38", - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Capture the scope of information about a specific relationship between elements." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/definingArtifact" + "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Security/statusNotes", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Designates elements as products where the impact of a vulnerability is being\ninvestigated." + "@value": "Conveys information about how VEX status was determined." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasStaticLink", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha256", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period" + "@value": "secure hashing algorithm with a digest length of 256 https://www.rfc-editor.org/rfc/rfc4634" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasStaticLink" + "@value": "sha256" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides additional purpose information of the software artifact." + "@value": "Contains a URL where the License or LicenseAddition can be found in use." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/noAssertion", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "No assertion can be made about the completeness of the relationship." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "noAssertion" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/firmware", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element provides low level control over a device's hardware" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "firmware" + "@value": "Availability of dataset" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/definingArtifact", + "@id": "https://rdf.spdx.org/v3/AI/energyConsumption", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Artifact representing a serialization instance of SPDX data containing the definition of a particular Element." + "@value": "Indicates the amount of energy consumed to build the AI package." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/Artifact" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/buildType", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on." + "@value": "A LicenseAddition participating in a 'with addition' model." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/noSupport", + "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/componentNotPresent", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" + "https://rdf.spdx.org/v3/Security/VexJustificationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "there is no support for the artifact from the supplier, consumer assumes any support obligations." + "@value": "The software is not affected because the vulnerable component is not in the product." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "noSupport" + "@value": "componentNotPresent" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/complete", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the SSVC decision type." + "@value": "The relationship is known to be exhaustive." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "complete" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/inlineMitigationsAlreadyExist", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/staticAnalysisReport", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability." + "@value": "A reference to a static analysis report for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "inlineMitigationsAlreadyExist" + "@value": "staticAnalysisReport" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/expandedLicensing", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/categorical", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the expanded Licensing profile specification" + "@value": "data that is classified into a discrete number of categories, such as the eye color of a population of people." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "expandedLicensing" + "@value": "categorical" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/runtime", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an “Instrumented” or “Dynamic” SBOM." + "@value": "Abstract class for the portion of an AnyLicenseInfo representing a license." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "runtime" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N2d6a9c2a07334f07b688dc63aac6173e" + }, + { + "@id": "_:Naa2b9d0274c745f0b48450058a33c28a" + }, + { + "@id": "_:N52a0a5f8bef94e70befcff7e1cc9dc55" + }, + { + "@id": "_:N515e2d4bb1f64748b710c0564aa8220b" + }, + { + "@id": "_:N2435fa2491eb491c880215293b0fa677" + }, + { + "@id": "_:N3acd5e8c4ab94f6697c77af3bd88015c" + }, + { + "@id": "_:N6ec577fd095e4cf5ad971be818cb25dd" + }, + { + "@id": "_:Na23b2f85aeee404a8e56566aaa6ac65a" + }, + { + "@id": "_:N2aa6332bc29445439600e9a026983df9" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/externalRef", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N2d6a9c2a07334f07b688dc63aac6173e", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRef" + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/contains", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Naa2b9d0274c745f0b48450058a33c28a", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "The `from` Element contains each `to` Element" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "contains" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/ancestorOf", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N52a0a5f8bef94e70befcff7e1cc9dc55", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "The `from` Element is an ancestor of each `to` Element" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "ancestorOf" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/originatedBy", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N515e2d4bb1f64748b710c0564aa8220b", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Identifies from where or whom the Element originally came." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/Agent" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N2435fa2491eb491c880215293b0fa677", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Identifies the full text of a License, in SPDX templating format." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/image", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N3acd5e8c4ab94f6697c77af3bd88015c", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "data is a collection of images such as pictures of animals." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "image" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDocumentation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "@id": "_:N6ec577fd095e4cf5ad971be818cb25dd", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "The `from` Element is documented by each `to` Element" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy" + } + ] + }, + { + "@id": "_:Na23b2f85aeee404a8e56566aaa6ac65a", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasDocumentation" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/manifest", + "@id": "_:N2aa6332bc29445439600e9a026983df9", + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/buildSystem", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a software manifest" + "@value": "A reference build system used to create or publish the package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "manifest" + "@value": "buildSystem" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Defines the original host file that the snippet information applies to." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Software/File" + "@value": "Provides information about the primary purpose of an Element." } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/platform", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/usage", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element represents a runtime environment" + "@value": "the element follows the Usage profile specification" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "platform" + "@value": "usage" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/archive", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cve", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is an archived collection of one or more files (.tar, .zip, etc)" + "@value": "An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification as defined by https://csrc.nist.gov/glossary/term/cve_id." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "archive" + "@value": "cve" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Availability of dataset" + "@value": "Identifies the full text of a LicenseAddition." } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@language": "en", - "@value": "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/build", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The relative file name of a file to be excluded from the `PackageVerificationCode`." + "@value": "the element follows the Build profile specification" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "build" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/incomplete", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes a mechanism to update the dataset." + "@value": "The relationship is known not to be exhaustive." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "incomplete" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/modifiedTime", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/model", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies a time when a vulnerability assessment was modified" + "@value": "the Element is a machine learning or artificial intelligence model" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@value": "model" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/reportedBy", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha384", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent" + "@value": "secure hashing algorithm with a digest length of 384 https://www.rfc-editor.org/rfc/rfc4634" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "reportedBy" + "@value": "sha384" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/autonomyType", + "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/low", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "States if a human is involved in the decisions of the AI software." + "@value": "Low/no risk is posed by the AI software." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType" + "@value": "low" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/SoftwareAgent", + "@id": "https://rdf.spdx.org/v3/Core/annotationType", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A software agent." + "@value": "Describes the type of annotation." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/Agent" + "@id": "https://rdf.spdx.org/v3/Core/AnnotationType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasTestCase", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A tuple of two positive integers that define a range." + "@value": "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nef7cacbc18bc4464a6f032754d61ba33" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N1a75b0b5ec9e43ca8edd726430bec6e8" + "@value": "hasTestCase" } ] }, { - "@id": "_:Nef7cacbc18bc4464a6f032754d61ba33", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Build/parameters", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Property describing the parameters used in an instance of a build." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/beginIntegerRange" + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ] }, { - "@id": "_:N1a75b0b5ec9e43ca8edd726430bec6e8", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/endIntegerRange" + "@value": "vulnerabilityExploitabilityAssessment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetNoise", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasRequirement", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes potentially noisy elements of the dataset." + "@value": "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "hasRequirement" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/relationshipType", + "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -9552,17 +9635,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Information about the relationship between two Elements." + "@value": "Defines the original host file that the snippet information applies to." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType" + "@id": "https://rdf.spdx.org/v3/Software/File" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/hyperparameter", + "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -9570,53 +9653,53 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records a hyperparameter used to build the AI model contained in the AI package." + "@value": "Describes if any sensitive personal information is present in the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + "@id": "https://rdf.spdx.org/v3/Core/PresenceType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/Tool", + "@id": "https://rdf.spdx.org/v3/Security/percentile", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An element of hardware and/or software utilized to carry out a particular function." + "@value": "The percentile of the current probability score." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/module", + "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotPresent", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Security/VexJustificationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a module of a piece of software" + "@value": "The product is not affected because the code underlying the vulnerability is not present in the product." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "module" + "@value": "vulnerableCodeNotPresent" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/describes", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasTest", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -9624,71 +9707,67 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used." + "@value": "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "describes" + "@value": "hasTest" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/statement", + "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Commentary on an assertion that an annotator has made." + "@value": "Provides an independently reproducible mechanism that permits verification of a specific Element." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "_:N004028bc90604bf8bd9cf254262c65a7" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType/no", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/PresenceType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N004028bc90604bf8bd9cf254262c65a7", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Indicates absence of the field." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "no" + "@id": "https://rdf.spdx.org/v3/Core/comment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/componentNotPresent", + "@id": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The software is not affected because the vulnerable component is not in the product." + "@value": "Property describes the invocation entrypoint of a build." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "componentNotPresent" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/severity", + "@id": "https://rdf.spdx.org/v3/AI/hyperparameter", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -9696,215 +9775,225 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software." + "@value": "Records a hyperparameter used to build the AI model contained in the AI package." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType" + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha1", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/diskImage", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc3174" + "@value": "the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha1" + "@value": "diskImage" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/other", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/ExploitCatalogType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Other exploit catalogs" + "@value": "Specifies whether an additional text identifier has been marked as deprecated." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "other" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vcs", + "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a version control system related to a software artifact." + "@value": "Specified the time and date when a vulnerability was withdrawn." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "vcs" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe23", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/expandsTo", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf" + "@value": "The `from` archive expands out as an artifact described by each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "cpe23" + "@value": "expandsTo" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/green", + "@id": "https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Dataset can be shared within a community of peers and partners." + "@value": "Designates elements as products where the impact of a vulnerability is being\ninvestigated." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "green" + "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/install", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasPrerequsite", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is used to install software on disk" + "@value": "The `from` Element has a prerequsite on each `to` Element, during a LifecycleScopeType period" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "install" + "@value": "hasPrerequsite" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/container", + "@id": "https://rdf.spdx.org/v3/Core/Annotation", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a container image which can be used by a container runtime application" + "@value": "An assertion made in relation to one or more elements." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "container" + "@id": "https://rdf.spdx.org/v3/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N24460da1319f4480ac20b3efd67c2135" + }, + { + "@id": "_:N011a928ec87e45949293a3648e178922" + }, + { + "@id": "_:N9a8c4d8c33f14e828ef98e88a3f9ee31" + }, + { + "@id": "_:N9fa6188221f7460dbce66645d9149bae" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/imports", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N24460da1319f4480ac20b3efd67c2135", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@language": "en", - "@value": "Provides an ExternalMap of Element identifiers." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/ExternalMap" + "@id": "https://rdf.spdx.org/v3/Core/annotationType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/buildId", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N011a928ec87e45949293a3648e178922", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/contentType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/endTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N9a8c4d8c33f14e828ef98e88a3f9ee31", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Specifies the time from which an element is no longer applicable / valid." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "https://rdf.spdx.org/v3/Core/statement" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/invokedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "@id": "_:N9fa6188221f7460dbce66645d9149bae", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Element" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "The `from` Element was invoked by the `to` Agent during a LifecycleScopeType period (for example, a Build element that describes a build step)" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "invokedBy" + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Core/subject" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/exploitCreatedBy", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasInputs", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/RelationshipType" @@ -9912,17 +10001,17 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security) The `from` Vulnerability has had an exploit created against it by each `to` Agent" + "@value": "The `from` Build has each `to` Elements as an input during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "exploitCreatedBy" + "@value": "hasInputs" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/limitation", + "@id": "https://rdf.spdx.org/v3/Core/identifierLocator", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -9930,169 +10019,164 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Captures a limitation of the AI software." + "@value": "Provides the location for more information regarding an external identifier." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/decisionType", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDynamicLink", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf)" + "@value": "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType" + "@value": "hasDynamicLink" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotPresent", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b384", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The product is not affected because the code underlying the vulnerability is not present in the product." + "@value": "blake2b algorithm with a digest size of 384 https://datatracker.ietf.org/doc/html/rfc7693#section-4" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "vulnerableCodeNotPresent" + "@value": "blake2b384" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/structured", + "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is stored in tabular format or retrieved from a relational database." + "@value": "Abstract ancestor class for all vulnerability assessments" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "structured" + "@id": "https://rdf.spdx.org/v3/Core/Relationship" } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#property": [ { - "@language": "en", - "@value": "Specifies the exploit catalog type." + "@id": "_:N4ec67d5b0b91438e93beeeafe758d816" + }, + { + "@id": "_:N83e525a538e84eb0bef8b223419b803a" + }, + { + "@id": "_:N63edc6d4a5324f4e81abfed37620af3f" + }, + { + "@id": "_:N5eab9866ef284a8fab3aa4290bfd8e6d" + }, + { + "@id": "_:N9eced81cd04248109faf1f12a4ac2853" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/documentation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "@id": "_:N4ec67d5b0b91438e93beeeafe758d816", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Element" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Element is documentation" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "documentation" + "@id": "https://rdf.spdx.org/v3/Security/assessedElement" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "@id": "_:N83e525a538e84eb0bef8b223419b803a", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Provide an enumerated set of software lifecycle phases that can provide context to relationships." + "@id": "https://rdf.spdx.org/v3/Security/publishedTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDeletedFile", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "@id": "_:N63edc6d4a5324f4e81abfed37620af3f", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Agent" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)" + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasDeletedFile" + "@id": "https://rdf.spdx.org/v3/Core/suppliedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N5eab9866ef284a8fab3aa4290bfd8e6d", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Categorizes safety risk impact of AI software." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" + "@id": "https://rdf.spdx.org/v3/Security/modifiedTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType/yes", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/PresenceType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N9eced81cd04248109faf1f12a4ac2853", + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Indicates presence of the field." + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "yes" + "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class" @@ -10100,30 +10184,35 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A mathematical algorithm that maps data of arbitrary size to a bit string." + "@value": "A license that is not listed on the SPDX License List." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasSpecification", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/video", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period" + "@value": "data is video based, such as a collection of movie clips featuring Tom Hanks." