diff --git a/resources/schema-v3.0.1.json b/resources/schema-v3.0.1.json index 5f0fcc3..ccb1933 100644 --- a/resources/schema-v3.0.1.json +++ b/resources/schema-v3.0.1.json @@ -31,50 +31,12 @@ "unevaluatedProperties": false, "$defs": { - "http_spdxinvalidAbstractClass": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "http://spdx.invalid./AbstractClass" } - ] - } - } - }, - { "$ref": "#/$defs/http_spdxinvalidAbstractClass_props" } - ] - }, - "http_spdxinvalidAbstractClass_derived": { - "anyOf": [ - { - "type": "object", - "unevaluatedProperties": false, - "anyOf": [ - { "$ref": "#/$defs/http_spdxinvalidAbstractClass" } - ] - }, - { "$ref": "#/$defs/BlankNodeOrIRI" } - ] - }, - "http_spdxinvalidAbstractClass_props": { - "allOf": [ - { "$ref": "#/$defs/SHACLClass" }, - { - "type": "object", - "properties": { - } - } - ] - }, "ai_EnergyConsumption": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ai_EnergyConsumption" } @@ -138,20 +100,20 @@ ] }, "prop_ai_EnergyConsumption_ai_finetuningEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_inferenceEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_trainingEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "ai_EnergyConsumptionDescription": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ai_EnergyConsumptionDescription" } @@ -195,29 +157,29 @@ ] }, "prop_ai_EnergyConsumptionDescription_ai_energyQuantity": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_ai_EnergyConsumptionDescription_ai_energyUnit": { - "enum": [ - "kilowattHour", - "megajoule", - "other" - ] + "enum": [ + "kilowattHour", + "megajoule", + "other" + ] }, "ai_EnergyUnitType": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ai_EnergyUnitType" } @@ -237,8 +199,8 @@ { "$ref": "#/$defs/ai_EnergyUnitType" } ] }, - { "const": "spdx:AI/EnergyUnitType/megajoule" }, { "const": "spdx:AI/EnergyUnitType/kilowattHour" }, + { "const": "spdx:AI/EnergyUnitType/megajoule" }, { "const": "spdx:AI/EnergyUnitType/other" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] @@ -258,7 +220,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ai_SafetyRiskAssessmentType" } @@ -278,9 +240,9 @@ { "$ref": "#/$defs/ai_SafetyRiskAssessmentType" } ] }, - { "const": "spdx:AI/SafetyRiskAssessmentType/medium" }, - { "const": "spdx:AI/SafetyRiskAssessmentType/low" }, { "const": "spdx:AI/SafetyRiskAssessmentType/high" }, + { "const": "spdx:AI/SafetyRiskAssessmentType/low" }, + { "const": "spdx:AI/SafetyRiskAssessmentType/medium" }, { "const": "spdx:AI/SafetyRiskAssessmentType/serious" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] @@ -300,7 +262,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "AnnotationType" } @@ -340,7 +302,7 @@ { "type": "object", "properties": { - "@id": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "CreationInfo" } @@ -409,35 +371,35 @@ ] }, "prop_CreationInfo_comment": { - "type": "string" + "type": "string" }, "prop_CreationInfo_created": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_CreationInfo_createdBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_CreationInfo_createdUsing": { - "$ref": "#/$defs/Tool_derived" + "$ref": "#/$defs/Tool_derived" }, "prop_CreationInfo_specVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "DictionaryEntry": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "DictionaryEntry" } @@ -480,10 +442,10 @@ ] }, "prop_DictionaryEntry_key": { - "type": "string" + "type": "string" }, "prop_DictionaryEntry_value": { - "type": "string" + "type": "string" }, "Element_derived": { "anyOf": [ @@ -497,6 +459,7 @@ { "$ref": "#/$defs/Annotation" }, { "$ref": "#/$defs/Bom" }, { "$ref": "#/$defs/Bundle" }, + { "$ref": "#/$defs/IndividualElement" }, { "$ref": "#/$defs/LifecycleScopedRelationship" }, { "$ref": "#/$defs/Organization" }, { "$ref": "#/$defs/Person" }, @@ -533,10 +496,11 @@ { "$ref": "#/$defs/software_Snippet" } ] }, - { "const": "spdx:ExpandedLicensing/NoAssertionLicense" }, - { "const": "spdx:ExpandedLicensing/NoneLicense" }, - { "const": "spdx:Core/NoneElement" }, - { "const": "spdx:Core/NoAssertionElement" }, + { "const": "NoAssertionElement" }, + { "const": "NoneElement" }, + { "const": "SpdxOrganization" }, + { "const": "expandedlicensing_NoAssertionLicense" }, + { "const": "expandedlicensing_NoneLicense" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -609,31 +573,31 @@ ] }, "prop_Element_comment": { - "type": "string" + "type": "string" }, "prop_Element_creationInfo": { - "$ref": "#/$defs/CreationInfo_derived" + "$ref": "#/$defs/CreationInfo_derived" }, "prop_Element_description": { - "type": "string" + "type": "string" }, "prop_Element_extension": { - "$ref": "#/$defs/extension_Extension_derived" + "$ref": "#/$defs/extension_Extension_derived" }, "prop_Element_externalIdentifier": { - "$ref": "#/$defs/ExternalIdentifier_derived" + "$ref": "#/$defs/ExternalIdentifier_derived" }, "prop_Element_externalRef": { - "$ref": "#/$defs/ExternalRef_derived" + "$ref": "#/$defs/ExternalRef_derived" }, "prop_Element_name": { - "type": "string" + "type": "string" }, "prop_Element_summary": { - "type": "string" + "type": "string" }, "prop_Element_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ElementCollection_derived": { "anyOf": [ @@ -644,8 +608,7 @@ { "$ref": "#/$defs/Bom" }, { "$ref": "#/$defs/Bundle" }, { "$ref": "#/$defs/SpdxDocument" }, - { "$ref": "#/$defs/software_Sbom" }, - { "$ref": "#/$defs/ElementCollection" } + { "$ref": "#/$defs/software_Sbom" } ] }, { "$ref": "#/$defs/BlankNodeOrIRI" } @@ -692,31 +655,31 @@ ] }, "prop_ElementCollection_element": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_ElementCollection_profileConformance": { - "enum": [ - "ai", - "build", - "core", - "dataset", - "expandedLicensing", - "extension", - "lite", - "security", - "simpleLicensing", - "software" - ] + "enum": [ + "ai", + "build", + "core", + "dataset", + "expandedLicensing", + "extension", + "lite", + "security", + "simpleLicensing", + "software" + ] }, "prop_ElementCollection_rootElement": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "ExternalIdentifier": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ExternalIdentifier" } @@ -776,38 +739,38 @@ ] }, "prop_ExternalIdentifier_comment": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_externalIdentifierType": { - "enum": [ - "cpe22", - "cpe23", - "cve", - "email", - "gitoid", - "other", - "packageUrl", - "securityOther", - "swhid", - "swid", - "urlScheme" - ] + "enum": [ + "cpe22", + "cpe23", + "cve", + "email", + "gitoid", + "other", + "packageUrl", + "securityOther", + "swhid", + "swid", + "urlScheme" + ] }, "prop_ExternalIdentifier_identifier": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_identifierLocator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalIdentifier_issuingAuthority": { - "type": "string" + "type": "string" }, "ExternalIdentifierType": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ExternalIdentifierType" } @@ -827,17 +790,17 @@ { "$ref": "#/$defs/ExternalIdentifierType" } ] }, - { "const": "spdx:Core/ExternalIdentifierType/swhid" }, - { "const": "spdx:Core/ExternalIdentifierType/cpe23" }, - { "const": "spdx:Core/ExternalIdentifierType/other" }, - { "const": "spdx:Core/ExternalIdentifierType/packageUrl" }, { "const": "spdx:Core/ExternalIdentifierType/cpe22" }, - { "const": "spdx:Core/ExternalIdentifierType/gitoid" }, + { "const": "spdx:Core/ExternalIdentifierType/cpe23" }, { "const": "spdx:Core/ExternalIdentifierType/cve" }, { "const": "spdx:Core/ExternalIdentifierType/email" }, - { "const": "spdx:Core/ExternalIdentifierType/urlScheme" }, + { "const": "spdx:Core/ExternalIdentifierType/gitoid" }, + { "const": "spdx:Core/ExternalIdentifierType/other" }, + { "const": "spdx:Core/ExternalIdentifierType/packageUrl" }, { "const": "spdx:Core/ExternalIdentifierType/securityOther" }, + { "const": "spdx:Core/ExternalIdentifierType/swhid" }, { "const": "spdx:Core/ExternalIdentifierType/swid" }, + { "const": "spdx:Core/ExternalIdentifierType/urlScheme" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -856,7 +819,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ExternalMap" } @@ -912,23 +875,23 @@ ] }, "prop_ExternalMap_definingArtifact": { - "$ref": "#/$defs/Artifact_derived" + "$ref": "#/$defs/Artifact_derived" }, "prop_ExternalMap_externalSpdxId": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_locationHint": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ExternalRef": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ExternalRef" } @@ -981,71 +944,71 @@ ] }, "