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasSpecification" + "@value": "video" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/evidence", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/module", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Software/SoftwarePurpose" @@ -10131,245 +10220,223 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is the evidence that a specification or requirement has been fulfilled" + "@value": "the Element is a module of a piece of software" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "evidence" + "@value": "module" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText", + "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/high", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Security/CvssSeverityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the full text of a LicenseAddition." + "@value": "When a CVSS score is between 7.0 - 8.9" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "high" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/PackageVerificationCode", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalDependency", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An SPDX version 2.X compatible verification method for software packages." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" + "@value": "The `from` Element optionally depends on each `to` Element during a LifecycleScopeType period" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nc6bef129783c402f93254731369872c0" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N730a9075837a4fe18e3022c6bb30224a" + "@value": "hasOptionalDependency" } ] }, { - "@id": "_:Nc6bef129783c402f93254731369872c0", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Software/sourceInfo", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Records any relevant background information or additional comments\nabout the origin of the package." } ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/hashValue" - } - ] - }, - { - "@id": "_:N730a9075837a4fe18e3022c6bb30224a", - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/core", + "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Core profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "core" + "@value": "Categories of confidentiality level." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/subject", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityThreatModel", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An Element an annotator has made an assertion about." + "@value": "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "securityThreatModel" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/patchedBy", + "@id": "https://rdf.spdx.org/v3/Core/Bom", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)" + "@value": "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "patchedBy" + "@id": "https://rdf.spdx.org/v3/Core/Bundle" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/other", + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha224", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used when the type doesn't match any of the other options." + "@value": "secure hashing algorithm with a digest length of 224 https://datatracker.ietf.org/doc/html/draft-ietf-pkix-sha224-01" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "sha224" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/certificationReport", + "@id": "https://rdf.spdx.org/v3/Core/completeness", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a certification report for a package from an accredited/independent body." + "@value": "Provides information about the completeness of relationships." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "certificationReport" + "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/build", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/sourceArtifact", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs." + "@value": "A reference to an artifact containing the sources for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "build" + "@value": "sourceArtifact" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/exportControlAssessment", + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/archive", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a export control assessment for a package." + "@value": "the Element is an archived collection of one or more files (.tar, .zip, etc)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "exportControlAssessment" + "@value": "archive" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/sourceArtifact", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/ai", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to an artifact containing the sources for a package." + "@value": "the element follows the AI profile specification" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sourceArtifact" + "@value": "ai" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose", + "@id": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the primary purpose of the software artifact." + "@value": "The relative file name of a file to be excluded from the `PackageVerificationCode`." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, @@ -10393,18 +10460,18 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nca02a67437984c42b5b330dd392202bf" + "@id": "_:Ncb5ceed66dd74eba8da52323e74d9065" }, { - "@id": "_:N5ad064d1ed5b4bb6b9ace8b58d9b0f92" + "@id": "_:Nc8531967a0cd44fcbb0c6ec6220950c0" }, { - "@id": "_:Nc1582d669aef4075a122b7b24ccd99c5" + "@id": "_:N4d5bf66c33bd402eac05830d8f9865f8" } ] }, { - "@id": "_:Nca02a67437984c42b5b330dd392202bf", + "@id": "_:Ncb5ceed66dd74eba8da52323e74d9065", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -10422,7 +10489,7 @@ ] }, { - "@id": "_:N5ad064d1ed5b4bb6b9ace8b58d9b0f92", + "@id": "_:Nc8531967a0cd44fcbb0c6ec6220950c0", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -10440,7 +10507,7 @@ ] }, { - "@id": "_:Nc1582d669aef4075a122b7b24ccd99c5", + "@id": "_:N4d5bf66c33bd402eac05830d8f9865f8", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -10458,74 +10525,79 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Security/justificationType", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/expandedLicensing", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship." + "@value": "the element follows the expanded Licensing profile specification" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType" + "@value": "expandedLicensing" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/profileConformance", + "@id": "https://rdf.spdx.org/v3/Core/key", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes one a profile which the creator of this ElementCollection intends to conform to." + "@value": "A key used in a generic key-value pair." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/mailingList", + "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/medium", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the mailing list used by the maintainer for a package." + "@value": "The third-highest level of risk posed by an AI software." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "mailingList" + "@value": "medium" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/riskAssessment", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the CVSS base, temporal, threat, or environmental severity type." + "@value": "A reference to a risk assessment for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "riskAssessment" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/name", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -10533,7 +10605,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the name of an Element as designated by the creator." + "@value": "Describes a mechanism to update the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -10543,118 +10615,146 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRef", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/secureSoftwareAttestation", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a resource outside the scope of SPDX-3.0 content." + "@value": "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF)](https://csrc.nist.gov/publications/detail/sp/800-218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf)." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N104dc919e4724941af29ceb9f94542ac" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N4c7624579b8d499188d47f3fbacae4cc" - }, + "@value": "secureSoftwareAttestation" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "_:N94fca1144ae44ebc84a013a1d6daf32b" - }, + "@language": "en", + "@value": "Specifies whether the License is listed as free by the\n[Free Software Foundation (FSF)](https://fsf.org)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:N4101a95baaff40639efcb6c648743b5e" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "_:N104dc919e4724941af29ceb9f94542ac", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityPenTestReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/externalRefType" + "@value": "securityPenTestReport" } ] }, { - "@id": "_:N4c7624579b8d499188d47f3fbacae4cc", - "http://www.w3.org/ns/shacl#path": [ + "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b256", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "blake2b algorithm with a digest size of 256 https://datatracker.ietf.org/doc/html/rfc7693#section-4" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/locator" + "@value": "blake2b256" } ] }, { - "@id": "_:N94fca1144ae44ebc84a013a1d6daf32b", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Software/attributionText", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/contentType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:N4101a95baaff40639efcb6c648743b5e", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Core/SupportType", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://rdf.spdx.org/v3/Core/comment" + "@language": "en", + "@value": "Indicates the type of support that is associated with an artifact." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/issueTracker", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDependencyManifest", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the issue tracker for a package." + "@value": "The `from` Element has manifest files that contain dependency information in each `to` Element" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "issueTracker" + "@value": "hasDependencyManifest" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess", + "@id": "https://rdf.spdx.org/v3/Core/Person", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes how the dataset was collected." + "@value": "An individual human being." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Core/Agent" } ] }, { - "@id": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing", + "@id": "https://rdf.spdx.org/v3/Security/vectorString", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -10662,7 +10762,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes the preprocessing steps that were applied to the raw data to create the given dataset." + "@value": "Specifies the CVSS vector string for a vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -10672,133 +10772,123 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/other", + "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" + "@value": "Enumeration of dataset types." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe22", + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "https://cpe.mitre.org/files/cpe-specification_2.2.pdf" + "@value": "Identifies all the text and metadata associated with a license in the license XML format." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "cpe22" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/value", + "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/security", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A value used in a generic key-value pair." + "@value": "the element follows the Security profile specification" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "security" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/other", + "@id": "https://rdf.spdx.org/v3/Core/SupportType/development", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/SupportType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element doesn't fit into any of the other categories" + "@value": "the artifact is in active development and is not considered ready for formal support from the supplier." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "development" } ] }, { - "@id": "https://rdf.spdx.org/v3/Build/buildStartTime", + "@id": "https://rdf.spdx.org/v3/Core/AnnotationType", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property describing the start time of a build." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@value": "Specifies the type of an annotation." } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/amendedBy", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/altDownloadLocation", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is amended by each `to` Element" + "@value": "A reference to an alternative download location." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "amendedBy" + "@value": "altDownloadLocation" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/locationHint", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/dynamicAnalysisReport", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an indication of where to retrieve an external Element." + "@value": "A reference to a dynamic analysis report for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "dynamicAnalysisReport" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/mavenCentral", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/issueTracker", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://rdf.spdx.org/v3/Core/ExternalRefType" @@ -10806,66 +10896,104 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a maven repository artifact." + "@value": "A reference to the issue tracker for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "mavenCentral" + "@value": "issueTracker" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/supportLevel", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/securityOther", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the level of support associated with an artifact." + "@value": "Used when there is a security related identifier of unspecified type." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Core/SupportType" + "@value": "securityOther" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType", + "@id": "https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of an external reference." + "@value": "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nc81d6f8d2ccd426aafc2a694e49e7409" + }, + { + "@id": "_:N93225b28d4094bf2b7c57b6c83bc728e" + }, + { + "@id": "_:Nb5cbaecd6a2d4664aeb2abc42801df75" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/context", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:Nc81d6f8d2ccd426aafc2a694e49e7409", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under." + "@id": "https://rdf.spdx.org/v3/Security/justificationType" + } + ] + }, + { + "@id": "_:N93225b28d4094bf2b7c57b6c83bc728e", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Security/impactStatement" } ] }, { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException", + "@id": "_:Nb5cbaecd6a2d4664aeb2abc42801df75", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/Security/impactStatementTime" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -10874,25 +11002,25 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license exception that is listed on the SPDX Exceptions list." + "@value": "A license that is listed on the SPDX License List." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nba6a82dea8004e7981d0558bea7943c1" + "@id": "_:N162454b1c9854f30bc2fd031c49e2e0f" }, { - "@id": "_:N24f4cc7e9ca64873afd96ab64606747d" + "@id": "_:N1bf96a97d6294cd0a03447f6a20e7704" } ] }, { - "@id": "_:Nba6a82dea8004e7981d0558bea7943c1", + "@id": "_:N162454b1c9854f30bc2fd031c49e2e0f", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -10905,7 +11033,7 @@ ] }, { - "@id": "_:N24f4cc7e9ca64873afd96ab64606747d", + "@id": "_:N1bf96a97d6294cd0a03447f6a20e7704", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 @@ -10918,43 +11046,43 @@ ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/availableFrom", + "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/high", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is available from the additional supplier described by each `to` Element" + "@value": "The second-highest level of risk posed by an AI software." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "availableFrom" + "@value": "high" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/publishedBy", + "@id": "https://rdf.spdx.org/v3/Software/SbomType/build", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "https://rdf.spdx.org/v3/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent" + "@value": "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "publishedBy" + "@value": "build" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/impactStatementTime", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetSize", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#DatatypeProperty" @@ -10962,35 +11090,35 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Timestamp of impact statement." + "@value": "Captures the size of the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/actionStatementTime", + "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records the time when a recommended action was communicated in a VEX statement \nto mitigate a vulnerability." + "@value": "Captures the threshold that was used for computation of a metric described in the metric field." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/creationInfo", + "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -10998,71 +11126,71 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the creation of the Element." + "@value": "Property that describes the digest of the build configuration file used to invoke a build." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/CreationInfo" + "@id": "https://rdf.spdx.org/v3/Core/Hash" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/medium", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/email", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "When a CVSS score is between 4 - 6.9" + "@value": "https://datatracker.ietf.org/doc/html/rfc3696#section-3" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "medium" + "@value": "email" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/library", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalComponent", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a software library" + "@value": "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent` `to`)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "library" + "@value": "hasOptionalComponent" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/npm", + "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to an npm package." + "@value": "Provides information about the primary purpose of the software artifact." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "npm" + "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/algorithm", + "@id": "https://rdf.spdx.org/v3/Build/environment", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -11070,144 +11198,143 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the algorithm used for calculating the hash value." + "@value": "Property describing the session in which a build is invoked." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm" + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasExample", + "@id": "https://rdf.spdx.org/v3/Core/beginIntegerRange", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)" + "@value": "Defines the beginning of a range." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasExample" + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType", + "@id": "https://rdf.spdx.org/v3/AI/standardCompliance", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Information about the relationship between two Elements." + "@value": "Captures a standard that is being complied with." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/design", + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact." + "@value": "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "design" + "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" } ] }, { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText", + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swhid", "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license or addition that is not listed on the SPDX License List." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" + "@value": "SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N4b1101686cd1469baa8b1521af8fcc41" + "@value": "swhid" } ] }, { - "@id": "_:N4b1101686cd1469baa8b1521af8fcc41", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://rdf.spdx.org/v3/Security/publishedTime", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Specifies the time when a vulnerability was published." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText" + "@id": "https://rdf.spdx.org/v3/Core/DateTime" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/beginIntegerRange", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasVariant", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Defines the beginning of a range." + "@value": "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + "@value": "hasVariant" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/hashValue", + "@id": "https://rdf.spdx.org/v3/Security/severity", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The result of applying a hash algorithm to an Element." + "@value": "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType" } ] }, { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship", + "@id": "https://rdf.spdx.org/v3/Core/Hash", "@type": [ "http://www.w3.org/2000/01/rdf-schema#Class", "http://www.w3.org/2002/07/owl#Class", @@ -11216,135 +11343,133 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Abstract ancestor class for all vulnerability assessments" + "@value": "A mathematically calculated representation of a grouping of data." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://rdf.spdx.org/v3/Core/Relationship" + "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N525d4da2fd104cdda961b6dacc31928d" - }, - { - "@id": "_:Nc09fc7fc9f1a4833ad4c61990c22f060" - }, - { - "@id": "_:N96547999ee9b4a69acb837070eb1baa6" - }, - { - "@id": "_:Naea9d40f8aa444708f933be48eb3c7fb" + "@id": "_:N13acc4ee5dfd40deacd60cb93731e176" }, { - "@id": "_:N33c64fe9b6f942b59891466fb54556de" + "@id": "_:N7851e5f1745d4a188c9b9f6dee4c7c3c" } ] }, { - "@id": "_:N525d4da2fd104cdda961b6dacc31928d", + "@id": "_:N13acc4ee5dfd40deacd60cb93731e176", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/assessedElement" - } - ] - }, - { - "@id": "_:Nc09fc7fc9f1a4833ad4c61990c22f060", - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#minCount": [ { "@value": 1 } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime" + "@id": "https://rdf.spdx.org/v3/Core/algorithm" } ] }, { - "@id": "_:N96547999ee9b4a69acb837070eb1baa6", + "@id": "_:N7851e5f1745d4a188c9b9f6dee4c7c3c", "http://www.w3.org/ns/shacl#maxCount": [ { "@value": 1 } ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://rdf.spdx.org/v3/Core/suppliedBy" + "@id": "https://rdf.spdx.org/v3/Core/hashValue" } ] }, { - "@id": "_:Naea9d40f8aa444708f933be48eb3c7fb", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier", + "@type": [ + "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Security/modifiedTime" + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifier" } ] }, { - "@id": "_:N33c64fe9b6f942b59891466fb54556de", - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/fixedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "(Security) Designates a `from` Vulnerability has been fixed by the `to` Agent(s)" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime" + "@value": "fixedBy" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/identifierLocator", + "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/dependsOn", "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://rdf.spdx.org/v3/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides the location for more information regarding an external identifier." + "@value": "The `from` Element depends on each `to` Element during a LifecycleScopeType period." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "dependsOn" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/build", + "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/attend", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" + "https://rdf.spdx.org/v3/Security/SsvcDecisionType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Build profile specification" + "@value": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "build" + "@value": "attend" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/annotationType", + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", "http://www.w3.org/2002/07/owl#ObjectProperty" @@ -11352,48 +11477,90 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes the type of annotation." + "@value": "Specifies the type of the external identifier." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType" + "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" } ] }, { - "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold", + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText", + "@type": [ + "http://www.w3.org/2000/01/rdf-schema#Class", + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A license or addition that is not listed on the SPDX License List." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://rdf.spdx.org/v3/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N6c3331cf225c47d8a5cfb29455f93493" + } + ] + }, + { + "@id": "_:N6c3331cf225c47d8a5cfb29455f93493", + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText" + } + ] + }, + { + "@id": "https://rdf.spdx.org/v3/Software/gitoid", "@type": [ "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Captures the threshold that was used for computation of a metric described in the metric field." + "@value": "Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/incomplete", + "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/binaryArtifact", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" + "https://rdf.spdx.org/v3/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The relationship is known not to be exhaustive." + "@value": "A reference to binary artifacts related to a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "incomplete" + "@value": "binaryArtifact" } ] } diff --git a/tests/expect/jsonschema/spdx3-context.json b/tests/expect/jsonschema/spdx3-context.json index e84e1dc..47d365b 100644 --- a/tests/expect/jsonschema/spdx3-context.json +++ b/tests/expect/jsonschema/spdx3-context.json @@ -300,7 +300,7 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/Extension", + "$ref": "#/$defs/extension_Extension", "unevaluatedProperties": false } ] @@ -1027,7 +1027,7 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/AnyLicenseInfo", + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo", "unevaluatedProperties": false } ] @@ -1055,41 +1055,41 @@ } ] }, - "LicenseAddition": { + "expandedlicensing_LicenseAddition": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "LicenseAddition" } + "type": { "const": "expandedlicensing_LicenseAddition" } }, "required": ["type"] }, - { "$ref": "#/$defs/LicenseAddition_props" } + { "$ref": "#/$defs/expandedlicensing_LicenseAddition_props" } ] }, - "LicenseAddition_props": { + "expandedlicensing_LicenseAddition_props": { "allOf": [ { "$ref": "#/$defs/Element_props" }, { "type": "object", "properties": { - "additionText": { + "expandedlicensing_additionText": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_additionText" }, - "standardAdditionTemplate": { + "expandedlicensing_standardAdditionTemplate": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_standardAdditionTemplate" }, - "isDeprecatedAdditionId": { + "expandedlicensing_isDeprecatedAdditionId": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_isDeprecatedAdditionId" }, - "obsoletedBy": { + "expandedlicensing_obsoletedBy": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_obsoletedBy" }, - "licenseXml": { + "expandedlicensing_licenseXml": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_licenseXml" }, - "seeAlso": { + "expandedlicensing_seeAlso": { "oneOf": [ { "type": "array", @@ -1104,7 +1104,7 @@ } }, "required": [ - "additionText" + "expandedlicensing_additionText" ] } ] @@ -1127,29 +1127,29 @@ "https:__rdf.spdx.org_v3_ExpandedLicensing_seeAlso": { "$ref": "#/$defs/anyURI" }, - "ListedLicenseException": { + "expandedlicensing_ListedLicenseException": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "ListedLicenseException" } + "type": { "const": "expandedlicensing_ListedLicenseException" } }, "required": ["type"] }, - { "$ref": "#/$defs/ListedLicenseException_props" } + { "$ref": "#/$defs/expandedlicensing_ListedLicenseException_props" } ] }, - "ListedLicenseException_props": { + "expandedlicensing_ListedLicenseException_props": { "allOf": [ - { "$ref": "#/$defs/LicenseAddition_props" }, + { "$ref": "#/$defs/expandedlicensing_LicenseAddition_props" }, { "type": "object", "properties": { - "listVersionAdded": { + "expandedlicensing_listVersionAdded": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_listVersionAdded" }, - "deprecatedVersion": { + "expandedlicensing_deprecatedVersion": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_deprecatedVersion" } } @@ -1162,20 +1162,20 @@ "https:__rdf.spdx.org_v3_ExpandedLicensing_deprecatedVersion": { "type": "string" }, - "Extension": { + "extension_Extension": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "Extension" } + "type": { "const": "extension_Extension" } }, "required": ["type"] }, - { "$ref": "#/$defs/Extension_props" } + { "$ref": "#/$defs/extension_Extension_props" } ] }, - "Extension_props": { + "extension_Extension_props": { "allOf": [ { "type": "object", @@ -1184,38 +1184,38 @@ } ] }, - "VulnAssessmentRelationship": { + "security_VulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "VulnAssessmentRelationship" } + "type": { "const": "security_VulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/VulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" } ] }, - "VulnAssessmentRelationship_props": { + "security_VulnAssessmentRelationship_props": { "allOf": [ { "$ref": "#/$defs/Relationship_props" }, { "type": "object", "properties": { - "assessedElement": { + "security_assessedElement": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_assessedElement" }, - "publishedTime": { + "security_publishedTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_publishedTime" }, "suppliedBy": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Core_suppliedBy" }, - "modifiedTime": { + "security_modifiedTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_modifiedTime" }, - "withdrawnTime": { + "security_withdrawnTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_withdrawnTime" } } @@ -1249,20 +1249,20 @@ "https:__rdf.spdx.org_v3_Security_withdrawnTime": { "$ref": "#/$defs/DateTime" }, - "AnyLicenseInfo": { + "simplelicensing_AnyLicenseInfo": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "AnyLicenseInfo" } + "type": { "const": "simplelicensing_AnyLicenseInfo" } }, "required": ["type"] }, - { "$ref": "#/$defs/AnyLicenseInfo_props" } + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_props" } ] }, - "AnyLicenseInfo_props": { + "simplelicensing_AnyLicenseInfo_props": { "allOf": [ { "$ref": "#/$defs/Element_props" }, { @@ -1272,32 +1272,32 @@ } ] }, - "LicenseExpression": { + "simplelicensing_LicenseExpression": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "LicenseExpression" } + "type": { "const": "simplelicensing_LicenseExpression" } }, "required": ["type"] }, - { "$ref": "#/$defs/LicenseExpression_props" } + { "$ref": "#/$defs/simplelicensing_LicenseExpression_props" } ] }, - "LicenseExpression_props": { + "simplelicensing_LicenseExpression_props": { "allOf": [ - { "$ref": "#/$defs/AnyLicenseInfo_props" }, + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_props" }, { "type": "object", "properties": { - "licenseExpression": { + "simplelicensing_licenseExpression": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_SimpleLicensing_licenseExpression" }, - "licenseListVersion": { + "simplelicensing_licenseListVersion": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_SimpleLicensing_licenseListVersion" }, - "customIdToUri": { + "simplelicensing_customIdToUri": { "oneOf": [ { "type": "array", @@ -1312,7 +1312,7 @@ } }, "required": [ - "licenseExpression" + "simplelicensing_licenseExpression" ] } ] @@ -1332,31 +1332,31 @@ } ] }, - "SimpleLicensingText": { + "simplelicensing_SimpleLicensingText": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "SimpleLicensingText" } + "type": { "const": "simplelicensing_SimpleLicensingText" } }, "required": ["type"] }, - { "$ref": "#/$defs/SimpleLicensingText_props" } + { "$ref": "#/$defs/simplelicensing_SimpleLicensingText_props" } ] }, - "SimpleLicensingText_props": { + "simplelicensing_SimpleLicensingText_props": { "allOf": [ { "$ref": "#/$defs/Element_props" }, { "type": "object", "properties": { - "licenseText": { + "simplelicensing_licenseText": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_SimpleLicensing_licenseText" } }, "required": [ - "licenseText" + "simplelicensing_licenseText" ] } ] @@ -1364,32 +1364,32 @@ "https:__rdf.spdx.org_v3_SimpleLicensing_licenseText": { "type": "string" }, - "Build": { + "build_Build": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "Build" } + "type": { "const": "build_Build" } }, "required": ["type"] }, - { "$ref": "#/$defs/Build_props" } + { "$ref": "#/$defs/build_Build_props" } ] }, - "Build_props": { + "build_Build_props": { "allOf": [ { "$ref": "#/$defs/Element_props" }, { "type": "object", "properties": { - "buildType": { + "build_buildType": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Build_buildType" }, - "buildId": { + "build_buildId": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Build_buildId" }, - "configSourceEntrypoint": { + "build_configSourceEntrypoint": { "oneOf": [ { "type": "array", @@ -1402,7 +1402,7 @@ } ] }, - "configSourceUri": { + "build_configSourceUri": { "oneOf": [ { "type": "array", @@ -1415,7 +1415,7 @@ } ] }, - "configSourceDigest": { + "build_configSourceDigest": { "oneOf": [ { "type": "array", @@ -1428,7 +1428,7 @@ } ] }, - "parameters": { + "build_parameters": { "oneOf": [ { "type": "array", @@ -1441,13 +1441,13 @@ } ] }, - "buildStartTime": { + "build_buildStartTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Build_buildStartTime" }, - "buildEndTime": { + "build_buildEndTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Build_buildEndTime" }, - "environment": { + "build_environment": { "oneOf": [ { "type": "array", @@ -1462,7 +1462,7 @@ } }, "required": [ - "buildType" + "build_buildType" ] } ] @@ -1904,26 +1904,26 @@ } ] }, - "ConjunctiveLicenseSet": { + "expandedlicensing_ConjunctiveLicenseSet": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "ConjunctiveLicenseSet" } + "type": { "const": "expandedlicensing_ConjunctiveLicenseSet" } }, "required": ["type"] }, - { "$ref": "#/$defs/ConjunctiveLicenseSet_props" } + { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet_props" } ] }, - "ConjunctiveLicenseSet_props": { + "expandedlicensing_ConjunctiveLicenseSet_props": { "allOf": [ - { "$ref": "#/$defs/AnyLicenseInfo_props" }, + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_props" }, { "type": "object", "properties": { - "member": { + "expandedlicensing_member": { "oneOf": [ { "type": "array", @@ -1939,7 +1939,7 @@ } }, "required": [ - "member" + "expandedlicensing_member" ] } ] @@ -1948,27 +1948,27 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/AnyLicenseInfo", + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo", "unevaluatedProperties": false } ] }, - "CustomLicenseAddition": { + "expandedlicensing_CustomLicenseAddition": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "CustomLicenseAddition" } + "type": { "const": "expandedlicensing_CustomLicenseAddition" } }, "required": ["type"] }, - { "$ref": "#/$defs/CustomLicenseAddition_props" } + { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition_props" } ] }, - "CustomLicenseAddition_props": { + "expandedlicensing_CustomLicenseAddition_props": { "allOf": [ - { "$ref": "#/$defs/LicenseAddition_props" }, + { "$ref": "#/$defs/expandedlicensing_LicenseAddition_props" }, { "type": "object", "properties": { @@ -1976,26 +1976,26 @@ } ] }, - "DisjunctiveLicenseSet": { + "expandedlicensing_DisjunctiveLicenseSet": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "DisjunctiveLicenseSet" } + "type": { "const": "expandedlicensing_DisjunctiveLicenseSet" } }, "required": ["type"] }, - { "$ref": "#/$defs/DisjunctiveLicenseSet_props" } + { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet_props" } ] }, - "DisjunctiveLicenseSet_props": { + "expandedlicensing_DisjunctiveLicenseSet_props": { "allOf": [ - { "$ref": "#/$defs/AnyLicenseInfo_props" }, + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_props" }, { "type": "object", "properties": { - "member": { + "expandedlicensing_member": { "oneOf": [ { "type": "array", @@ -2011,7 +2011,7 @@ } }, "required": [ - "member" + "expandedlicensing_member" ] } ] @@ -2020,27 +2020,27 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/AnyLicenseInfo", + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo", "unevaluatedProperties": false } ] }, - "ExtendableLicense": { + "expandedlicensing_ExtendableLicense": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "ExtendableLicense" } + "type": { "const": "expandedlicensing_ExtendableLicense" } }, "required": ["type"] }, - { "$ref": "#/$defs/ExtendableLicense_props" } + { "$ref": "#/$defs/expandedlicensing_ExtendableLicense_props" } ] }, - "ExtendableLicense_props": { + "expandedlicensing_ExtendableLicense_props": { "allOf": [ - { "$ref": "#/$defs/AnyLicenseInfo_props" }, + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_props" }, { "type": "object", "properties": { @@ -2048,22 +2048,22 @@ } ] }, - "IndividualLicensingInfo": { + "expandedlicensing_IndividualLicensingInfo": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "IndividualLicensingInfo" } + "type": { "const": "expandedlicensing_IndividualLicensingInfo" } }, "required": ["type"] }, - { "$ref": "#/$defs/IndividualLicensingInfo_props" } + { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo_props" } ] }, - "IndividualLicensingInfo_props": { + "expandedlicensing_IndividualLicensingInfo_props": { "allOf": [ - { "$ref": "#/$defs/AnyLicenseInfo_props" }, + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_props" }, { "type": "object", "properties": { @@ -2071,50 +2071,50 @@ } ] }, - "License": { + "expandedlicensing_License": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "License" } + "type": { "const": "expandedlicensing_License" } }, "required": ["type"] }, - { "$ref": "#/$defs/License_props" } + { "$ref": "#/$defs/expandedlicensing_License_props" } ] }, - "License_props": { + "expandedlicensing_License_props": { "allOf": [ - { "$ref": "#/$defs/ExtendableLicense_props" }, + { "$ref": "#/$defs/expandedlicensing_ExtendableLicense_props" }, { "type": "object", "properties": { - "licenseText": { + "simplelicensing_licenseText": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_SimpleLicensing_licenseText" }, - "isOsiApproved": { + "expandedlicensing_isOsiApproved": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_isOsiApproved" }, - "isFsfLibre": { + "expandedlicensing_isFsfLibre": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_isFsfLibre" }, - "standardLicenseHeader": { + "expandedlicensing_standardLicenseHeader": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_standardLicenseHeader" }, - "standardLicenseTemplate": { + "expandedlicensing_standardLicenseTemplate": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_standardLicenseTemplate" }, - "isDeprecatedLicenseId": { + "expandedlicensing_isDeprecatedLicenseId": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_isDeprecatedLicenseId" }, - "obsoletedBy": { + "expandedlicensing_obsoletedBy": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_obsoletedBy" }, - "licenseXml": { + "expandedlicensing_licenseXml": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_licenseXml" }, - "seeAlso": { + "expandedlicensing_seeAlso": { "oneOf": [ { "type": "array", @@ -2129,7 +2129,7 @@ } }, "required": [ - "licenseText" + "simplelicensing_licenseText" ] } ] @@ -2161,29 +2161,29 @@ "https:__rdf.spdx.org_v3_ExpandedLicensing_seeAlso": { "$ref": "#/$defs/anyURI" }, - "ListedLicense": { + "expandedlicensing_ListedLicense": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "ListedLicense" } + "type": { "const": "expandedlicensing_ListedLicense" } }, "required": ["type"] }, - { "$ref": "#/$defs/ListedLicense_props" } + { "$ref": "#/$defs/expandedlicensing_ListedLicense_props" } ] }, - "ListedLicense_props": { + "expandedlicensing_ListedLicense_props": { "allOf": [ - { "$ref": "#/$defs/License_props" }, + { "$ref": "#/$defs/expandedlicensing_License_props" }, { "type": "object", "properties": { - "listVersionAdded": { + "expandedlicensing_listVersionAdded": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_listVersionAdded" }, - "deprecatedVersion": { + "expandedlicensing_deprecatedVersion": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_deprecatedVersion" } } @@ -2196,31 +2196,31 @@ "https:__rdf.spdx.org_v3_ExpandedLicensing_deprecatedVersion": { "type": "string" }, - "OrLaterOperator": { + "expandedlicensing_OrLaterOperator": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "OrLaterOperator" } + "type": { "const": "expandedlicensing_OrLaterOperator" } }, "required": ["type"] }, - { "$ref": "#/$defs/OrLaterOperator_props" } + { "$ref": "#/$defs/expandedlicensing_OrLaterOperator_props" } ] }, - "OrLaterOperator_props": { + "expandedlicensing_OrLaterOperator_props": { "allOf": [ - { "$ref": "#/$defs/ExtendableLicense_props" }, + { "$ref": "#/$defs/expandedlicensing_ExtendableLicense_props" }, { "type": "object", "properties": { - "subjectLicense": { + "expandedlicensing_subjectLicense": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_subjectLicense" } }, "required": [ - "subjectLicense" + "expandedlicensing_subjectLicense" ] } ] @@ -2229,40 +2229,40 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/License", + "$ref": "#/$defs/expandedlicensing_License", "unevaluatedProperties": false } ] }, - "WithAdditionOperator": { + "expandedlicensing_WithAdditionOperator": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "WithAdditionOperator" } + "type": { "const": "expandedlicensing_WithAdditionOperator" } }, "required": ["type"] }, - { "$ref": "#/$defs/WithAdditionOperator_props" } + { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator_props" } ] }, - "WithAdditionOperator_props": { + "expandedlicensing_WithAdditionOperator_props": { "allOf": [ - { "$ref": "#/$defs/AnyLicenseInfo_props" }, + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_props" }, { "type": "object", "properties": { - "subjectExtendableLicense": { + "expandedlicensing_subjectExtendableLicense": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_subjectExtendableLicense" }, - "subjectAddition": { + "expandedlicensing_subjectAddition": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_ExpandedLicensing_subjectAddition" } }, "required": [ - "subjectExtendableLicense", - "subjectAddition" + "expandedlicensing_subjectExtendableLicense", + "expandedlicensing_subjectAddition" ] } ] @@ -2271,7 +2271,7 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/ExtendableLicense", + "$ref": "#/$defs/expandedlicensing_ExtendableLicense", "unevaluatedProperties": false } ] @@ -2280,40 +2280,40 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/LicenseAddition", + "$ref": "#/$defs/expandedlicensing_LicenseAddition", "unevaluatedProperties": false } ] }, - "CvssV2VulnAssessmentRelationship": { + "security_CvssV2VulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "CvssV2VulnAssessmentRelationship" } + "type": { "const": "security_CvssV2VulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/CvssV2VulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship_props" } ] }, - "CvssV2VulnAssessmentRelationship_props": { + "security_CvssV2VulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "score": { + "security_score": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_score" }, - "vectorString": { + "security_vectorString": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_vectorString" } }, "required": [ - "score", - "vectorString" + "security_score", + "security_vectorString" ] } ] @@ -2324,39 +2324,39 @@ "https:__rdf.spdx.org_v3_Security_vectorString": { "type": "string" }, - "CvssV3VulnAssessmentRelationship": { + "security_CvssV3VulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "CvssV3VulnAssessmentRelationship" } + "type": { "const": "security_CvssV3VulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/CvssV3VulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship_props" } ] }, - "CvssV3VulnAssessmentRelationship_props": { + "security_CvssV3VulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "score": { + "security_score": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_score" }, - "severity": { + "security_severity": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_severity" }, - "vectorString": { + "security_vectorString": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_vectorString" } }, "required": [ - "score", - "severity", - "vectorString" + "security_score", + "security_severity", + "security_vectorString" ] } ] @@ -2376,39 +2376,39 @@ "https:__rdf.spdx.org_v3_Security_vectorString": { "type": "string" }, - "CvssV4VulnAssessmentRelationship": { + "security_CvssV4VulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "CvssV4VulnAssessmentRelationship" } + "type": { "const": "security_CvssV4VulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/CvssV4VulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship_props" } ] }, - "CvssV4VulnAssessmentRelationship_props": { + "security_CvssV4VulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "score": { + "security_score": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_score" }, - "severity": { + "security_severity": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_severity" }, - "vectorString": { + "security_vectorString": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_vectorString" } }, "required": [ - "score", - "severity", - "vectorString" + "security_score", + "security_severity", + "security_vectorString" ] } ] @@ -2428,39 +2428,39 @@ "https:__rdf.spdx.org_v3_Security_vectorString": { "type": "string" }, - "EpssVulnAssessmentRelationship": { + "security_EpssVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "EpssVulnAssessmentRelationship" } + "type": { "const": "security_EpssVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/EpssVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship_props" } ] }, - "EpssVulnAssessmentRelationship_props": { + "security_EpssVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "probability": { + "security_probability": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_probability" }, - "percentile": { + "security_percentile": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_percentile" }, - "publishedTime": { + "security_publishedTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_publishedTime" } }, "required": [ - "probability", - "percentile", - "publishedTime" + "security_probability", + "security_percentile", + "security_publishedTime" ] } ] @@ -2474,39 +2474,39 @@ "https:__rdf.spdx.org_v3_Security_publishedTime": { "$ref": "#/$defs/DateTime" }, - "ExploitCatalogVulnAssessmentRelationship": { + "security_ExploitCatalogVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "ExploitCatalogVulnAssessmentRelationship" } + "type": { "const": "security_ExploitCatalogVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/ExploitCatalogVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship_props" } ] }, - "ExploitCatalogVulnAssessmentRelationship_props": { + "security_ExploitCatalogVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "catalogType": { + "security_catalogType": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_catalogType" }, - "exploited": { + "security_exploited": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_exploited" }, - "Security/locator": { + "security_locator": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_locator" } }, "required": [ - "catalogType", - "exploited", - "Security/locator" + "security_catalogType", + "security_exploited", + "security_locator" ] } ] @@ -2523,31 +2523,31 @@ "https:__rdf.spdx.org_v3_Security_locator": { "$ref": "#/$defs/anyURI" }, - "SsvcVulnAssessmentRelationship": { + "security_SsvcVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "SsvcVulnAssessmentRelationship" } + "type": { "const": "security_SsvcVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/SsvcVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship_props" } ] }, - "SsvcVulnAssessmentRelationship_props": { + "security_SsvcVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "decisionType": { + "security_decisionType": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_decisionType" } }, "required": [ - "decisionType" + "security_decisionType" ] } ] @@ -2560,29 +2560,29 @@ "trackStar" ] }, - "VexVulnAssessmentRelationship": { + "security_VexVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "VexVulnAssessmentRelationship" } + "type": { "const": "security_VexVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/VexVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_VexVulnAssessmentRelationship_props" } ] }, - "VexVulnAssessmentRelationship_props": { + "security_VexVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "vexVersion": { + "security_vexVersion": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_vexVersion" }, - "statusNotes": { + "security_statusNotes": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_statusNotes" } } @@ -2595,32 +2595,32 @@ "https:__rdf.spdx.org_v3_Security_statusNotes": { "type": "string" }, - "Vulnerability": { + "security_Vulnerability": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "Vulnerability" } + "type": { "const": "security_Vulnerability" } }, "required": ["type"] }, - { "$ref": "#/$defs/Vulnerability_props" } + { "$ref": "#/$defs/security_Vulnerability_props" } ] }, - "Vulnerability_props": { + "security_Vulnerability_props": { "allOf": [ { "$ref": "#/$defs/Artifact_props" }, { "type": "object", "properties": { - "publishedTime": { + "security_publishedTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_publishedTime" }, - "modifiedTime": { + "security_modifiedTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_modifiedTime" }, - "withdrawnTime": { + "security_withdrawnTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_withdrawnTime" } } @@ -2636,26 +2636,26 @@ "https:__rdf.spdx.org_v3_Security_withdrawnTime": { "$ref": "#/$defs/DateTime" }, - "SoftwareArtifact": { + "software_SoftwareArtifact": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "SoftwareArtifact" } + "type": { "const": "software_SoftwareArtifact" } }, "required": ["type"] }, - { "$ref": "#/$defs/SoftwareArtifact_props" } + { "$ref": "#/$defs/software_SoftwareArtifact_props" } ] }, - "SoftwareArtifact_props": { + "software_SoftwareArtifact_props": { "allOf": [ { "$ref": "#/$defs/Artifact_props" }, { "type": "object", "properties": { - "gitoid": { + "software_gitoid": { "oneOf": [ { "type": "array", @@ -2669,10 +2669,10 @@ } ] }, - "primaryPurpose": { + "software_primaryPurpose": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_primaryPurpose" }, - "additionalPurpose": { + "software_additionalPurpose": { "oneOf": [ { "type": "array", @@ -2685,10 +2685,10 @@ } ] }, - "copyrightText": { + "software_copyrightText": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_copyrightText" }, - "attributionText": { + "software_attributionText": { "oneOf": [ { "type": "array", @@ -2803,22 +2803,22 @@ } ] }, - "CustomLicense": { + "expandedlicensing_CustomLicense": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "CustomLicense" } + "type": { "const": "expandedlicensing_CustomLicense" } }, "required": ["type"] }, - { "$ref": "#/$defs/CustomLicense_props" } + { "$ref": "#/$defs/expandedlicensing_CustomLicense_props" } ] }, - "CustomLicense_props": { + "expandedlicensing_CustomLicense_props": { "allOf": [ - { "$ref": "#/$defs/License_props" }, + { "$ref": "#/$defs/expandedlicensing_License_props" }, { "type": "object", "properties": { @@ -2826,29 +2826,29 @@ } ] }, - "VexAffectedVulnAssessmentRelationship": { + "security_VexAffectedVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "VexAffectedVulnAssessmentRelationship" } + "type": { "const": "security_VexAffectedVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/VexAffectedVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship_props" } ] }, - "VexAffectedVulnAssessmentRelationship_props": { + "security_VexAffectedVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VexVulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VexVulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "actionStatement": { + "security_actionStatement": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_actionStatement" }, - "actionStatementTime": { + "security_actionStatementTime": { "oneOf": [ { "type": "array", @@ -2871,22 +2871,22 @@ "https:__rdf.spdx.org_v3_Security_actionStatementTime": { "$ref": "#/$defs/DateTime" }, - "VexFixedVulnAssessmentRelationship": { + "security_VexFixedVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "VexFixedVulnAssessmentRelationship" } + "type": { "const": "security_VexFixedVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/VexFixedVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship_props" } ] }, - "VexFixedVulnAssessmentRelationship_props": { + "security_VexFixedVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VexVulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VexVulnAssessmentRelationship_props" }, { "type": "object", "properties": { @@ -2894,32 +2894,32 @@ } ] }, - "VexNotAffectedVulnAssessmentRelationship": { + "security_VexNotAffectedVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "VexNotAffectedVulnAssessmentRelationship" } + "type": { "const": "security_VexNotAffectedVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/VexNotAffectedVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship_props" } ] }, - "VexNotAffectedVulnAssessmentRelationship_props": { + "security_VexNotAffectedVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VexVulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VexVulnAssessmentRelationship_props" }, { "type": "object", "properties": { - "justificationType": { + "security_justificationType": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_justificationType" }, - "impactStatement": { + "security_impactStatement": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_impactStatement" }, - "impactStatementTime": { + "security_impactStatementTime": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Security_impactStatementTime" } } @@ -2941,22 +2941,22 @@ "https:__rdf.spdx.org_v3_Security_impactStatementTime": { "$ref": "#/$defs/DateTime" }, - "VexUnderInvestigationVulnAssessmentRelationship": { + "security_VexUnderInvestigationVulnAssessmentRelationship": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "VexUnderInvestigationVulnAssessmentRelationship" } + "type": { "const": "security_VexUnderInvestigationVulnAssessmentRelationship" } }, "required": ["type"] }, - { "$ref": "#/$defs/VexUnderInvestigationVulnAssessmentRelationship_props" } + { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship_props" } ] }, - "VexUnderInvestigationVulnAssessmentRelationship_props": { + "security_VexUnderInvestigationVulnAssessmentRelationship_props": { "allOf": [ - { "$ref": "#/$defs/VexVulnAssessmentRelationship_props" }, + { "$ref": "#/$defs/security_VexVulnAssessmentRelationship_props" }, { "type": "object", "properties": { @@ -2964,29 +2964,29 @@ } ] }, - "File": { + "software_File": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "File" } + "type": { "const": "software_File" } }, "required": ["type"] }, - { "$ref": "#/$defs/File_props" } + { "$ref": "#/$defs/software_File_props" } ] }, - "File_props": { + "software_File_props": { "allOf": [ - { "$ref": "#/$defs/SoftwareArtifact_props" }, + { "$ref": "#/$defs/software_SoftwareArtifact_props" }, { "type": "object", "properties": { - "Software/contentType": { + "software_contentType": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_contentType" }, - "isDirectory": { + "software_isDirectory": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_isDirectory" } } @@ -2999,38 +2999,38 @@ "https:__rdf.spdx.org_v3_Software_isDirectory": { "type": "boolean" }, - "Package": { + "software_Package": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "Package" } + "type": { "const": "software_Package" } }, "required": ["type"] }, - { "$ref": "#/$defs/Package_props" } + { "$ref": "#/$defs/software_Package_props" } ] }, - "Package_props": { + "software_Package_props": { "allOf": [ - { "$ref": "#/$defs/SoftwareArtifact_props" }, + { "$ref": "#/$defs/software_SoftwareArtifact_props" }, { "type": "object", "properties": { - "packageVersion": { + "software_packageVersion": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_packageVersion" }, - "downloadLocation": { + "software_downloadLocation": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_downloadLocation" }, - "packageUrl": { + "software_packageUrl": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_packageUrl" }, - "homePage": { + "software_homePage": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_homePage" }, - "sourceInfo": { + "software_sourceInfo": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_sourceInfo" } } @@ -3052,26 +3052,26 @@ "https:__rdf.spdx.org_v3_Software_sourceInfo": { "type": "string" }, - "Sbom": { + "software_Sbom": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "Sbom" } + "type": { "const": "software_Sbom" } }, "required": ["type"] }, - { "$ref": "#/$defs/Sbom_props" } + { "$ref": "#/$defs/software_Sbom_props" } ] }, - "Sbom_props": { + "software_Sbom_props": { "allOf": [ { "$ref": "#/$defs/Bom_props" }, { "type": "object", "properties": { - "sbomType": { + "software_sbomType": { "oneOf": [ { "type": "array", @@ -3098,37 +3098,37 @@ "source" ] }, - "Snippet": { + "software_Snippet": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "Snippet" } + "type": { "const": "software_Snippet" } }, "required": ["type"] }, - { "$ref": "#/$defs/Snippet_props" } + { "$ref": "#/$defs/software_Snippet_props" } ] }, - "Snippet_props": { + "software_Snippet_props": { "allOf": [ - { "$ref": "#/$defs/SoftwareArtifact_props" }, + { "$ref": "#/$defs/software_SoftwareArtifact_props" }, { "type": "object", "properties": { - "byteRange": { + "software_byteRange": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_byteRange" }, - "lineRange": { + "software_lineRange": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_lineRange" }, - "snippetFromFile": { + "software_snippetFromFile": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Software_snippetFromFile" } }, "required": [ - "snippetFromFile" + "software_snippetFromFile" ] } ] @@ -3155,34 +3155,34 @@ "oneOf": [ { "$ref": "#/$defs/idRef" }, { - "$ref": "#/$defs/File", + "$ref": "#/$defs/software_File", "unevaluatedProperties": false } ] }, - "AIPackage": { + "ai_AIPackage": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "AIPackage" } + "type": { "const": "ai_AIPackage" } }, "required": ["type"] }, - { "$ref": "#/$defs/AIPackage_props" } + { "$ref": "#/$defs/ai_AIPackage_props" } ] }, - "AIPackage_props": { + "ai_AIPackage_props": { "allOf": [ - { "$ref": "#/$defs/Package_props" }, + { "$ref": "#/$defs/software_Package_props" }, { "type": "object", "properties": { - "energyConsumption": { + "ai_energyConsumption": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_AI_energyConsumption" }, - "standardCompliance": { + "ai_standardCompliance": { "oneOf": [ { "type": "array", @@ -3195,10 +3195,10 @@ } ] }, - "limitation": { + "ai_limitation": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_AI_limitation" }, - "typeOfModel": { + "ai_typeOfModel": { "oneOf": [ { "type": "array", @@ -3211,13 +3211,13 @@ } ] }, - "informationAboutTraining": { + "ai_informationAboutTraining": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_AI_informationAboutTraining" }, - "informationAboutApplication": { + "ai_informationAboutApplication": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_AI_informationAboutApplication" }, - "hyperparameter": { + "ai_hyperparameter": { "oneOf": [ { "type": "array", @@ -3230,7 +3230,7 @@ } ] }, - "modelDataPreprocessing": { + "ai_modelDataPreprocessing": { "oneOf": [ { "type": "array", @@ -3243,7 +3243,7 @@ } ] }, - "modelExplainability": { + "ai_modelExplainability": { "oneOf": [ { "type": "array", @@ -3256,10 +3256,10 @@ } ] }, - "sensitivePersonalInformation": { + "ai_sensitivePersonalInformation": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_AI_sensitivePersonalInformation" }, - "metricDecisionThreshold": { + "ai_metricDecisionThreshold": { "oneOf": [ { "type": "array", @@ -3272,7 +3272,7 @@ } ] }, - "metric": { + "ai_metric": { "oneOf": [ { "type": "array", @@ -3285,7 +3285,7 @@ } ] }, - "domain": { + "ai_domain": { "oneOf": [ { "type": "array", @@ -3298,10 +3298,10 @@ } ] }, - "autonomyType": { + "ai_autonomyType": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_AI_autonomyType" }, - "safetyRiskAssessment": { + "ai_safetyRiskAssessment": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_AI_safetyRiskAssessment" } } @@ -3384,26 +3384,26 @@ "serious" ] }, - "Dataset": { + "dataset_Dataset": { "allOf": [ { "type": "object", "properties": { "spdxId": { "$ref": "#/$defs/idRef" }, - "type": { "const": "Dataset" } + "type": { "const": "dataset_Dataset" } }, "required": ["type"] }, - { "$ref": "#/$defs/Dataset_props" } + { "$ref": "#/$defs/dataset_Dataset_props" } ] }, - "Dataset_props": { + "dataset_Dataset_props": { "allOf": [ - { "$ref": "#/$defs/Package_props" }, + { "$ref": "#/$defs/software_Package_props" }, { "type": "object", "properties": { - "datasetType": { + "dataset_datasetType": { "oneOf": [ { "type": "array", @@ -3417,19 +3417,19 @@ } ] }, - "dataCollectionProcess": { + "dataset_dataCollectionProcess": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_dataCollectionProcess" }, - "intendedUse": { + "dataset_intendedUse": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_intendedUse" }, - "datasetSize": { + "dataset_datasetSize": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_datasetSize" }, - "datasetNoise": { + "dataset_datasetNoise": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_datasetNoise" }, - "dataPreprocessing": { + "dataset_dataPreprocessing": { "oneOf": [ { "type": "array", @@ -3442,7 +3442,7 @@ } ] }, - "sensor": { + "dataset_sensor": { "oneOf": [ { "type": "array", @@ -3455,7 +3455,7 @@ } ] }, - "knownBias": { + "dataset_knownBias": { "oneOf": [ { "type": "array", @@ -3468,10 +3468,10 @@ } ] }, - "Dataset/sensitivePersonalInformation": { + "dataset_sensitivePersonalInformation": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_sensitivePersonalInformation" }, - "anonymizationMethodUsed": { + "dataset_anonymizationMethodUsed": { "oneOf": [ { "type": "array", @@ -3484,18 +3484,18 @@ } ] }, - "confidentialityLevel": { + "dataset_confidentialityLevel": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_confidentialityLevel" }, - "datasetUpdateMechanism": { + "dataset_datasetUpdateMechanism": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_datasetUpdateMechanism" }, - "datasetAvailability": { + "dataset_datasetAvailability": { "$ref": "#/$defs/https:__rdf.spdx.org_v3_Dataset_datasetAvailability" } }, "required": [ - "datasetType" + "dataset_datasetType" ] } ] @@ -3609,14 +3609,14 @@ { "$ref": "#/$defs/Relationship" }, { "$ref": "#/$defs/SpdxDocument" }, { "$ref": "#/$defs/Tool" }, - { "$ref": "#/$defs/LicenseAddition" }, - { "$ref": "#/$defs/ListedLicenseException" }, - { "$ref": "#/$defs/Extension" }, - { "$ref": "#/$defs/VulnAssessmentRelationship" }, - { "$ref": "#/$defs/AnyLicenseInfo" }, - { "$ref": "#/$defs/LicenseExpression" }, - { "$ref": "#/$defs/SimpleLicensingText" }, - { "$ref": "#/$defs/Build" }, + { "$ref": "#/$defs/expandedlicensing_LicenseAddition" }, + { "$ref": "#/$defs/expandedlicensing_ListedLicenseException" }, + { "$ref": "#/$defs/extension_Extension" }, + { "$ref": "#/$defs/security_VulnAssessmentRelationship" }, + { "$ref": "#/$defs/simplelicensing_AnyLicenseInfo" }, + { "$ref": "#/$defs/simplelicensing_LicenseExpression" }, + { "$ref": "#/$defs/simplelicensing_SimpleLicensingText" }, + { "$ref": "#/$defs/build_Build" }, { "$ref": "#/$defs/Agent" }, { "$ref": "#/$defs/Annotation" }, { "$ref": "#/$defs/Artifact" }, @@ -3626,36 +3626,36 @@ { "$ref": "#/$defs/Organization" }, { "$ref": "#/$defs/Person" }, { "$ref": "#/$defs/SoftwareAgent" }, - { "$ref": "#/$defs/ConjunctiveLicenseSet" }, - { "$ref": "#/$defs/CustomLicenseAddition" }, - { "$ref": "#/$defs/DisjunctiveLicenseSet" }, - { "$ref": "#/$defs/ExtendableLicense" }, - { "$ref": "#/$defs/IndividualLicensingInfo" }, - { "$ref": "#/$defs/License" }, - { "$ref": "#/$defs/ListedLicense" }, - { "$ref": "#/$defs/OrLaterOperator" }, - { "$ref": "#/$defs/WithAdditionOperator" }, - { "$ref": "#/$defs/CvssV2VulnAssessmentRelationship" }, - { "$ref": "#/$defs/CvssV3VulnAssessmentRelationship" }, - { "$ref": "#/$defs/CvssV4VulnAssessmentRelationship" }, - { "$ref": "#/$defs/EpssVulnAssessmentRelationship" }, - { "$ref": "#/$defs/ExploitCatalogVulnAssessmentRelationship" }, - { "$ref": "#/$defs/SsvcVulnAssessmentRelationship" }, - { "$ref": "#/$defs/VexVulnAssessmentRelationship" }, - { "$ref": "#/$defs/Vulnerability" }, - { "$ref": "#/$defs/SoftwareArtifact" }, + { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet" }, + { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition" }, + { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet" }, + { "$ref": "#/$defs/expandedlicensing_ExtendableLicense" }, + { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo" }, + { "$ref": "#/$defs/expandedlicensing_License" }, + { "$ref": "#/$defs/expandedlicensing_ListedLicense" }, + { "$ref": "#/$defs/expandedlicensing_OrLaterOperator" }, + { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator" }, + { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_VexVulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_Vulnerability" }, + { "$ref": "#/$defs/software_SoftwareArtifact" }, { "$ref": "#/$defs/Bom" }, - { "$ref": "#/$defs/CustomLicense" }, - { "$ref": "#/$defs/VexAffectedVulnAssessmentRelationship" }, - { "$ref": "#/$defs/VexFixedVulnAssessmentRelationship" }, - { "$ref": "#/$defs/VexNotAffectedVulnAssessmentRelationship" }, - { "$ref": "#/$defs/VexUnderInvestigationVulnAssessmentRelationship" }, - { "$ref": "#/$defs/File" }, - { "$ref": "#/$defs/Package" }, - { "$ref": "#/$defs/Sbom" }, - { "$ref": "#/$defs/Snippet" }, - { "$ref": "#/$defs/AIPackage" }, - { "$ref": "#/$defs/Dataset" } + { "$ref": "#/$defs/expandedlicensing_CustomLicense" }, + { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship" }, + { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship" }, + { "$ref": "#/$defs/software_File" }, + { "$ref": "#/$defs/software_Package" }, + { "$ref": "#/$defs/software_Sbom" }, + { "$ref": "#/$defs/software_Snippet" }, + { "$ref": "#/$defs/ai_AIPackage" }, + { "$ref": "#/$defs/dataset_Dataset" } ] } } diff --git a/tests/expect/python/spdx3-context.py b/tests/expect/python/spdx3-context.py index 54689ef..67bdf8b 100644 --- a/tests/expect/python/spdx3-context.py +++ b/tests/expect/python/spdx3-context.py @@ -797,625 +797,474 @@ def callback(value, path): CONTEXTS = [ { - "AI/SafetyRiskAssessmentType/high": "spdx:AI/SafetyRiskAssessmentType/high", - "AI/SafetyRiskAssessmentType/low": "spdx:AI/SafetyRiskAssessmentType/low", - "AI/SafetyRiskAssessmentType/medium": "spdx:AI/SafetyRiskAssessmentType/medium", - "AI/SafetyRiskAssessmentType/serious": "spdx:AI/SafetyRiskAssessmentType/serious", - "AIPackage": "spdx:AI/AIPackage", - "Agent": "spdx:Core/Agent", - "Annotation": "spdx:Core/Annotation", - "AnnotationType": "spdx:Core/AnnotationType", - "AnyLicenseInfo": "spdx:SimpleLicensing/AnyLicenseInfo", - "Artifact": "spdx:Core/Artifact", - "Bom": "spdx:Core/Bom", - "Build": "spdx:Build/Build", - "Bundle": "spdx:Core/Bundle", - "ConfidentialityLevelType": "spdx:Dataset/ConfidentialityLevelType", - "ConjunctiveLicenseSet": "spdx:ExpandedLicensing/ConjunctiveLicenseSet", - "Core/AnnotationType/other": "spdx:Core/AnnotationType/other", - "Core/AnnotationType/review": "spdx:Core/AnnotationType/review", - "Core/ExternalIdentifierType/cpe22": "spdx:Core/ExternalIdentifierType/cpe22", - "Core/ExternalIdentifierType/cpe23": "spdx:Core/ExternalIdentifierType/cpe23", - "Core/ExternalIdentifierType/cve": "spdx:Core/ExternalIdentifierType/cve", - "Core/ExternalIdentifierType/email": "spdx:Core/ExternalIdentifierType/email", - "Core/ExternalIdentifierType/gitoid": "spdx:Core/ExternalIdentifierType/gitoid", - "Core/ExternalIdentifierType/other": "spdx:Core/ExternalIdentifierType/other", - "Core/ExternalIdentifierType/packageUrl": "spdx:Core/ExternalIdentifierType/packageUrl", - "Core/ExternalIdentifierType/securityOther": "spdx:Core/ExternalIdentifierType/securityOther", - "Core/ExternalIdentifierType/swhid": "spdx:Core/ExternalIdentifierType/swhid", - "Core/ExternalIdentifierType/swid": "spdx:Core/ExternalIdentifierType/swid", - "Core/ExternalIdentifierType/urlScheme": "spdx:Core/ExternalIdentifierType/urlScheme", - "Core/ExternalRefType/altDownloadLocation": "spdx:Core/ExternalRefType/altDownloadLocation", - "Core/ExternalRefType/altWebPage": "spdx:Core/ExternalRefType/altWebPage", - "Core/ExternalRefType/binaryArtifact": "spdx:Core/ExternalRefType/binaryArtifact", - "Core/ExternalRefType/bower": "spdx:Core/ExternalRefType/bower", - "Core/ExternalRefType/buildMeta": "spdx:Core/ExternalRefType/buildMeta", - "Core/ExternalRefType/buildSystem": "spdx:Core/ExternalRefType/buildSystem", - "Core/ExternalRefType/certificationReport": "spdx:Core/ExternalRefType/certificationReport", - "Core/ExternalRefType/chat": "spdx:Core/ExternalRefType/chat", - "Core/ExternalRefType/componentAnalysisReport": "spdx:Core/ExternalRefType/componentAnalysisReport", - "Core/ExternalRefType/documentation": "spdx:Core/ExternalRefType/documentation", - "Core/ExternalRefType/dynamicAnalysisReport": "spdx:Core/ExternalRefType/dynamicAnalysisReport", - "Core/ExternalRefType/eolNotice": "spdx:Core/ExternalRefType/eolNotice", - "Core/ExternalRefType/exportControlAssessment": "spdx:Core/ExternalRefType/exportControlAssessment", - "Core/ExternalRefType/funding": "spdx:Core/ExternalRefType/funding", - "Core/ExternalRefType/issueTracker": "spdx:Core/ExternalRefType/issueTracker", - "Core/ExternalRefType/license": "spdx:Core/ExternalRefType/license", - "Core/ExternalRefType/mailingList": "spdx:Core/ExternalRefType/mailingList", - "Core/ExternalRefType/mavenCentral": "spdx:Core/ExternalRefType/mavenCentral", - "Core/ExternalRefType/metrics": "spdx:Core/ExternalRefType/metrics", - "Core/ExternalRefType/npm": "spdx:Core/ExternalRefType/npm", - "Core/ExternalRefType/nuget": "spdx:Core/ExternalRefType/nuget", - "Core/ExternalRefType/other": "spdx:Core/ExternalRefType/other", - "Core/ExternalRefType/privacyAssessment": "spdx:Core/ExternalRefType/privacyAssessment", - "Core/ExternalRefType/productMetadata": "spdx:Core/ExternalRefType/productMetadata", - "Core/ExternalRefType/purchaseOrder": "spdx:Core/ExternalRefType/purchaseOrder", - "Core/ExternalRefType/qualityAssessmentReport": "spdx:Core/ExternalRefType/qualityAssessmentReport", - "Core/ExternalRefType/releaseHistory": "spdx:Core/ExternalRefType/releaseHistory", - "Core/ExternalRefType/releaseNotes": "spdx:Core/ExternalRefType/releaseNotes", - "Core/ExternalRefType/riskAssessment": "spdx:Core/ExternalRefType/riskAssessment", - "Core/ExternalRefType/runtimeAnalysisReport": "spdx:Core/ExternalRefType/runtimeAnalysisReport", - "Core/ExternalRefType/secureSoftwareAttestation": "spdx:Core/ExternalRefType/secureSoftwareAttestation", - "Core/ExternalRefType/securityAdversaryModel": "spdx:Core/ExternalRefType/securityAdversaryModel", - "Core/ExternalRefType/securityAdvisory": "spdx:Core/ExternalRefType/securityAdvisory", - "Core/ExternalRefType/securityFix": "spdx:Core/ExternalRefType/securityFix", - "Core/ExternalRefType/securityOther": "spdx:Core/ExternalRefType/securityOther", - "Core/ExternalRefType/securityPenTestReport": "spdx:Core/ExternalRefType/securityPenTestReport", - "Core/ExternalRefType/securityPolicy": "spdx:Core/ExternalRefType/securityPolicy", - "Core/ExternalRefType/securityThreatModel": "spdx:Core/ExternalRefType/securityThreatModel", - "Core/ExternalRefType/socialMedia": "spdx:Core/ExternalRefType/socialMedia", - "Core/ExternalRefType/sourceArtifact": "spdx:Core/ExternalRefType/sourceArtifact", - "Core/ExternalRefType/staticAnalysisReport": "spdx:Core/ExternalRefType/staticAnalysisReport", - "Core/ExternalRefType/support": "spdx:Core/ExternalRefType/support", - "Core/ExternalRefType/vcs": "spdx:Core/ExternalRefType/vcs", - "Core/ExternalRefType/vulnerabilityDisclosureReport": "spdx:Core/ExternalRefType/vulnerabilityDisclosureReport", - "Core/ExternalRefType/vulnerabilityExploitabilityAssessment": "spdx:Core/ExternalRefType/vulnerabilityExploitabilityAssessment", - "Core/HashAlgorithm/blake2b256": "spdx:Core/HashAlgorithm/blake2b256", - "Core/HashAlgorithm/blake2b384": "spdx:Core/HashAlgorithm/blake2b384", - "Core/HashAlgorithm/blake2b512": "spdx:Core/HashAlgorithm/blake2b512", - "Core/HashAlgorithm/blake3": "spdx:Core/HashAlgorithm/blake3", - "Core/HashAlgorithm/crystalsDilithium": "spdx:Core/HashAlgorithm/crystalsDilithium", - "Core/HashAlgorithm/crystalsKyber": "spdx:Core/HashAlgorithm/crystalsKyber", - "Core/HashAlgorithm/falcon": "spdx:Core/HashAlgorithm/falcon", - "Core/HashAlgorithm/md2": "spdx:Core/HashAlgorithm/md2", - "Core/HashAlgorithm/md4": "spdx:Core/HashAlgorithm/md4", - "Core/HashAlgorithm/md5": "spdx:Core/HashAlgorithm/md5", - "Core/HashAlgorithm/md6": "spdx:Core/HashAlgorithm/md6", - "Core/HashAlgorithm/other": "spdx:Core/HashAlgorithm/other", - "Core/HashAlgorithm/sha1": "spdx:Core/HashAlgorithm/sha1", - "Core/HashAlgorithm/sha224": "spdx:Core/HashAlgorithm/sha224", - "Core/HashAlgorithm/sha256": "spdx:Core/HashAlgorithm/sha256", - "Core/HashAlgorithm/sha384": "spdx:Core/HashAlgorithm/sha384", - "Core/HashAlgorithm/sha3_224": "spdx:Core/HashAlgorithm/sha3_224", - "Core/HashAlgorithm/sha3_256": "spdx:Core/HashAlgorithm/sha3_256", - "Core/HashAlgorithm/sha3_384": "spdx:Core/HashAlgorithm/sha3_384", - "Core/HashAlgorithm/sha3_512": "spdx:Core/HashAlgorithm/sha3_512", - "Core/HashAlgorithm/sha512": "spdx:Core/HashAlgorithm/sha512", - "Core/LifecycleScopeType/build": "spdx:Core/LifecycleScopeType/build", - "Core/LifecycleScopeType/design": "spdx:Core/LifecycleScopeType/design", - "Core/LifecycleScopeType/development": "spdx:Core/LifecycleScopeType/development", - "Core/LifecycleScopeType/other": "spdx:Core/LifecycleScopeType/other", - "Core/LifecycleScopeType/runtime": "spdx:Core/LifecycleScopeType/runtime", - "Core/LifecycleScopeType/test": "spdx:Core/LifecycleScopeType/test", - "Core/PresenceType/no": "spdx:Core/PresenceType/no", - "Core/PresenceType/noAssertion": "spdx:Core/PresenceType/noAssertion", - "Core/PresenceType/yes": "spdx:Core/PresenceType/yes", - "Core/ProfileIdentifierType/ai": "spdx:Core/ProfileIdentifierType/ai", - "Core/ProfileIdentifierType/build": "spdx:Core/ProfileIdentifierType/build", - "Core/ProfileIdentifierType/core": "spdx:Core/ProfileIdentifierType/core", - "Core/ProfileIdentifierType/dataset": "spdx:Core/ProfileIdentifierType/dataset", - "Core/ProfileIdentifierType/expandedLicensing": "spdx:Core/ProfileIdentifierType/expandedLicensing", - "Core/ProfileIdentifierType/extension": "spdx:Core/ProfileIdentifierType/extension", - "Core/ProfileIdentifierType/security": "spdx:Core/ProfileIdentifierType/security", - "Core/ProfileIdentifierType/simpleLicensing": "spdx:Core/ProfileIdentifierType/simpleLicensing", - "Core/ProfileIdentifierType/software": "spdx:Core/ProfileIdentifierType/software", - "Core/ProfileIdentifierType/usage": "spdx:Core/ProfileIdentifierType/usage", - "Core/RelationshipCompleteness/complete": "spdx:Core/RelationshipCompleteness/complete", - "Core/RelationshipCompleteness/incomplete": "spdx:Core/RelationshipCompleteness/incomplete", - "Core/RelationshipCompleteness/noAssertion": "spdx:Core/RelationshipCompleteness/noAssertion", - "Core/RelationshipType/affects": "spdx:Core/RelationshipType/affects", - "Core/RelationshipType/amendedBy": "spdx:Core/RelationshipType/amendedBy", - "Core/RelationshipType/ancestorOf": "spdx:Core/RelationshipType/ancestorOf", - "Core/RelationshipType/availableFrom": "spdx:Core/RelationshipType/availableFrom", - "Core/RelationshipType/configures": "spdx:Core/RelationshipType/configures", - "Core/RelationshipType/contains": "spdx:Core/RelationshipType/contains", - "Core/RelationshipType/coordinatedBy": "spdx:Core/RelationshipType/coordinatedBy", - "Core/RelationshipType/copiedTo": "spdx:Core/RelationshipType/copiedTo", - "Core/RelationshipType/delegatedTo": "spdx:Core/RelationshipType/delegatedTo", - "Core/RelationshipType/dependsOn": "spdx:Core/RelationshipType/dependsOn", - "Core/RelationshipType/descendantOf": "spdx:Core/RelationshipType/descendantOf", - "Core/RelationshipType/describes": "spdx:Core/RelationshipType/describes", - "Core/RelationshipType/doesNotAffect": "spdx:Core/RelationshipType/doesNotAffect", - "Core/RelationshipType/expandsTo": "spdx:Core/RelationshipType/expandsTo", - "Core/RelationshipType/exploitCreatedBy": "spdx:Core/RelationshipType/exploitCreatedBy", - "Core/RelationshipType/fixedBy": "spdx:Core/RelationshipType/fixedBy", - "Core/RelationshipType/fixedIn": "spdx:Core/RelationshipType/fixedIn", - "Core/RelationshipType/foundBy": "spdx:Core/RelationshipType/foundBy", - "Core/RelationshipType/generates": "spdx:Core/RelationshipType/generates", - "Core/RelationshipType/hasAddedFile": "spdx:Core/RelationshipType/hasAddedFile", - "Core/RelationshipType/hasAssessmentFor": "spdx:Core/RelationshipType/hasAssessmentFor", - "Core/RelationshipType/hasAssociatedVulnerability": "spdx:Core/RelationshipType/hasAssociatedVulnerability", - "Core/RelationshipType/hasConcludedLicense": "spdx:Core/RelationshipType/hasConcludedLicense", - "Core/RelationshipType/hasDataFile": "spdx:Core/RelationshipType/hasDataFile", - "Core/RelationshipType/hasDeclaredLicense": "spdx:Core/RelationshipType/hasDeclaredLicense", - "Core/RelationshipType/hasDeletedFile": "spdx:Core/RelationshipType/hasDeletedFile", - "Core/RelationshipType/hasDependencyManifest": "spdx:Core/RelationshipType/hasDependencyManifest", - "Core/RelationshipType/hasDistributionArtifact": "spdx:Core/RelationshipType/hasDistributionArtifact", - "Core/RelationshipType/hasDocumentation": "spdx:Core/RelationshipType/hasDocumentation", - "Core/RelationshipType/hasDynamicLink": "spdx:Core/RelationshipType/hasDynamicLink", - "Core/RelationshipType/hasEvidence": "spdx:Core/RelationshipType/hasEvidence", - "Core/RelationshipType/hasExample": "spdx:Core/RelationshipType/hasExample", - "Core/RelationshipType/hasHost": "spdx:Core/RelationshipType/hasHost", - "Core/RelationshipType/hasInputs": "spdx:Core/RelationshipType/hasInputs", - "Core/RelationshipType/hasMetadata": "spdx:Core/RelationshipType/hasMetadata", - "Core/RelationshipType/hasOptionalComponent": "spdx:Core/RelationshipType/hasOptionalComponent", - "Core/RelationshipType/hasOptionalDependency": "spdx:Core/RelationshipType/hasOptionalDependency", - "Core/RelationshipType/hasOutputs": "spdx:Core/RelationshipType/hasOutputs", - "Core/RelationshipType/hasPrerequsite": "spdx:Core/RelationshipType/hasPrerequsite", - "Core/RelationshipType/hasProvidedDependency": "spdx:Core/RelationshipType/hasProvidedDependency", - "Core/RelationshipType/hasRequirement": "spdx:Core/RelationshipType/hasRequirement", - "Core/RelationshipType/hasSpecification": "spdx:Core/RelationshipType/hasSpecification", - "Core/RelationshipType/hasStaticLink": "spdx:Core/RelationshipType/hasStaticLink", - "Core/RelationshipType/hasTest": "spdx:Core/RelationshipType/hasTest", - "Core/RelationshipType/hasTestCase": "spdx:Core/RelationshipType/hasTestCase", - "Core/RelationshipType/hasVariant": "spdx:Core/RelationshipType/hasVariant", - "Core/RelationshipType/invokedBy": "spdx:Core/RelationshipType/invokedBy", - "Core/RelationshipType/modifiedBy": "spdx:Core/RelationshipType/modifiedBy", - "Core/RelationshipType/other": "spdx:Core/RelationshipType/other", - "Core/RelationshipType/packagedBy": "spdx:Core/RelationshipType/packagedBy", - "Core/RelationshipType/patchedBy": "spdx:Core/RelationshipType/patchedBy", - "Core/RelationshipType/publishedBy": "spdx:Core/RelationshipType/publishedBy", - "Core/RelationshipType/reportedBy": "spdx:Core/RelationshipType/reportedBy", - "Core/RelationshipType/republishedBy": "spdx:Core/RelationshipType/republishedBy", - "Core/RelationshipType/serializedInArtifact": "spdx:Core/RelationshipType/serializedInArtifact", - "Core/RelationshipType/testedOn": "spdx:Core/RelationshipType/testedOn", - "Core/RelationshipType/trainedOn": "spdx:Core/RelationshipType/trainedOn", - "Core/RelationshipType/underInvestigationFor": "spdx:Core/RelationshipType/underInvestigationFor", - "Core/RelationshipType/usesTool": "spdx:Core/RelationshipType/usesTool", - "Core/SupportType/development": "spdx:Core/SupportType/development", - "Core/SupportType/endOfSupport": "spdx:Core/SupportType/endOfSupport", - "Core/SupportType/limitedSupport": "spdx:Core/SupportType/limitedSupport", - "Core/SupportType/noAssertion": "spdx:Core/SupportType/noAssertion", - "Core/SupportType/noSupport": "spdx:Core/SupportType/noSupport", - "Core/SupportType/support": "spdx:Core/SupportType/support", - "Core/spdxId": "spdx:Core/spdxId", - "CreationInfo": "spdx:Core/CreationInfo", - "CustomLicense": "spdx:ExpandedLicensing/CustomLicense", - "CustomLicenseAddition": "spdx:ExpandedLicensing/CustomLicenseAddition", - "CvssSeverityType": "spdx:Security/CvssSeverityType", - "CvssV2VulnAssessmentRelationship": "spdx:Security/CvssV2VulnAssessmentRelationship", - "CvssV3VulnAssessmentRelationship": "spdx:Security/CvssV3VulnAssessmentRelationship", - "CvssV4VulnAssessmentRelationship": "spdx:Security/CvssV4VulnAssessmentRelationship", - "Dataset": "spdx:Dataset/Dataset", - "Dataset/ConfidentialityLevelType/amber": "spdx:Dataset/ConfidentialityLevelType/amber", - "Dataset/ConfidentialityLevelType/clear": "spdx:Dataset/ConfidentialityLevelType/clear", - "Dataset/ConfidentialityLevelType/green": "spdx:Dataset/ConfidentialityLevelType/green", - "Dataset/ConfidentialityLevelType/red": "spdx:Dataset/ConfidentialityLevelType/red", - "Dataset/DatasetAvailabilityType/clickthrough": "spdx:Dataset/DatasetAvailabilityType/clickthrough", - "Dataset/DatasetAvailabilityType/directDownload": "spdx:Dataset/DatasetAvailabilityType/directDownload", - "Dataset/DatasetAvailabilityType/query": "spdx:Dataset/DatasetAvailabilityType/query", - "Dataset/DatasetAvailabilityType/registration": "spdx:Dataset/DatasetAvailabilityType/registration", - "Dataset/DatasetAvailabilityType/scrapingScript": "spdx:Dataset/DatasetAvailabilityType/scrapingScript", - "Dataset/DatasetType/audio": "spdx:Dataset/DatasetType/audio", - "Dataset/DatasetType/categorical": "spdx:Dataset/DatasetType/categorical", - "Dataset/DatasetType/graph": "spdx:Dataset/DatasetType/graph", - "Dataset/DatasetType/image": "spdx:Dataset/DatasetType/image", - "Dataset/DatasetType/noAssertion": "spdx:Dataset/DatasetType/noAssertion", - "Dataset/DatasetType/numeric": "spdx:Dataset/DatasetType/numeric", - "Dataset/DatasetType/other": "spdx:Dataset/DatasetType/other", - "Dataset/DatasetType/sensor": "spdx:Dataset/DatasetType/sensor", - "Dataset/DatasetType/structured": "spdx:Dataset/DatasetType/structured", - "Dataset/DatasetType/syntactic": "spdx:Dataset/DatasetType/syntactic", - "Dataset/DatasetType/text": "spdx:Dataset/DatasetType/text", - "Dataset/DatasetType/timeseries": "spdx:Dataset/DatasetType/timeseries", - "Dataset/DatasetType/timestamp": "spdx:Dataset/DatasetType/timestamp", - "Dataset/DatasetType/video": "spdx:Dataset/DatasetType/video", - "Dataset/sensitivePersonalInformation" : { + "Agent": "https://rdf.spdx.org/v3/Core/Agent", + "Annotation": "https://rdf.spdx.org/v3/Core/Annotation", + "AnnotationType": "https://rdf.spdx.org/v3/Core/AnnotationType", + "Artifact": "https://rdf.spdx.org/v3/Core/Artifact", + "Bom": "https://rdf.spdx.org/v3/Core/Bom", + "Bundle": "https://rdf.spdx.org/v3/Core/Bundle", + "CreationInfo": "https://rdf.spdx.org/v3/Core/CreationInfo", + "DictionaryEntry": "https://rdf.spdx.org/v3/Core/DictionaryEntry", + "Element": "https://rdf.spdx.org/v3/Core/Element", + "ElementCollection": "https://rdf.spdx.org/v3/Core/ElementCollection", + "ExternalIdentifier": "https://rdf.spdx.org/v3/Core/ExternalIdentifier", + "ExternalIdentifierType": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType", + "ExternalMap": "https://rdf.spdx.org/v3/Core/ExternalMap", + "ExternalRef": "https://rdf.spdx.org/v3/Core/ExternalRef", + "ExternalRefType": "https://rdf.spdx.org/v3/Core/ExternalRefType", + "Hash": "https://rdf.spdx.org/v3/Core/Hash", + "HashAlgorithm": "https://rdf.spdx.org/v3/Core/HashAlgorithm", + "IntegrityMethod": "https://rdf.spdx.org/v3/Core/IntegrityMethod", + "LifecycleScopeType": "https://rdf.spdx.org/v3/Core/LifecycleScopeType", + "LifecycleScopedRelationship": "https://rdf.spdx.org/v3/Core/LifecycleScopedRelationship", + "NamespaceMap": "https://rdf.spdx.org/v3/Core/NamespaceMap", + "Organization": "https://rdf.spdx.org/v3/Core/Organization", + "PackageVerificationCode": "https://rdf.spdx.org/v3/Core/PackageVerificationCode", + "Person": "https://rdf.spdx.org/v3/Core/Person", + "PositiveIntegerRange": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange", + "PresenceType": "https://rdf.spdx.org/v3/Core/PresenceType", + "ProfileIdentifierType": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType", + "Relationship": "https://rdf.spdx.org/v3/Core/Relationship", + "RelationshipCompleteness": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness", + "RelationshipType": "https://rdf.spdx.org/v3/Core/RelationshipType", + "SoftwareAgent": "https://rdf.spdx.org/v3/Core/SoftwareAgent", + "SpdxDocument": "https://rdf.spdx.org/v3/Core/SpdxDocument", + "SupportType": "https://rdf.spdx.org/v3/Core/SupportType", + "Tool": "https://rdf.spdx.org/v3/Core/Tool", + "ai_AIPackage": "https://rdf.spdx.org/v3/AI/AIPackage", + "ai_SafetyRiskAssessmentType": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType", + "ai_autonomyType" : { "@context" : { - "@vocab": "spdx:Core/PresenceType/", + "@vocab": "https://rdf.spdx.org/v3/Core/PresenceType/", }, - "@id": "spdx:Dataset/sensitivePersonalInformation", + "@id": "https://rdf.spdx.org/v3/AI/autonomyType", "@type": "@vocab", }, - "DatasetAvailabilityType": "spdx:Dataset/DatasetAvailabilityType", - "DatasetType": "spdx:Dataset/DatasetType", - "DictionaryEntry": "spdx:Core/DictionaryEntry", - "DisjunctiveLicenseSet": "spdx:ExpandedLicensing/DisjunctiveLicenseSet", - "Element": "spdx:Core/Element", - "ElementCollection": "spdx:Core/ElementCollection", - "EpssVulnAssessmentRelationship": "spdx:Security/EpssVulnAssessmentRelationship", - "ExpandedLicensing/NoAssertionLicense": "spdx:ExpandedLicensing/NoAssertionLicense", - "ExpandedLicensing/NoneLicense": "spdx:ExpandedLicensing/NoneLicense", - "ExploitCatalogType": "spdx:Security/ExploitCatalogType", - "ExploitCatalogVulnAssessmentRelationship": "spdx:Security/ExploitCatalogVulnAssessmentRelationship", - "ExtendableLicense": "spdx:ExpandedLicensing/ExtendableLicense", - "Extension": "spdx:Extension/Extension", - "ExternalIdentifier": "spdx:Core/ExternalIdentifier", - "ExternalIdentifierType": "spdx:Core/ExternalIdentifierType", - "ExternalMap": "spdx:Core/ExternalMap", - "ExternalRef": "spdx:Core/ExternalRef", - "ExternalRefType": "spdx:Core/ExternalRefType", - "File": "spdx:Software/File", - "Hash": "spdx:Core/Hash", - "HashAlgorithm": "spdx:Core/HashAlgorithm", - "IndividualLicensingInfo": "spdx:ExpandedLicensing/IndividualLicensingInfo", - "IntegrityMethod": "spdx:Core/IntegrityMethod", - "License": "spdx:ExpandedLicensing/License", - "LicenseAddition": "spdx:ExpandedLicensing/LicenseAddition", - "LicenseExpression": "spdx:SimpleLicensing/LicenseExpression", - "LifecycleScopeType": "spdx:Core/LifecycleScopeType", - "LifecycleScopedRelationship": "spdx:Core/LifecycleScopedRelationship", - "ListedLicense": "spdx:ExpandedLicensing/ListedLicense", - "ListedLicenseException": "spdx:ExpandedLicensing/ListedLicenseException", - "NamespaceMap": "spdx:Core/NamespaceMap", - "OrLaterOperator": "spdx:ExpandedLicensing/OrLaterOperator", - "Organization": "spdx:Core/Organization", - "Package": "spdx:Software/Package", - "PackageVerificationCode": "spdx:Core/PackageVerificationCode", - "Person": "spdx:Core/Person", - "PositiveIntegerRange": "spdx:Core/PositiveIntegerRange", - "PresenceType": "spdx:Core/PresenceType", - "ProfileIdentifierType": "spdx:Core/ProfileIdentifierType", - "Relationship": "spdx:Core/Relationship", - "RelationshipCompleteness": "spdx:Core/RelationshipCompleteness", - "RelationshipType": "spdx:Core/RelationshipType", - "SafetyRiskAssessmentType": "spdx:AI/SafetyRiskAssessmentType", - "Sbom": "spdx:Software/Sbom", - "SbomType": "spdx:Software/SbomType", - "Security/CvssSeverityType/critical": "spdx:Security/CvssSeverityType/critical", - "Security/CvssSeverityType/high": "spdx:Security/CvssSeverityType/high", - "Security/CvssSeverityType/low": "spdx:Security/CvssSeverityType/low", - "Security/CvssSeverityType/medium": "spdx:Security/CvssSeverityType/medium", - "Security/CvssSeverityType/none": "spdx:Security/CvssSeverityType/none", - "Security/ExploitCatalogType/kev": "spdx:Security/ExploitCatalogType/kev", - "Security/ExploitCatalogType/other": "spdx:Security/ExploitCatalogType/other", - "Security/SsvcDecisionType/act": "spdx:Security/SsvcDecisionType/act", - "Security/SsvcDecisionType/attend": "spdx:Security/SsvcDecisionType/attend", - "Security/SsvcDecisionType/track": "spdx:Security/SsvcDecisionType/track", - "Security/SsvcDecisionType/trackStar": "spdx:Security/SsvcDecisionType/trackStar", - "Security/VexJustificationType/componentNotPresent": "spdx:Security/VexJustificationType/componentNotPresent", - "Security/VexJustificationType/inlineMitigationsAlreadyExist": "spdx:Security/VexJustificationType/inlineMitigationsAlreadyExist", - "Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary": "spdx:Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", - "Security/VexJustificationType/vulnerableCodeNotInExecutePath": "spdx:Security/VexJustificationType/vulnerableCodeNotInExecutePath", - "Security/VexJustificationType/vulnerableCodeNotPresent": "spdx:Security/VexJustificationType/vulnerableCodeNotPresent", - "Security/locator": "spdx:Security/locator", - "SimpleLicensingText": "spdx:SimpleLicensing/SimpleLicensingText", - "Snippet": "spdx:Software/Snippet", - "Software/SbomType/analyzed": "spdx:Software/SbomType/analyzed", - "Software/SbomType/build": "spdx:Software/SbomType/build", - "Software/SbomType/deployed": "spdx:Software/SbomType/deployed", - "Software/SbomType/design": "spdx:Software/SbomType/design", - "Software/SbomType/runtime": "spdx:Software/SbomType/runtime", - "Software/SbomType/source": "spdx:Software/SbomType/source", - "Software/SoftwarePurpose/application": "spdx:Software/SoftwarePurpose/application", - "Software/SoftwarePurpose/archive": "spdx:Software/SoftwarePurpose/archive", - "Software/SoftwarePurpose/bom": "spdx:Software/SoftwarePurpose/bom", - "Software/SoftwarePurpose/configuration": "spdx:Software/SoftwarePurpose/configuration", - "Software/SoftwarePurpose/container": "spdx:Software/SoftwarePurpose/container", - "Software/SoftwarePurpose/data": "spdx:Software/SoftwarePurpose/data", - "Software/SoftwarePurpose/device": "spdx:Software/SoftwarePurpose/device", - "Software/SoftwarePurpose/deviceDriver": "spdx:Software/SoftwarePurpose/deviceDriver", - "Software/SoftwarePurpose/diskImage": "spdx:Software/SoftwarePurpose/diskImage", - "Software/SoftwarePurpose/documentation": "spdx:Software/SoftwarePurpose/documentation", - "Software/SoftwarePurpose/evidence": "spdx:Software/SoftwarePurpose/evidence", - "Software/SoftwarePurpose/executable": "spdx:Software/SoftwarePurpose/executable", - "Software/SoftwarePurpose/file": "spdx:Software/SoftwarePurpose/file", - "Software/SoftwarePurpose/filesystemImage": "spdx:Software/SoftwarePurpose/filesystemImage", - "Software/SoftwarePurpose/firmware": "spdx:Software/SoftwarePurpose/firmware", - "Software/SoftwarePurpose/framework": "spdx:Software/SoftwarePurpose/framework", - "Software/SoftwarePurpose/install": "spdx:Software/SoftwarePurpose/install", - "Software/SoftwarePurpose/library": "spdx:Software/SoftwarePurpose/library", - "Software/SoftwarePurpose/manifest": "spdx:Software/SoftwarePurpose/manifest", - "Software/SoftwarePurpose/model": "spdx:Software/SoftwarePurpose/model", - "Software/SoftwarePurpose/module": "spdx:Software/SoftwarePurpose/module", - "Software/SoftwarePurpose/operatingSystem": "spdx:Software/SoftwarePurpose/operatingSystem", - "Software/SoftwarePurpose/other": "spdx:Software/SoftwarePurpose/other", - "Software/SoftwarePurpose/patch": "spdx:Software/SoftwarePurpose/patch", - "Software/SoftwarePurpose/platform": "spdx:Software/SoftwarePurpose/platform", - "Software/SoftwarePurpose/requirement": "spdx:Software/SoftwarePurpose/requirement", - "Software/SoftwarePurpose/source": "spdx:Software/SoftwarePurpose/source", - "Software/SoftwarePurpose/specification": "spdx:Software/SoftwarePurpose/specification", - "Software/SoftwarePurpose/test": "spdx:Software/SoftwarePurpose/test", - "Software/contentType": "spdx:Software/contentType", - "SoftwareAgent": "spdx:Core/SoftwareAgent", - "SoftwareArtifact": "spdx:Software/SoftwareArtifact", - "SoftwarePurpose": "spdx:Software/SoftwarePurpose", - "SpdxDocument": "spdx:Core/SpdxDocument", - "SsvcDecisionType": "spdx:Security/SsvcDecisionType", - "SsvcVulnAssessmentRelationship": "spdx:Security/SsvcVulnAssessmentRelationship", - "SupportType": "spdx:Core/SupportType", - "Tool": "spdx:Core/Tool", - "VexAffectedVulnAssessmentRelationship": "spdx:Security/VexAffectedVulnAssessmentRelationship", - "VexFixedVulnAssessmentRelationship": "spdx:Security/VexFixedVulnAssessmentRelationship", - "VexJustificationType": "spdx:Security/VexJustificationType", - "VexNotAffectedVulnAssessmentRelationship": "spdx:Security/VexNotAffectedVulnAssessmentRelationship", - "VexUnderInvestigationVulnAssessmentRelationship": "spdx:Security/VexUnderInvestigationVulnAssessmentRelationship", - "VexVulnAssessmentRelationship": "spdx:Security/VexVulnAssessmentRelationship", - "VulnAssessmentRelationship": "spdx:Security/VulnAssessmentRelationship", - "Vulnerability": "spdx:Security/Vulnerability", - "WithAdditionOperator": "spdx:ExpandedLicensing/WithAdditionOperator", - "actionStatement": "spdx:Security/actionStatement", - "actionStatementTime": "spdx:Security/actionStatementTime", - "additionText": "spdx:ExpandedLicensing/additionText", - "additionalPurpose" : { - "@context" : { - "@vocab": "spdx:Software/SoftwarePurpose/", - }, - "@id": "spdx:Software/additionalPurpose", - "@type": "@vocab", + "ai_domain": "https://rdf.spdx.org/v3/AI/domain", + "ai_energyConsumption": "https://rdf.spdx.org/v3/AI/energyConsumption", + "ai_hyperparameter" : { + "@id": "https://rdf.spdx.org/v3/AI/hyperparameter", + "@type": "@id", }, - "algorithm" : { + "ai_informationAboutApplication": "https://rdf.spdx.org/v3/AI/informationAboutApplication", + "ai_informationAboutTraining": "https://rdf.spdx.org/v3/AI/informationAboutTraining", + "ai_limitation": "https://rdf.spdx.org/v3/AI/limitation", + "ai_metric" : { + "@id": "https://rdf.spdx.org/v3/AI/metric", + "@type": "@id", + }, + "ai_metricDecisionThreshold" : { + "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold", + "@type": "@id", + }, + "ai_modelDataPreprocessing": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing", + "ai_modelExplainability": "https://rdf.spdx.org/v3/AI/modelExplainability", + "ai_safetyRiskAssessment" : { "@context" : { - "@vocab": "spdx:Core/HashAlgorithm/", + "@vocab": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/", }, - "@id": "spdx:Core/algorithm", + "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment", "@type": "@vocab", }, - "annotationType" : { + "ai_sensitivePersonalInformation" : { "@context" : { - "@vocab": "spdx:Core/AnnotationType/", + "@vocab": "https://rdf.spdx.org/v3/Core/PresenceType/", }, - "@id": "spdx:Core/annotationType", + "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation", "@type": "@vocab", }, - "anonymizationMethodUsed": "spdx:Dataset/anonymizationMethodUsed", - "assessedElement": "spdx:Security/assessedElement", - "attributionText": "spdx:Software/attributionText", - "autonomyType" : { + "ai_standardCompliance": "https://rdf.spdx.org/v3/AI/standardCompliance", + "ai_typeOfModel": "https://rdf.spdx.org/v3/AI/typeOfModel", + "algorithm" : { "@context" : { - "@vocab": "spdx:Core/PresenceType/", + "@vocab": "https://rdf.spdx.org/v3/Core/HashAlgorithm/", }, - "@id": "spdx:AI/autonomyType", + "@id": "https://rdf.spdx.org/v3/Core/algorithm", "@type": "@vocab", }, - "beginIntegerRange": "spdx:Core/beginIntegerRange", - "buildEndTime": "spdx:Build/buildEndTime", - "buildId": "spdx:Build/buildId", - "buildStartTime": "spdx:Build/buildStartTime", - "buildType": "spdx:Build/buildType", - "builtTime": "spdx:Core/builtTime", - "byteRange": "spdx:Software/byteRange", - "catalogType" : { + "annotationType" : { "@context" : { - "@vocab": "spdx:Security/ExploitCatalogType/", + "@vocab": "https://rdf.spdx.org/v3/Core/AnnotationType/", }, - "@id": "spdx:Security/catalogType", + "@id": "https://rdf.spdx.org/v3/Core/annotationType", "@type": "@vocab", }, - "comment": "spdx:Core/comment", + "beginIntegerRange": "https://rdf.spdx.org/v3/Core/beginIntegerRange", + "build_Build": "https://rdf.spdx.org/v3/Build/Build", + "build_buildEndTime": "https://rdf.spdx.org/v3/Build/buildEndTime", + "build_buildId": "https://rdf.spdx.org/v3/Build/buildId", + "build_buildStartTime": "https://rdf.spdx.org/v3/Build/buildStartTime", + "build_buildType": "https://rdf.spdx.org/v3/Build/buildType", + "build_configSourceDigest" : { + "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest", + "@type": "@id", + }, + "build_configSourceEntrypoint": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint", + "build_configSourceUri": "https://rdf.spdx.org/v3/Build/configSourceUri", + "build_environment" : { + "@id": "https://rdf.spdx.org/v3/Build/environment", + "@type": "@id", + }, + "build_parameters" : { + "@id": "https://rdf.spdx.org/v3/Build/parameters", + "@type": "@id", + }, + "builtTime": "https://rdf.spdx.org/v3/Core/builtTime", + "comment": "https://rdf.spdx.org/v3/Core/comment", "completeness" : { "@context" : { - "@vocab": "spdx:Core/RelationshipCompleteness/", + "@vocab": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/", }, - "@id": "spdx:Core/completeness", + "@id": "https://rdf.spdx.org/v3/Core/completeness", "@type": "@vocab", }, - "confidentialityLevel" : { + "contentType": "https://rdf.spdx.org/v3/Core/contentType", + "context": "https://rdf.spdx.org/v3/Core/context", + "created": "https://rdf.spdx.org/v3/Core/created", + "createdBy" : { + "@id": "https://rdf.spdx.org/v3/Core/createdBy", + "@type": "@id", + }, + "createdUsing" : { + "@id": "https://rdf.spdx.org/v3/Core/createdUsing", + "@type": "@id", + }, + "creationInfo" : { + "@id": "https://rdf.spdx.org/v3/Core/creationInfo", + "@type": "@id", + }, + "dataLicense" : { + "@id": "https://rdf.spdx.org/v3/Core/dataLicense", + "@type": "@id", + }, + "dataset_ConfidentialityLevelType": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType", + "dataset_Dataset": "https://rdf.spdx.org/v3/Dataset/Dataset", + "dataset_DatasetAvailabilityType": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType", + "dataset_DatasetType": "https://rdf.spdx.org/v3/Dataset/DatasetType", + "dataset_anonymizationMethodUsed": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed", + "dataset_confidentialityLevel" : { "@context" : { - "@vocab": "spdx:Dataset/ConfidentialityLevelType/", + "@vocab": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/", }, - "@id": "spdx:Dataset/confidentialityLevel", + "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel", "@type": "@vocab", }, - "configSourceDigest": "spdx:Build/configSourceDigest", - "configSourceEntrypoint": "spdx:Build/configSourceEntrypoint", - "configSourceUri": "spdx:Build/configSourceUri", - "contentType": "spdx:Core/contentType", - "context": "spdx:Core/context", - "copyrightText": "spdx:Software/copyrightText", - "created": "spdx:Core/created", - "createdBy": "spdx:Core/createdBy", - "createdUsing": "spdx:Core/createdUsing", - "creationInfo": "spdx:Core/creationInfo", - "customIdToUri": "spdx:SimpleLicensing/customIdToUri", - "dataCollectionProcess": "spdx:Dataset/dataCollectionProcess", - "dataLicense": "spdx:Core/dataLicense", - "dataPreprocessing": "spdx:Dataset/dataPreprocessing", - "datasetAvailability" : { + "dataset_dataCollectionProcess": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess", + "dataset_dataPreprocessing": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing", + "dataset_datasetAvailability" : { "@context" : { - "@vocab": "spdx:Dataset/DatasetAvailabilityType/", + "@vocab": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/", }, - "@id": "spdx:Dataset/datasetAvailability", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability", "@type": "@vocab", }, - "datasetNoise": "spdx:Dataset/datasetNoise", - "datasetSize": "spdx:Dataset/datasetSize", - "datasetType" : { + "dataset_datasetNoise": "https://rdf.spdx.org/v3/Dataset/datasetNoise", + "dataset_datasetSize": "https://rdf.spdx.org/v3/Dataset/datasetSize", + "dataset_datasetType" : { "@context" : { - "@vocab": "spdx:Dataset/DatasetType/", + "@vocab": "https://rdf.spdx.org/v3/Dataset/DatasetType/", }, - "@id": "spdx:Dataset/datasetType", + "@id": "https://rdf.spdx.org/v3/Dataset/datasetType", "@type": "@vocab", }, - "datasetUpdateMechanism": "spdx:Dataset/datasetUpdateMechanism", - "decisionType" : { + "dataset_datasetUpdateMechanism": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism", + "dataset_intendedUse": "https://rdf.spdx.org/v3/Dataset/intendedUse", + "dataset_knownBias": "https://rdf.spdx.org/v3/Dataset/knownBias", + "dataset_sensitivePersonalInformation" : { "@context" : { - "@vocab": "spdx:Security/SsvcDecisionType/", + "@vocab": "https://rdf.spdx.org/v3/Core/PresenceType/", }, - "@id": "spdx:Security/decisionType", + "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation", "@type": "@vocab", }, - "definingArtifact": "spdx:Core/definingArtifact", - "deprecatedVersion": "spdx:ExpandedLicensing/deprecatedVersion", - "description": "spdx:Core/description", - "domain": "spdx:AI/domain", - "downloadLocation": "spdx:Software/downloadLocation", - "element": "spdx:Core/element", - "endIntegerRange": "spdx:Core/endIntegerRange", - "endTime": "spdx:Core/endTime", - "energyConsumption": "spdx:AI/energyConsumption", - "environment": "spdx:Build/environment", - "exploited": "spdx:Security/exploited", - "extension": "spdx:Core/extension", - "externalIdentifier": "spdx:Core/externalIdentifier", + "dataset_sensor" : { + "@id": "https://rdf.spdx.org/v3/Dataset/sensor", + "@type": "@id", + }, + "definingArtifact" : { + "@id": "https://rdf.spdx.org/v3/Core/definingArtifact", + "@type": "@id", + }, + "description": "https://rdf.spdx.org/v3/Core/description", + "element" : { + "@id": "https://rdf.spdx.org/v3/Core/element", + "@type": "@id", + }, + "endIntegerRange": "https://rdf.spdx.org/v3/Core/endIntegerRange", + "endTime": "https://rdf.spdx.org/v3/Core/endTime", + "expandedlicensing_ConjunctiveLicenseSet": "https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet", + "expandedlicensing_CustomLicense": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense", + "expandedlicensing_CustomLicenseAddition": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition", + "expandedlicensing_DisjunctiveLicenseSet": "https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet", + "expandedlicensing_ExtendableLicense": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense", + "expandedlicensing_IndividualLicensingInfo": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo", + "expandedlicensing_License": "https://rdf.spdx.org/v3/ExpandedLicensing/License", + "expandedlicensing_LicenseAddition": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition", + "expandedlicensing_ListedLicense": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense", + "expandedlicensing_ListedLicenseException": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException", + "expandedlicensing_OrLaterOperator": "https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator", + "expandedlicensing_WithAdditionOperator": "https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator", + "expandedlicensing_additionText": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText", + "expandedlicensing_deprecatedVersion": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion", + "expandedlicensing_isDeprecatedAdditionId": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId", + "expandedlicensing_isDeprecatedLicenseId": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId", + "expandedlicensing_isFsfLibre": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre", + "expandedlicensing_isOsiApproved": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved", + "expandedlicensing_licenseXml": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml", + "expandedlicensing_listVersionAdded": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded", + "expandedlicensing_member" : { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member", + "@type": "@id", + }, + "expandedlicensing_obsoletedBy": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy", + "expandedlicensing_seeAlso": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso", + "expandedlicensing_standardAdditionTemplate": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate", + "expandedlicensing_standardLicenseHeader": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader", + "expandedlicensing_standardLicenseTemplate": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate", + "expandedlicensing_subjectAddition" : { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition", + "@type": "@id", + }, + "expandedlicensing_subjectExtendableLicense" : { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense", + "@type": "@id", + }, + "expandedlicensing_subjectLicense" : { + "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense", + "@type": "@id", + }, + "extension" : { + "@id": "https://rdf.spdx.org/v3/Core/extension", + "@type": "@id", + }, + "extension_Extension": "https://rdf.spdx.org/v3/Extension/Extension", + "externalIdentifier" : { + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier", + "@type": "@id", + }, "externalIdentifierType" : { "@context" : { - "@vocab": "spdx:Core/ExternalIdentifierType/", + "@vocab": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/", }, - "@id": "spdx:Core/externalIdentifierType", + "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType", "@type": "@vocab", }, - "externalRef": "spdx:Core/externalRef", + "externalRef" : { + "@id": "https://rdf.spdx.org/v3/Core/externalRef", + "@type": "@id", + }, "externalRefType" : { "@context" : { - "@vocab": "spdx:Core/ExternalRefType/", + "@vocab": "https://rdf.spdx.org/v3/Core/ExternalRefType/", }, - "@id": "spdx:Core/externalRefType", + "@id": "https://rdf.spdx.org/v3/Core/externalRefType", "@type": "@vocab", }, - "externalSpdxId": "spdx:Core/externalSpdxId", - "from": "spdx:Core/from", - "gitoid": "spdx:Software/gitoid", - "hashValue": "spdx:Core/hashValue", - "homePage": "spdx:Software/homePage", - "hyperparameter": "spdx:AI/hyperparameter", - "identifier": "spdx:Core/identifier", - "identifierLocator": "spdx:Core/identifierLocator", - "impactStatement": "spdx:Security/impactStatement", - "impactStatementTime": "spdx:Security/impactStatementTime", - "imports": "spdx:Core/imports", - "informationAboutApplication": "spdx:AI/informationAboutApplication", - "informationAboutTraining": "spdx:AI/informationAboutTraining", - "intendedUse": "spdx:Dataset/intendedUse", - "isDeprecatedAdditionId": "spdx:ExpandedLicensing/isDeprecatedAdditionId", - "isDeprecatedLicenseId": "spdx:ExpandedLicensing/isDeprecatedLicenseId", - "isDirectory": "spdx:Software/isDirectory", - "isFsfLibre": "spdx:ExpandedLicensing/isFsfLibre", - "isOsiApproved": "spdx:ExpandedLicensing/isOsiApproved", - "issuingAuthority": "spdx:Core/issuingAuthority", - "justificationType" : { + "externalSpdxId": "https://rdf.spdx.org/v3/Core/externalSpdxId", + "from" : { + "@id": "https://rdf.spdx.org/v3/Core/from", + "@type": "@id", + }, + "hashValue": "https://rdf.spdx.org/v3/Core/hashValue", + "identifier": "https://rdf.spdx.org/v3/Core/identifier", + "identifierLocator": "https://rdf.spdx.org/v3/Core/identifierLocator", + "imports" : { + "@id": "https://rdf.spdx.org/v3/Core/imports", + "@type": "@id", + }, + "issuingAuthority": "https://rdf.spdx.org/v3/Core/issuingAuthority", + "key": "https://rdf.spdx.org/v3/Core/key", + "locationHint": "https://rdf.spdx.org/v3/Core/locationHint", + "locator": "https://rdf.spdx.org/v3/Core/locator", + "name": "https://rdf.spdx.org/v3/Core/name", + "namespace": "https://rdf.spdx.org/v3/Core/namespace", + "namespaceMap" : { + "@id": "https://rdf.spdx.org/v3/Core/namespaceMap", + "@type": "@id", + }, + "originatedBy" : { + "@id": "https://rdf.spdx.org/v3/Core/originatedBy", + "@type": "@id", + }, + "packageVerificationCodeExcludedFile": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile", + "prefix": "https://rdf.spdx.org/v3/Core/prefix", + "profileConformance" : { "@context" : { - "@vocab": "spdx:Security/VexJustificationType/", + "@vocab": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/", }, - "@id": "spdx:Security/justificationType", + "@id": "https://rdf.spdx.org/v3/Core/profileConformance", "@type": "@vocab", }, - "key": "spdx:Core/key", - "knownBias": "spdx:Dataset/knownBias", - "licenseExpression": "spdx:SimpleLicensing/licenseExpression", - "licenseListVersion": "spdx:SimpleLicensing/licenseListVersion", - "licenseText": "spdx:SimpleLicensing/licenseText", - "licenseXml": "spdx:ExpandedLicensing/licenseXml", - "limitation": "spdx:AI/limitation", - "lineRange": "spdx:Software/lineRange", - "listVersionAdded": "spdx:ExpandedLicensing/listVersionAdded", - "locationHint": "spdx:Core/locationHint", - "locator": "spdx:Core/locator", - "member": "spdx:ExpandedLicensing/member", - "metric": "spdx:AI/metric", - "metricDecisionThreshold": "spdx:AI/metricDecisionThreshold", - "modelDataPreprocessing": "spdx:AI/modelDataPreprocessing", - "modelExplainability": "spdx:AI/modelExplainability", - "modifiedTime": "spdx:Security/modifiedTime", - "name": "spdx:Core/name", - "namespace": "spdx:Core/namespace", - "namespaceMap": "spdx:Core/namespaceMap", - "obsoletedBy": "spdx:ExpandedLicensing/obsoletedBy", - "originatedBy": "spdx:Core/originatedBy", - "packageUrl": "spdx:Software/packageUrl", - "packageVerificationCodeExcludedFile": "spdx:Core/packageVerificationCodeExcludedFile", - "packageVersion": "spdx:Software/packageVersion", - "parameters": "spdx:Build/parameters", - "percentile": "spdx:Security/percentile", - "prefix": "spdx:Core/prefix", - "primaryPurpose" : { + "relationshipType" : { "@context" : { - "@vocab": "spdx:Software/SoftwarePurpose/", + "@vocab": "https://rdf.spdx.org/v3/Core/RelationshipType/", }, - "@id": "spdx:Software/primaryPurpose", + "@id": "https://rdf.spdx.org/v3/Core/relationshipType", "@type": "@vocab", }, - "probability": "spdx:Security/probability", - "profileConformance" : { + "releaseTime": "https://rdf.spdx.org/v3/Core/releaseTime", + "rootElement" : { + "@id": "https://rdf.spdx.org/v3/Core/rootElement", + "@type": "@id", + }, + "scope" : { "@context" : { - "@vocab": "spdx:Core/ProfileIdentifierType/", + "@vocab": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/", }, - "@id": "spdx:Core/profileConformance", + "@id": "https://rdf.spdx.org/v3/Core/scope", "@type": "@vocab", }, - "publishedTime": "spdx:Security/publishedTime", - "relationshipType" : { + "security_CvssSeverityType": "https://rdf.spdx.org/v3/Security/CvssSeverityType", + "security_CvssV2VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship", + "security_CvssV3VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship", + "security_CvssV4VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship", + "security_EpssVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship", + "security_ExploitCatalogType": "https://rdf.spdx.org/v3/Security/ExploitCatalogType", + "security_ExploitCatalogVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship", + "security_SsvcDecisionType": "https://rdf.spdx.org/v3/Security/SsvcDecisionType", + "security_SsvcVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship", + "security_VexAffectedVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship", + "security_VexFixedVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship", + "security_VexJustificationType": "https://rdf.spdx.org/v3/Security/VexJustificationType", + "security_VexNotAffectedVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship", + "security_VexUnderInvestigationVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship", + "security_VexVulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship", + "security_VulnAssessmentRelationship": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship", + "security_Vulnerability": "https://rdf.spdx.org/v3/Security/Vulnerability", + "security_actionStatement": "https://rdf.spdx.org/v3/Security/actionStatement", + "security_actionStatementTime": "https://rdf.spdx.org/v3/Security/actionStatementTime", + "security_assessedElement" : { + "@id": "https://rdf.spdx.org/v3/Security/assessedElement", + "@type": "@id", + }, + "security_catalogType" : { "@context" : { - "@vocab": "spdx:Core/RelationshipType/", + "@vocab": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/", }, - "@id": "spdx:Core/relationshipType", + "@id": "https://rdf.spdx.org/v3/Security/catalogType", "@type": "@vocab", }, - "releaseTime": "spdx:Core/releaseTime", - "rootElement": "spdx:Core/rootElement", - "safetyRiskAssessment" : { + "security_decisionType" : { "@context" : { - "@vocab": "spdx:AI/SafetyRiskAssessmentType/", + "@vocab": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/", }, - "@id": "spdx:AI/safetyRiskAssessment", + "@id": "https://rdf.spdx.org/v3/Security/decisionType", "@type": "@vocab", }, - "sbomType" : { + "security_exploited": "https://rdf.spdx.org/v3/Security/exploited", + "security_impactStatement": "https://rdf.spdx.org/v3/Security/impactStatement", + "security_impactStatementTime": "https://rdf.spdx.org/v3/Security/impactStatementTime", + "security_justificationType" : { "@context" : { - "@vocab": "spdx:Software/SbomType/", + "@vocab": "https://rdf.spdx.org/v3/Security/VexJustificationType/", }, - "@id": "spdx:Software/sbomType", + "@id": "https://rdf.spdx.org/v3/Security/justificationType", "@type": "@vocab", }, - "scope" : { + "security_locator": "https://rdf.spdx.org/v3/Security/locator", + "security_modifiedTime": "https://rdf.spdx.org/v3/Security/modifiedTime", + "security_percentile": "https://rdf.spdx.org/v3/Security/percentile", + "security_probability": "https://rdf.spdx.org/v3/Security/probability", + "security_publishedTime": "https://rdf.spdx.org/v3/Security/publishedTime", + "security_score": "https://rdf.spdx.org/v3/Security/score", + "security_severity" : { + "@context" : { + "@vocab": "https://rdf.spdx.org/v3/Security/CvssSeverityType/", + }, + "@id": "https://rdf.spdx.org/v3/Security/severity", + "@type": "@vocab", + }, + "security_statusNotes": "https://rdf.spdx.org/v3/Security/statusNotes", + "security_vectorString": "https://rdf.spdx.org/v3/Security/vectorString", + "security_vexVersion": "https://rdf.spdx.org/v3/Security/vexVersion", + "security_withdrawnTime": "https://rdf.spdx.org/v3/Security/withdrawnTime", + "simplelicensing_AnyLicenseInfo": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo", + "simplelicensing_LicenseExpression": "https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression", + "simplelicensing_SimpleLicensingText": "https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText", + "simplelicensing_customIdToUri" : { + "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri", + "@type": "@id", + }, + "simplelicensing_licenseExpression": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression", + "simplelicensing_licenseListVersion": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion", + "simplelicensing_licenseText": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText", + "software_File": "https://rdf.spdx.org/v3/Software/File", + "software_Package": "https://rdf.spdx.org/v3/Software/Package", + "software_Sbom": "https://rdf.spdx.org/v3/Software/Sbom", + "software_SbomType": "https://rdf.spdx.org/v3/Software/SbomType", + "software_Snippet": "https://rdf.spdx.org/v3/Software/Snippet", + "software_SoftwareArtifact": "https://rdf.spdx.org/v3/Software/SoftwareArtifact", + "software_SoftwarePurpose": "https://rdf.spdx.org/v3/Software/SoftwarePurpose", + "software_additionalPurpose" : { "@context" : { - "@vocab": "spdx:Core/LifecycleScopeType/", + "@vocab": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/", }, - "@id": "spdx:Core/scope", + "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose", "@type": "@vocab", }, - "score": "spdx:Security/score", - "seeAlso": "spdx:ExpandedLicensing/seeAlso", - "sensitivePersonalInformation" : { + "software_attributionText": "https://rdf.spdx.org/v3/Software/attributionText", + "software_byteRange": "https://rdf.spdx.org/v3/Software/byteRange", + "software_contentType": "https://rdf.spdx.org/v3/Software/contentType", + "software_copyrightText": "https://rdf.spdx.org/v3/Software/copyrightText", + "software_downloadLocation": "https://rdf.spdx.org/v3/Software/downloadLocation", + "software_gitoid": "https://rdf.spdx.org/v3/Software/gitoid", + "software_homePage": "https://rdf.spdx.org/v3/Software/homePage", + "software_isDirectory": "https://rdf.spdx.org/v3/Software/isDirectory", + "software_lineRange": "https://rdf.spdx.org/v3/Software/lineRange", + "software_packageUrl": "https://rdf.spdx.org/v3/Software/packageUrl", + "software_packageVersion": "https://rdf.spdx.org/v3/Software/packageVersion", + "software_primaryPurpose" : { "@context" : { - "@vocab": "spdx:Core/PresenceType/", + "@vocab": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/", }, - "@id": "spdx:AI/sensitivePersonalInformation", + "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose", "@type": "@vocab", }, - "sensor": "spdx:Dataset/sensor", - "severity" : { + "software_sbomType" : { "@context" : { - "@vocab": "spdx:Security/CvssSeverityType/", + "@vocab": "https://rdf.spdx.org/v3/Software/SbomType/", }, - "@id": "spdx:Security/severity", + "@id": "https://rdf.spdx.org/v3/Software/sbomType", "@type": "@vocab", }, - "snippetFromFile": "spdx:Software/snippetFromFile", - "sourceInfo": "spdx:Software/sourceInfo", + "software_snippetFromFile" : { + "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile", + "@type": "@id", + }, + "software_sourceInfo": "https://rdf.spdx.org/v3/Software/sourceInfo", "spdx": "https://rdf.spdx.org/v3/", "spdxId": "@id", - "specVersion": "spdx:Core/specVersion", - "standardAdditionTemplate": "spdx:ExpandedLicensing/standardAdditionTemplate", - "standardCompliance": "spdx:AI/standardCompliance", - "standardLicenseHeader": "spdx:ExpandedLicensing/standardLicenseHeader", - "standardLicenseTemplate": "spdx:ExpandedLicensing/standardLicenseTemplate", - "standardName": "spdx:Core/standardName", - "startTime": "spdx:Core/startTime", - "statement": "spdx:Core/statement", - "statusNotes": "spdx:Security/statusNotes", - "subject": "spdx:Core/subject", - "subjectAddition": "spdx:ExpandedLicensing/subjectAddition", - "subjectExtendableLicense": "spdx:ExpandedLicensing/subjectExtendableLicense", - "subjectLicense": "spdx:ExpandedLicensing/subjectLicense", - "summary": "spdx:Core/summary", - "suppliedBy": "spdx:Core/suppliedBy", + "specVersion": "https://rdf.spdx.org/v3/Core/specVersion", + "standardName": "https://rdf.spdx.org/v3/Core/standardName", + "startTime": "https://rdf.spdx.org/v3/Core/startTime", + "statement": "https://rdf.spdx.org/v3/Core/statement", + "subject" : { + "@id": "https://rdf.spdx.org/v3/Core/subject", + "@type": "@id", + }, + "summary": "https://rdf.spdx.org/v3/Core/summary", + "suppliedBy" : { + "@id": "https://rdf.spdx.org/v3/Core/suppliedBy", + "@type": "@id", + }, "supportLevel" : { "@context" : { - "@vocab": "spdx:Core/SupportType/", + "@vocab": "https://rdf.spdx.org/v3/Core/SupportType/", }, - "@id": "spdx:Core/supportLevel", + "@id": "https://rdf.spdx.org/v3/Core/supportLevel", "@type": "@vocab", }, - "to": "spdx:Core/to", + "to" : { + "@id": "https://rdf.spdx.org/v3/Core/to", + "@type": "@id", + }, "type": "@type", - "typeOfModel": "spdx:AI/typeOfModel", - "validUntilTime": "spdx:Core/validUntilTime", - "value": "spdx:Core/value", - "vectorString": "spdx:Security/vectorString", - "verifiedUsing": "spdx:Core/verifiedUsing", - "vexVersion": "spdx:Security/vexVersion", - "withdrawnTime": "spdx:Security/withdrawnTime", + "validUntilTime": "https://rdf.spdx.org/v3/Core/validUntilTime", + "value": "https://rdf.spdx.org/v3/Core/value", + "verifiedUsing" : { + "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing", + "@type": "@id", + }, }, ] @@ -1426,7 +1275,7 @@ def callback(value, path): # ENUMERATIONS # Categories of safety risk impact of the application. -class SafetyRiskAssessmentType(EnumProp): +class ai_SafetyRiskAssessmentType(EnumProp): TYPE = "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" valid_values = [ ("high", "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/high"), @@ -2013,7 +1862,7 @@ class SupportType(EnumProp): # Categories of confidentiality level. -class ConfidentialityLevelType(EnumProp): +class dataset_ConfidentialityLevelType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" valid_values = [ ("amber", "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/amber"), @@ -2032,7 +1881,7 @@ class ConfidentialityLevelType(EnumProp): # Availability of dataset -class DatasetAvailabilityType(EnumProp): +class dataset_DatasetAvailabilityType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" valid_values = [ ("clickthrough", "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/clickthrough"), @@ -2054,7 +1903,7 @@ class DatasetAvailabilityType(EnumProp): # Enumeration of dataset types. -class DatasetType(EnumProp): +class dataset_DatasetType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Dataset/DatasetType" valid_values = [ ("audio", "https://rdf.spdx.org/v3/Dataset/DatasetType/audio"), @@ -2103,7 +1952,7 @@ class DatasetType(EnumProp): # Specifies the CVSS base, temporal, threat, or environmental severity type. -class CvssSeverityType(EnumProp): +class security_CvssSeverityType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Security/CvssSeverityType" valid_values = [ ("critical", "https://rdf.spdx.org/v3/Security/CvssSeverityType/critical"), @@ -2125,7 +1974,7 @@ class CvssSeverityType(EnumProp): # Specifies the exploit catalog type. -class ExploitCatalogType(EnumProp): +class security_ExploitCatalogType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Security/ExploitCatalogType" valid_values = [ ("kev", "https://rdf.spdx.org/v3/Security/ExploitCatalogType/kev"), @@ -2138,7 +1987,7 @@ class ExploitCatalogType(EnumProp): # Specifies the SSVC decision type. -class SsvcDecisionType(EnumProp): +class security_SsvcDecisionType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Security/SsvcDecisionType" valid_values = [ ("act", "https://rdf.spdx.org/v3/Security/SsvcDecisionType/act"), @@ -2157,7 +2006,7 @@ class SsvcDecisionType(EnumProp): # Specifies the VEX justification type. -class VexJustificationType(EnumProp): +class security_VexJustificationType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Security/VexJustificationType" valid_values = [ ("componentNotPresent", "https://rdf.spdx.org/v3/Security/VexJustificationType/componentNotPresent"), @@ -2179,7 +2028,7 @@ class VexJustificationType(EnumProp): # Provides a set of values to be used to describe the common types of SBOMs that tools may create. -class SbomType(EnumProp): +class software_SbomType(EnumProp): TYPE = "https://rdf.spdx.org/v3/Software/SbomType" valid_values = [ ("analyzed", "https://rdf.spdx.org/v3/Software/SbomType/analyzed"), @@ -2204,7 +2053,7 @@ class SbomType(EnumProp): # Provides information about the primary purpose of an Element. -class SoftwarePurpose(EnumProp): +class software_SoftwarePurpose(EnumProp): TYPE = "https://rdf.spdx.org/v3/Software/SoftwarePurpose" valid_values = [ ("application", "https://rdf.spdx.org/v3/Software/SoftwarePurpose/application"), @@ -2428,7 +2277,7 @@ def __init__(self, **kwargs): # Specifies an Extension characterization of some aspect of an Element. self._add_property( "extension", - ListProp(ObjectProp(Extension, False)), + ListProp(ObjectProp(extension_Extension, False)), json_name="https://rdf.spdx.org/v3/Core/extension", ) self._set_init_props(**kwargs) @@ -2750,7 +2599,7 @@ def __init__(self, **kwargs): # Provides the license under which the SPDX documentation of the Element can be used. self._add_property( "dataLicense", - ObjectProp(AnyLicenseInfo, False), + ObjectProp(simplelicensing_AnyLicenseInfo, False), json_name="https://rdf.spdx.org/v3/Core/dataLicense", ) self._set_init_props(**kwargs) @@ -2773,57 +2622,57 @@ def __init__(self, **kwargs): # Abstract class for additional text intended to be added to a License, but # which is not itself a standalone License. -class LicenseAddition(Element): +class expandedlicensing_LicenseAddition(Element): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" def __init__(self, **kwargs): super().__init__() # Identifies the full text of a LicenseAddition. self._add_property( - "additionText", + "expandedlicensing_additionText", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/additionText", min_count=1, ) # Identifies the full text of a LicenseAddition, in SPDX templating format. self._add_property( - "standardAdditionTemplate", + "expandedlicensing_standardAdditionTemplate", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate", ) # Specifies whether an additional text identifier has been marked as deprecated. self._add_property( - "isDeprecatedAdditionId", + "expandedlicensing_isDeprecatedAdditionId", BooleanProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId", ) # Specifies the licenseId that is preferred to be used in place of a deprecated # License or LicenseAddition. self._add_property( - "obsoletedBy", + "expandedlicensing_obsoletedBy", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy", ) # Identifies all the text and metadata associated with a license in the license XML format. self._add_property( - "licenseXml", + "expandedlicensing_licenseXml", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml", ) # Contains a URL where the License or LicenseAddition can be found in use. self._add_property( - "seeAlso", + "expandedlicensing_seeAlso", ListProp(AnyURIProp()), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition"] = LicenseAddition +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition"] = expandedlicensing_LicenseAddition # A license exception that is listed on the SPDX Exceptions list. -class ListedLicenseException(LicenseAddition): +class expandedlicensing_ListedLicenseException(expandedlicensing_LicenseAddition): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException" def __init__(self, **kwargs): @@ -2831,25 +2680,25 @@ def __init__(self, **kwargs): # Specifies the SPDX License List version in which this ListedLicense or # ListedLicenseException identifier was first added. self._add_property( - "listVersionAdded", + "expandedlicensing_listVersionAdded", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded", ) # Specifies the SPDX License List version in which this license or exception # identifier was deprecated. self._add_property( - "deprecatedVersion", + "expandedlicensing_deprecatedVersion", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException"] = ListedLicenseException +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException"] = expandedlicensing_ListedLicenseException # A characterization of some aspect of an Element that is associated with the Element in a generalized fashion. -class Extension(SHACLObject): +class extension_Extension(SHACLObject): TYPE = "https://rdf.spdx.org/v3/Extension/Extension" def __init__(self, **kwargs): @@ -2857,11 +2706,11 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Extension/Extension"] = Extension +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Extension/Extension"] = extension_Extension # Abstract ancestor class for all vulnerability assessments -class VulnAssessmentRelationship(Relationship): +class security_VulnAssessmentRelationship(Relationship): TYPE = "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" def __init__(self, **kwargs): @@ -2869,13 +2718,13 @@ def __init__(self, **kwargs): # Specifies an element contained in a piece of software where a vulnerability was # found. self._add_property( - "assessedElement", + "security_assessedElement", ObjectProp(Element, False), json_name="https://rdf.spdx.org/v3/Security/assessedElement", ) # Specifies the time when a vulnerability was published. self._add_property( - "publishedTime", + "security_publishedTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/publishedTime", ) @@ -2887,26 +2736,26 @@ def __init__(self, **kwargs): ) # Specifies a time when a vulnerability assessment was modified self._add_property( - "modifiedTime", + "security_modifiedTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/modifiedTime", ) # Specified the time and date when a vulnerability was withdrawn. self._add_property( - "withdrawnTime", + "security_withdrawnTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/withdrawnTime", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship"] = VulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship"] = security_VulnAssessmentRelationship # Abstract class representing a license combination consisting of one or more # licenses (optionally including additional text), which may be combined # according to the SPDX license expression syntax. -class AnyLicenseInfo(Element): +class simplelicensing_AnyLicenseInfo(Element): TYPE = "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" def __init__(self, **kwargs): @@ -2914,49 +2763,49 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo"] = AnyLicenseInfo +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo"] = simplelicensing_AnyLicenseInfo # An SPDX Element containing an SPDX license expression string. -class LicenseExpression(AnyLicenseInfo): +class simplelicensing_LicenseExpression(simplelicensing_AnyLicenseInfo): TYPE = "https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression" def __init__(self, **kwargs): super().__init__() # A string in the license expression format. self._add_property( - "licenseExpression", + "simplelicensing_licenseExpression", StringProp(), json_name="https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression", min_count=1, ) # The version of the SPDX License List used in the license expression. self._add_property( - "licenseListVersion", + "simplelicensing_licenseListVersion", SemVerProp(), json_name="https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion", ) # Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID. self._add_property( - "customIdToUri", + "simplelicensing_customIdToUri", ListProp(ObjectProp(DictionaryEntry, False)), json_name="https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression"] = LicenseExpression +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression"] = simplelicensing_LicenseExpression # A license or addition that is not listed on the SPDX License List. -class SimpleLicensingText(Element): +class simplelicensing_SimpleLicensingText(Element): TYPE = "https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText" def __init__(self, **kwargs): super().__init__() # Identifies the full text of a License or Addition. self._add_property( - "licenseText", + "simplelicensing_licenseText", StringProp(), json_name="https://rdf.spdx.org/v3/SimpleLicensing/licenseText", min_count=1, @@ -2964,74 +2813,74 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText"] = SimpleLicensingText +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText"] = simplelicensing_SimpleLicensingText # Class that describes a build instance of software/artifacts. -class Build(Element): +class build_Build(Element): TYPE = "https://rdf.spdx.org/v3/Build/Build" def __init__(self, **kwargs): super().__init__() # A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on. self._add_property( - "buildType", + "build_buildType", AnyURIProp(), json_name="https://rdf.spdx.org/v3/Build/buildType", min_count=1, ) # A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it. self._add_property( - "buildId", + "build_buildId", StringProp(), json_name="https://rdf.spdx.org/v3/Build/buildId", ) # Property describes the invocation entrypoint of a build. self._add_property( - "configSourceEntrypoint", + "build_configSourceEntrypoint", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/Build/configSourceEntrypoint", ) # Property that describes the URI of the build configuration source file. self._add_property( - "configSourceUri", + "build_configSourceUri", ListProp(AnyURIProp()), json_name="https://rdf.spdx.org/v3/Build/configSourceUri", ) # Property that describes the digest of the build configuration file used to invoke a build. self._add_property( - "configSourceDigest", + "build_configSourceDigest", ListProp(ObjectProp(Hash, False)), json_name="https://rdf.spdx.org/v3/Build/configSourceDigest", ) # Property describing the parameters used in an instance of a build. self._add_property( - "parameters", + "build_parameters", ListProp(ObjectProp(DictionaryEntry, False)), json_name="https://rdf.spdx.org/v3/Build/parameters", ) # Property describing the start time of a build. self._add_property( - "buildStartTime", + "build_buildStartTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Build/buildStartTime", ) # Property that describes the time at which a build stops. self._add_property( - "buildEndTime", + "build_buildEndTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Build/buildEndTime", ) # Property describing the session in which a build is invoked. self._add_property( - "environment", + "build_environment", ListProp(ObjectProp(DictionaryEntry, False)), json_name="https://rdf.spdx.org/v3/Build/environment", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Build/Build"] = Build +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Build/Build"] = build_Build # Agent represents anything with the potential to act on a system. @@ -3239,26 +3088,26 @@ def __init__(self, **kwargs): # Portion of an AnyLicenseInfo representing a set of licensing information # where all elements apply. -class ConjunctiveLicenseSet(AnyLicenseInfo): +class expandedlicensing_ConjunctiveLicenseSet(simplelicensing_AnyLicenseInfo): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet" def __init__(self, **kwargs): super().__init__() # A license expression participating in a license set. self._add_property( - "member", - ListProp(ObjectProp(AnyLicenseInfo, False)), + "expandedlicensing_member", + ListProp(ObjectProp(simplelicensing_AnyLicenseInfo, False)), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/member", min_count=2, ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet"] = ConjunctiveLicenseSet +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet"] = expandedlicensing_ConjunctiveLicenseSet # A license addition that is not listed on the SPDX Exceptions List. -class CustomLicenseAddition(LicenseAddition): +class expandedlicensing_CustomLicenseAddition(expandedlicensing_LicenseAddition): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition" def __init__(self, **kwargs): @@ -3266,31 +3115,31 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition"] = CustomLicenseAddition +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition"] = expandedlicensing_CustomLicenseAddition # Portion of an AnyLicenseInfo representing a set of licensing information # where only any one of the elements applies. -class DisjunctiveLicenseSet(AnyLicenseInfo): +class expandedlicensing_DisjunctiveLicenseSet(simplelicensing_AnyLicenseInfo): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet" def __init__(self, **kwargs): super().__init__() # A license expression participating in a license set. self._add_property( - "member", - ListProp(ObjectProp(AnyLicenseInfo, False)), + "expandedlicensing_member", + ListProp(ObjectProp(simplelicensing_AnyLicenseInfo, False)), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/member", min_count=2, ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet"] = DisjunctiveLicenseSet +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet"] = expandedlicensing_DisjunctiveLicenseSet # Abstract class representing a License or an OrLaterOperator. -class ExtendableLicense(AnyLicenseInfo): +class expandedlicensing_ExtendableLicense(simplelicensing_AnyLicenseInfo): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" def __init__(self, **kwargs): @@ -3298,11 +3147,11 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense"] = ExtendableLicense +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense"] = expandedlicensing_ExtendableLicense # A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile. -class IndividualLicensingInfo(AnyLicenseInfo): +class expandedlicensing_IndividualLicensingInfo(simplelicensing_AnyLicenseInfo): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo" def __init__(self, **kwargs): @@ -3310,18 +3159,18 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo"] = IndividualLicensingInfo +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo"] = expandedlicensing_IndividualLicensingInfo # Abstract class for the portion of an AnyLicenseInfo representing a license. -class License(ExtendableLicense): +class expandedlicensing_License(expandedlicensing_ExtendableLicense): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/License" def __init__(self, **kwargs): super().__init__() # Identifies the full text of a License or Addition. self._add_property( - "licenseText", + "simplelicensing_licenseText", StringProp(), json_name="https://rdf.spdx.org/v3/SimpleLicensing/licenseText", min_count=1, @@ -3329,64 +3178,64 @@ def __init__(self, **kwargs): # Specifies whether the License is listed as approved by the # [Open Source Initiative (OSI)](https://opensource.org). self._add_property( - "isOsiApproved", + "expandedlicensing_isOsiApproved", BooleanProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved", ) # Specifies whether the License is listed as free by the # [Free Software Foundation (FSF)](https://fsf.org). self._add_property( - "isFsfLibre", + "expandedlicensing_isFsfLibre", BooleanProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre", ) # Provides a License author's preferred text to indicate that a file is covered # by the License. self._add_property( - "standardLicenseHeader", + "expandedlicensing_standardLicenseHeader", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader", ) # Identifies the full text of a License, in SPDX templating format. self._add_property( - "standardLicenseTemplate", + "expandedlicensing_standardLicenseTemplate", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate", ) # Specifies whether a license or additional text identifier has been marked as # deprecated. self._add_property( - "isDeprecatedLicenseId", + "expandedlicensing_isDeprecatedLicenseId", BooleanProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId", ) # Specifies the licenseId that is preferred to be used in place of a deprecated # License or LicenseAddition. self._add_property( - "obsoletedBy", + "expandedlicensing_obsoletedBy", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy", ) # Identifies all the text and metadata associated with a license in the license XML format. self._add_property( - "licenseXml", + "expandedlicensing_licenseXml", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml", ) # Contains a URL where the License or LicenseAddition can be found in use. self._add_property( - "seeAlso", + "expandedlicensing_seeAlso", ListProp(AnyURIProp()), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/License"] = License +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/License"] = expandedlicensing_License # A license that is listed on the SPDX License List. -class ListedLicense(License): +class expandedlicensing_ListedLicense(expandedlicensing_License): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense" def __init__(self, **kwargs): @@ -3394,86 +3243,86 @@ def __init__(self, **kwargs): # Specifies the SPDX License List version in which this ListedLicense or # ListedLicenseException identifier was first added. self._add_property( - "listVersionAdded", + "expandedlicensing_listVersionAdded", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded", ) # Specifies the SPDX License List version in which this license or exception # identifier was deprecated. self._add_property( - "deprecatedVersion", + "expandedlicensing_deprecatedVersion", StringProp(), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense"] = ListedLicense +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense"] = expandedlicensing_ListedLicense # Portion of an AnyLicenseInfo representing this version, or any later version, # of the indicated License. -class OrLaterOperator(ExtendableLicense): +class expandedlicensing_OrLaterOperator(expandedlicensing_ExtendableLicense): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator" def __init__(self, **kwargs): super().__init__() # A License participating in an 'or later' model. self._add_property( - "subjectLicense", - ObjectProp(License, True), + "expandedlicensing_subjectLicense", + ObjectProp(expandedlicensing_License, True), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense", min_count=1, ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator"] = OrLaterOperator +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator"] = expandedlicensing_OrLaterOperator # Portion of an AnyLicenseInfo representing a License which has additional # text applied to it. -class WithAdditionOperator(AnyLicenseInfo): +class expandedlicensing_WithAdditionOperator(simplelicensing_AnyLicenseInfo): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator" def __init__(self, **kwargs): super().__init__() # A License participating in a 'with addition' model. self._add_property( - "subjectExtendableLicense", - ObjectProp(ExtendableLicense, True), + "expandedlicensing_subjectExtendableLicense", + ObjectProp(expandedlicensing_ExtendableLicense, True), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense", min_count=1, ) # A LicenseAddition participating in a 'with addition' model. self._add_property( - "subjectAddition", - ObjectProp(LicenseAddition, True), + "expandedlicensing_subjectAddition", + ObjectProp(expandedlicensing_LicenseAddition, True), json_name="https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition", min_count=1, ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator"] = WithAdditionOperator +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator"] = expandedlicensing_WithAdditionOperator # Provides a CVSS version 2.0 assessment for a vulnerability. -class CvssV2VulnAssessmentRelationship(VulnAssessmentRelationship): +class security_CvssV2VulnAssessmentRelationship(security_VulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship" def __init__(self, **kwargs): super().__init__() # Provides a numerical (0-10) representation of the severity of a vulnerability. self._add_property( - "score", + "security_score", FloatProp(), json_name="https://rdf.spdx.org/v3/Security/score", min_count=1, ) # Specifies the CVSS vector string for a vulnerability. self._add_property( - "vectorString", + "security_vectorString", StringProp(), json_name="https://rdf.spdx.org/v3/Security/vectorString", min_count=1, @@ -3481,32 +3330,32 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship"] = CvssV2VulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship"] = security_CvssV2VulnAssessmentRelationship # Provides a CVSS version 3 assessment for a vulnerability. -class CvssV3VulnAssessmentRelationship(VulnAssessmentRelationship): +class security_CvssV3VulnAssessmentRelationship(security_VulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship" def __init__(self, **kwargs): super().__init__() # Provides a numerical (0-10) representation of the severity of a vulnerability. self._add_property( - "score", + "security_score", FloatProp(), json_name="https://rdf.spdx.org/v3/Security/score", min_count=1, ) # Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. self._add_property( - "severity", - CvssSeverityType(), + "security_severity", + security_CvssSeverityType(), json_name="https://rdf.spdx.org/v3/Security/severity", min_count=1, ) # Specifies the CVSS vector string for a vulnerability. self._add_property( - "vectorString", + "security_vectorString", StringProp(), json_name="https://rdf.spdx.org/v3/Security/vectorString", min_count=1, @@ -3514,32 +3363,32 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship"] = CvssV3VulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship"] = security_CvssV3VulnAssessmentRelationship # Provides a CVSS version 4 assessment for a vulnerability. -class CvssV4VulnAssessmentRelationship(VulnAssessmentRelationship): +class security_CvssV4VulnAssessmentRelationship(security_VulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship" def __init__(self, **kwargs): super().__init__() # Provides a numerical (0-10) representation of the severity of a vulnerability. self._add_property( - "score", + "security_score", FloatProp(), json_name="https://rdf.spdx.org/v3/Security/score", min_count=1, ) # Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. self._add_property( - "severity", - CvssSeverityType(), + "security_severity", + security_CvssSeverityType(), json_name="https://rdf.spdx.org/v3/Security/severity", min_count=1, ) # Specifies the CVSS vector string for a vulnerability. self._add_property( - "vectorString", + "security_vectorString", StringProp(), json_name="https://rdf.spdx.org/v3/Security/vectorString", min_count=1, @@ -3547,32 +3396,32 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship"] = CvssV4VulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship"] = security_CvssV4VulnAssessmentRelationship # Provides an EPSS assessment for a vulnerability. -class EpssVulnAssessmentRelationship(VulnAssessmentRelationship): +class security_EpssVulnAssessmentRelationship(security_VulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship" def __init__(self, **kwargs): super().__init__() # A probability score between 0 and 1 of a vulnerability being exploited. self._add_property( - "probability", + "security_probability", FloatProp(), json_name="https://rdf.spdx.org/v3/Security/probability", min_count=1, ) # The percentile of the current probability score. self._add_property( - "percentile", + "security_percentile", FloatProp(), json_name="https://rdf.spdx.org/v3/Security/percentile", min_count=1, ) # Specifies the time when a vulnerability was published. self._add_property( - "publishedTime", + "security_publishedTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/publishedTime", min_count=1, @@ -3580,32 +3429,32 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship"] = EpssVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship"] = security_EpssVulnAssessmentRelationship # Provides an exploit assessment of a vulnerability. -class ExploitCatalogVulnAssessmentRelationship(VulnAssessmentRelationship): +class security_ExploitCatalogVulnAssessmentRelationship(security_VulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship" def __init__(self, **kwargs): super().__init__() # Specifies the exploit catalog type. self._add_property( - "catalogType", - ExploitCatalogType(), + "security_catalogType", + security_ExploitCatalogType(), json_name="https://rdf.spdx.org/v3/Security/catalogType", min_count=1, ) # Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog. self._add_property( - "exploited", + "security_exploited", BooleanProp(), json_name="https://rdf.spdx.org/v3/Security/exploited", min_count=1, ) # Provides the location of an exploit catalog. self._add_property( - "Securitylocator", + "security_locator", AnyURIProp(), json_name="https://rdf.spdx.org/v3/Security/locator", min_count=1, @@ -3613,125 +3462,125 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship"] = ExploitCatalogVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship"] = security_ExploitCatalogVulnAssessmentRelationship # Provides an SSVC assessment for a vulnerability. -class SsvcVulnAssessmentRelationship(VulnAssessmentRelationship): +class security_SsvcVulnAssessmentRelationship(security_VulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship" def __init__(self, **kwargs): super().__init__() # Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf) self._add_property( - "decisionType", - SsvcDecisionType(), + "security_decisionType", + security_SsvcDecisionType(), json_name="https://rdf.spdx.org/v3/Security/decisionType", min_count=1, ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship"] = SsvcVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship"] = security_SsvcVulnAssessmentRelationship # Asbtract ancestor class for all VEX relationships -class VexVulnAssessmentRelationship(VulnAssessmentRelationship): +class security_VexVulnAssessmentRelationship(security_VulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" def __init__(self, **kwargs): super().__init__() # Specifies the version of the VEX document. self._add_property( - "vexVersion", + "security_vexVersion", StringProp(), json_name="https://rdf.spdx.org/v3/Security/vexVersion", ) # Conveys information about how VEX status was determined. self._add_property( - "statusNotes", + "security_statusNotes", StringProp(), json_name="https://rdf.spdx.org/v3/Security/statusNotes", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship"] = VexVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship"] = security_VexVulnAssessmentRelationship # Specifies a vulnerability and its associated information. -class Vulnerability(Artifact): +class security_Vulnerability(Artifact): TYPE = "https://rdf.spdx.org/v3/Security/Vulnerability" def __init__(self, **kwargs): super().__init__() # Specifies the time when a vulnerability was published. self._add_property( - "publishedTime", + "security_publishedTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/publishedTime", ) # Specifies a time when a vulnerability assessment was modified self._add_property( - "modifiedTime", + "security_modifiedTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/modifiedTime", ) # Specified the time and date when a vulnerability was withdrawn. self._add_property( - "withdrawnTime", + "security_withdrawnTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/withdrawnTime", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/Vulnerability"] = Vulnerability +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/Vulnerability"] = security_Vulnerability # A distinct article or unit related to Software. -class SoftwareArtifact(Artifact): +class software_SoftwareArtifact(Artifact): TYPE = "https://rdf.spdx.org/v3/Software/SoftwareArtifact" def __init__(self, **kwargs): super().__init__() # Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification. self._add_property( - "gitoid", + "software_gitoid", ListProp(AnyURIProp()), json_name="https://rdf.spdx.org/v3/Software/gitoid", max_count=2, ) # Provides information about the primary purpose of the software artifact. self._add_property( - "primaryPurpose", - SoftwarePurpose(), + "software_primaryPurpose", + software_SoftwarePurpose(), json_name="https://rdf.spdx.org/v3/Software/primaryPurpose", ) # Provides additional purpose information of the software artifact. self._add_property( - "additionalPurpose", - ListProp(SoftwarePurpose()), + "software_additionalPurpose", + ListProp(software_SoftwarePurpose()), json_name="https://rdf.spdx.org/v3/Software/additionalPurpose", ) # Identifies the text of one or more copyright notices for a software Package, # File or Snippet, if any. self._add_property( - "copyrightText", + "software_copyrightText", StringProp(), json_name="https://rdf.spdx.org/v3/Software/copyrightText", ) # Provides a place for the SPDX data creator to record acknowledgement text for # a software Package, File or Snippet. self._add_property( - "attributionText", + "software_attributionText", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/Software/attributionText", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/SoftwareArtifact"] = SoftwareArtifact +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/SoftwareArtifact"] = software_SoftwareArtifact # A container for a grouping of SPDX-3.0 content characterizing details @@ -3748,7 +3597,7 @@ def __init__(self, **kwargs): # A license that is not listed on the SPDX License List. -class CustomLicense(License): +class expandedlicensing_CustomLicense(expandedlicensing_License): TYPE = "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense" def __init__(self, **kwargs): @@ -3756,12 +3605,12 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense"] = CustomLicense +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense"] = expandedlicensing_CustomLicense # Connects a vulnerability and an element designating the element as a product # affected by the vulnerability. -class VexAffectedVulnAssessmentRelationship(VexVulnAssessmentRelationship): +class security_VexAffectedVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship" def __init__(self, **kwargs): @@ -3769,26 +3618,26 @@ def __init__(self, **kwargs): # Provides advise on how to mitigate or remediate a vulnerability when a VEX product # is affected by it. self._add_property( - "actionStatement", + "security_actionStatement", StringProp(), json_name="https://rdf.spdx.org/v3/Security/actionStatement", ) # Records the time when a recommended action was communicated in a VEX statement # to mitigate a vulnerability. self._add_property( - "actionStatementTime", + "security_actionStatementTime", ListProp(DateTimeProp()), json_name="https://rdf.spdx.org/v3/Security/actionStatementTime", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship"] = VexAffectedVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship"] = security_VexAffectedVulnAssessmentRelationship # Links a vulnerability and elements representing products (in the VEX sense) where # a fix has been applied and are no longer affected. -class VexFixedVulnAssessmentRelationship(VexVulnAssessmentRelationship): +class security_VexFixedVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship" def __init__(self, **kwargs): @@ -3796,12 +3645,12 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship"] = VexFixedVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship"] = security_VexFixedVulnAssessmentRelationship # Links a vulnerability and one or more elements designating the latter as products # not affected by the vulnerability. -class VexNotAffectedVulnAssessmentRelationship(VexVulnAssessmentRelationship): +class security_VexNotAffectedVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship" def __init__(self, **kwargs): @@ -3810,33 +3659,33 @@ def __init__(self, **kwargs): # representing a VEX product with a VexNotAffectedVulnAssessmentRelationship # relationship. self._add_property( - "justificationType", - VexJustificationType(), + "security_justificationType", + security_VexJustificationType(), json_name="https://rdf.spdx.org/v3/Security/justificationType", ) # Explains why a VEX product is not affected by a vulnerability. It is an # alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable # justification label. self._add_property( - "impactStatement", + "security_impactStatement", StringProp(), json_name="https://rdf.spdx.org/v3/Security/impactStatement", ) # Timestamp of impact statement. self._add_property( - "impactStatementTime", + "security_impactStatementTime", DateTimeProp(), json_name="https://rdf.spdx.org/v3/Security/impactStatementTime", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship"] = VexNotAffectedVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship"] = security_VexNotAffectedVulnAssessmentRelationship # Designates elements as products where the impact of a vulnerability is being # investigated. -class VexUnderInvestigationVulnAssessmentRelationship(VexVulnAssessmentRelationship): +class security_VexUnderInvestigationVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): TYPE = "https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship" def __init__(self, **kwargs): @@ -3844,316 +3693,316 @@ def __init__(self, **kwargs): self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship"] = VexUnderInvestigationVulnAssessmentRelationship +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship"] = security_VexUnderInvestigationVulnAssessmentRelationship # Refers to any object that stores content on a computer. -class File(SoftwareArtifact): +class software_File(software_SoftwareArtifact): TYPE = "https://rdf.spdx.org/v3/Software/File" def __init__(self, **kwargs): super().__init__() # Provides information about the content type of an Element. self._add_property( - "SoftwarecontentType", + "software_contentType", MediaTypeProp(), json_name="https://rdf.spdx.org/v3/Software/contentType", ) # If true, denotes the Element is a directory. self._add_property( - "isDirectory", + "software_isDirectory", BooleanProp(), json_name="https://rdf.spdx.org/v3/Software/isDirectory", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/File"] = File +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/File"] = software_File # Refers to any unit of content that can be associated with a distribution of software. -class Package(SoftwareArtifact): +class software_Package(software_SoftwareArtifact): TYPE = "https://rdf.spdx.org/v3/Software/Package" def __init__(self, **kwargs): super().__init__() # Identify the version of a package. self._add_property( - "packageVersion", + "software_packageVersion", StringProp(), json_name="https://rdf.spdx.org/v3/Software/packageVersion", ) # Identifies the download Uniform Resource Identifier for the package at the time that the document was created. self._add_property( - "downloadLocation", + "software_downloadLocation", AnyURIProp(), json_name="https://rdf.spdx.org/v3/Software/downloadLocation", ) # Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package. self._add_property( - "packageUrl", + "software_packageUrl", AnyURIProp(), json_name="https://rdf.spdx.org/v3/Software/packageUrl", ) # A place for the SPDX document creator to record a website that serves as the package's home page. self._add_property( - "homePage", + "software_homePage", AnyURIProp(), json_name="https://rdf.spdx.org/v3/Software/homePage", ) # Records any relevant background information or additional comments # about the origin of the package. self._add_property( - "sourceInfo", + "software_sourceInfo", StringProp(), json_name="https://rdf.spdx.org/v3/Software/sourceInfo", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/Package"] = Package +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/Package"] = software_Package # A collection of SPDX Elements describing a single package. -class Sbom(Bom): +class software_Sbom(Bom): TYPE = "https://rdf.spdx.org/v3/Software/Sbom" def __init__(self, **kwargs): super().__init__() # Provides information about the type of an SBOM. self._add_property( - "sbomType", - ListProp(SbomType()), + "software_sbomType", + ListProp(software_SbomType()), json_name="https://rdf.spdx.org/v3/Software/sbomType", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/Sbom"] = Sbom +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/Sbom"] = software_Sbom # Describes a certain part of a file. -class Snippet(SoftwareArtifact): +class software_Snippet(software_SoftwareArtifact): TYPE = "https://rdf.spdx.org/v3/Software/Snippet" def __init__(self, **kwargs): super().__init__() # Defines the byte range in the original host file that the snippet information applies to. self._add_property( - "byteRange", + "software_byteRange", ObjectProp(PositiveIntegerRange, False), json_name="https://rdf.spdx.org/v3/Software/byteRange", ) # Defines the line range in the original host file that the snippet information applies to. self._add_property( - "lineRange", + "software_lineRange", ObjectProp(PositiveIntegerRange, False), json_name="https://rdf.spdx.org/v3/Software/lineRange", ) # Defines the original host file that the snippet information applies to. self._add_property( - "snippetFromFile", - ObjectProp(File, True), + "software_snippetFromFile", + ObjectProp(software_File, True), json_name="https://rdf.spdx.org/v3/Software/snippetFromFile", min_count=1, ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/Snippet"] = Snippet +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Software/Snippet"] = software_Snippet # Provides information about the fields in the AI package profile. -class AIPackage(Package): +class ai_AIPackage(software_Package): TYPE = "https://rdf.spdx.org/v3/AI/AIPackage" def __init__(self, **kwargs): super().__init__() # Indicates the amount of energy consumed to build the AI package. self._add_property( - "energyConsumption", + "ai_energyConsumption", StringProp(), json_name="https://rdf.spdx.org/v3/AI/energyConsumption", ) # Captures a standard that is being complied with. self._add_property( - "standardCompliance", + "ai_standardCompliance", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/AI/standardCompliance", ) # Captures a limitation of the AI software. self._add_property( - "limitation", + "ai_limitation", StringProp(), json_name="https://rdf.spdx.org/v3/AI/limitation", ) # Records the type of the model used in the AI software. self._add_property( - "typeOfModel", + "ai_typeOfModel", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/AI/typeOfModel", ) # Describes relevant information about different steps of the training process. self._add_property( - "informationAboutTraining", + "ai_informationAboutTraining", StringProp(), json_name="https://rdf.spdx.org/v3/AI/informationAboutTraining", ) # Provides relevant information about the AI software, not including the model description. self._add_property( - "informationAboutApplication", + "ai_informationAboutApplication", StringProp(), json_name="https://rdf.spdx.org/v3/AI/informationAboutApplication", ) # Records a hyperparameter used to build the AI model contained in the AI package. self._add_property( - "hyperparameter", + "ai_hyperparameter", ListProp(ObjectProp(DictionaryEntry, False)), json_name="https://rdf.spdx.org/v3/AI/hyperparameter", ) # Describes all the preprocessing steps applied to the training data before the model training. self._add_property( - "modelDataPreprocessing", + "ai_modelDataPreprocessing", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/AI/modelDataPreprocessing", ) # Describes methods that can be used to explain the model. self._add_property( - "modelExplainability", + "ai_modelExplainability", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/AI/modelExplainability", ) # Records if sensitive personal information is used during model training. self._add_property( - "sensitivePersonalInformation", + "ai_sensitivePersonalInformation", PresenceType(), json_name="https://rdf.spdx.org/v3/AI/sensitivePersonalInformation", ) # Captures the threshold that was used for computation of a metric described in the metric field. self._add_property( - "metricDecisionThreshold", + "ai_metricDecisionThreshold", ListProp(ObjectProp(DictionaryEntry, False)), json_name="https://rdf.spdx.org/v3/AI/metricDecisionThreshold", ) # Records the measurement of prediction quality of the AI model. self._add_property( - "metric", + "ai_metric", ListProp(ObjectProp(DictionaryEntry, False)), json_name="https://rdf.spdx.org/v3/AI/metric", ) # Captures the domain in which the AI package can be used. self._add_property( - "domain", + "ai_domain", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/AI/domain", ) # States if a human is involved in the decisions of the AI software. self._add_property( - "autonomyType", + "ai_autonomyType", PresenceType(), json_name="https://rdf.spdx.org/v3/AI/autonomyType", ) # Categorizes safety risk impact of AI software. self._add_property( - "safetyRiskAssessment", - SafetyRiskAssessmentType(), + "ai_safetyRiskAssessment", + ai_SafetyRiskAssessmentType(), json_name="https://rdf.spdx.org/v3/AI/safetyRiskAssessment", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/AI/AIPackage"] = AIPackage +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/AI/AIPackage"] = ai_AIPackage # Provides information about the fields in the Dataset profile. -class Dataset(Package): +class dataset_Dataset(software_Package): TYPE = "https://rdf.spdx.org/v3/Dataset/Dataset" def __init__(self, **kwargs): super().__init__() # Describes the type of the given dataset. self._add_property( - "datasetType", - ListProp(DatasetType()), + "dataset_datasetType", + ListProp(dataset_DatasetType()), json_name="https://rdf.spdx.org/v3/Dataset/datasetType", min_count=1, ) # Describes how the dataset was collected. self._add_property( - "dataCollectionProcess", + "dataset_dataCollectionProcess", StringProp(), json_name="https://rdf.spdx.org/v3/Dataset/dataCollectionProcess", ) # Describes what the given dataset should be used for. self._add_property( - "intendedUse", + "dataset_intendedUse", StringProp(), json_name="https://rdf.spdx.org/v3/Dataset/intendedUse", ) # Captures the size of the dataset. self._add_property( - "datasetSize", + "dataset_datasetSize", NonNegativeIntegerProp(), json_name="https://rdf.spdx.org/v3/Dataset/datasetSize", ) # Describes potentially noisy elements of the dataset. self._add_property( - "datasetNoise", + "dataset_datasetNoise", StringProp(), json_name="https://rdf.spdx.org/v3/Dataset/datasetNoise", ) # Describes the preprocessing steps that were applied to the raw data to create the given dataset. self._add_property( - "dataPreprocessing", + "dataset_dataPreprocessing", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/Dataset/dataPreprocessing", ) # Describes a sensor used for collecting the data. self._add_property( - "sensor", + "dataset_sensor", ListProp(ObjectProp(DictionaryEntry, False)), json_name="https://rdf.spdx.org/v3/Dataset/sensor", ) # Records the biases that the dataset is known to encompass. self._add_property( - "knownBias", + "dataset_knownBias", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/Dataset/knownBias", ) # Describes if any sensitive personal information is present in the dataset. self._add_property( - "DatasetsensitivePersonalInformation", + "dataset_sensitivePersonalInformation", PresenceType(), json_name="https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation", ) # Describes the anonymization methods used. self._add_property( - "anonymizationMethodUsed", + "dataset_anonymizationMethodUsed", ListProp(StringProp()), json_name="https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed", ) # Describes the confidentiality level of the data points contained in the dataset. self._add_property( - "confidentialityLevel", - ConfidentialityLevelType(), + "dataset_confidentialityLevel", + dataset_ConfidentialityLevelType(), json_name="https://rdf.spdx.org/v3/Dataset/confidentialityLevel", ) # Describes a mechanism to update the dataset. self._add_property( - "datasetUpdateMechanism", + "dataset_datasetUpdateMechanism", StringProp(), json_name="https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism", ) # The field describes the availability of a dataset. self._add_property( - "datasetAvailability", - DatasetAvailabilityType(), + "dataset_datasetAvailability", + dataset_DatasetAvailabilityType(), json_name="https://rdf.spdx.org/v3/Dataset/datasetAvailability", ) self._set_init_props(**kwargs) -SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Dataset/Dataset"] = Dataset +SHACLObject.DESERIALIZERS["https://rdf.spdx.org/v3/Dataset/Dataset"] = dataset_Dataset # Copyright (c) 2024 Joshua Watt diff --git a/tests/expect/raw/spdx3-context.txt b/tests/expect/raw/spdx3-context.txt index dc2a533..661c37a 100644 --- a/tests/expect/raw/spdx3-context.txt +++ b/tests/expect/raw/spdx3-context.txt @@ -1,6 +1,6 @@ Context: https://spdx.github.io/spdx-3-model/context.json -https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType: SafetyRiskAssessmentType +https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType: ai_SafetyRiskAssessmentType https://rdf.spdx.org/v3/Core/AnnotationType: AnnotationType @@ -22,23 +22,23 @@ https://rdf.spdx.org/v3/Core/RelationshipType: RelationshipType https://rdf.spdx.org/v3/Core/SupportType: SupportType -https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType: ConfidentialityLevelType +https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType: dataset_ConfidentialityLevelType -https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType: DatasetAvailabilityType +https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType: dataset_DatasetAvailabilityType -https://rdf.spdx.org/v3/Dataset/DatasetType: DatasetType +https://rdf.spdx.org/v3/Dataset/DatasetType: dataset_DatasetType -https://rdf.spdx.org/v3/Security/CvssSeverityType: CvssSeverityType +https://rdf.spdx.org/v3/Security/CvssSeverityType: security_CvssSeverityType -https://rdf.spdx.org/v3/Security/ExploitCatalogType: ExploitCatalogType +https://rdf.spdx.org/v3/Security/ExploitCatalogType: security_ExploitCatalogType -https://rdf.spdx.org/v3/Security/SsvcDecisionType: SsvcDecisionType +https://rdf.spdx.org/v3/Security/SsvcDecisionType: security_SsvcDecisionType -https://rdf.spdx.org/v3/Security/VexJustificationType: VexJustificationType +https://rdf.spdx.org/v3/Security/VexJustificationType: security_VexJustificationType -https://rdf.spdx.org/v3/Software/SbomType: SbomType +https://rdf.spdx.org/v3/Software/SbomType: software_SbomType -https://rdf.spdx.org/v3/Software/SoftwarePurpose: SoftwarePurpose +https://rdf.spdx.org/v3/Software/SoftwarePurpose: software_SoftwarePurpose https://rdf.spdx.org/v3/Core/CreationInfo: CreationInfo @@ -69,21 +69,21 @@ https://rdf.spdx.org/v3/Core/SpdxDocument: SpdxDocument https://rdf.spdx.org/v3/Core/Tool: Tool -https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition: LicenseAddition +https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition: expandedlicensing_LicenseAddition -https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException: ListedLicenseException +https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException: expandedlicensing_ListedLicenseException -https://rdf.spdx.org/v3/Extension/Extension: Extension +https://rdf.spdx.org/v3/Extension/Extension: extension_Extension -https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship: VulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship: security_VulnAssessmentRelationship -https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo: AnyLicenseInfo +https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo: simplelicensing_AnyLicenseInfo -https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression: LicenseExpression +https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression: simplelicensing_LicenseExpression -https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText: SimpleLicensingText +https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText: simplelicensing_SimpleLicensingText -https://rdf.spdx.org/v3/Build/Build: Build +https://rdf.spdx.org/v3/Build/Build: build_Build https://rdf.spdx.org/v3/Core/Agent: Agent @@ -103,62 +103,62 @@ https://rdf.spdx.org/v3/Core/Person: Person https://rdf.spdx.org/v3/Core/SoftwareAgent: SoftwareAgent -https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet: ConjunctiveLicenseSet +https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet: expandedlicensing_ConjunctiveLicenseSet -https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition: CustomLicenseAddition +https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition: expandedlicensing_CustomLicenseAddition -https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet: DisjunctiveLicenseSet +https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet: expandedlicensing_DisjunctiveLicenseSet -https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense: ExtendableLicense +https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense: expandedlicensing_ExtendableLicense -https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo: IndividualLicensingInfo +https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo: expandedlicensing_IndividualLicensingInfo -https://rdf.spdx.org/v3/ExpandedLicensing/License: License +https://rdf.spdx.org/v3/ExpandedLicensing/License: expandedlicensing_License -https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense: ListedLicense +https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense: expandedlicensing_ListedLicense -https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator: OrLaterOperator +https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator: expandedlicensing_OrLaterOperator -https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator: WithAdditionOperator +https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator: expandedlicensing_WithAdditionOperator -https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship: CvssV2VulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship: security_CvssV2VulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship: CvssV3VulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship: security_CvssV3VulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship: CvssV4VulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship: security_CvssV4VulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship: EpssVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship: security_EpssVulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship: ExploitCatalogVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship: security_ExploitCatalogVulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship: SsvcVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship: security_SsvcVulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship: VexVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship: security_VexVulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/Vulnerability: Vulnerability +https://rdf.spdx.org/v3/Security/Vulnerability: security_Vulnerability -https://rdf.spdx.org/v3/Software/SoftwareArtifact: SoftwareArtifact +https://rdf.spdx.org/v3/Software/SoftwareArtifact: software_SoftwareArtifact https://rdf.spdx.org/v3/Core/Bom: Bom -https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense: CustomLicense +https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense: expandedlicensing_CustomLicense -https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship: VexAffectedVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship: security_VexAffectedVulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship: VexFixedVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship: security_VexFixedVulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship: VexNotAffectedVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship: security_VexNotAffectedVulnAssessmentRelationship -https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship: VexUnderInvestigationVulnAssessmentRelationship +https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship: security_VexUnderInvestigationVulnAssessmentRelationship -https://rdf.spdx.org/v3/Software/File: File +https://rdf.spdx.org/v3/Software/File: software_File -https://rdf.spdx.org/v3/Software/Package: Package +https://rdf.spdx.org/v3/Software/Package: software_Package -https://rdf.spdx.org/v3/Software/Sbom: Sbom +https://rdf.spdx.org/v3/Software/Sbom: software_Sbom -https://rdf.spdx.org/v3/Software/Snippet: Snippet +https://rdf.spdx.org/v3/Software/Snippet: software_Snippet -https://rdf.spdx.org/v3/AI/AIPackage: AIPackage +https://rdf.spdx.org/v3/AI/AIPackage: ai_AIPackage -https://rdf.spdx.org/v3/Dataset/Dataset: Dataset +https://rdf.spdx.org/v3/Dataset/Dataset: dataset_Dataset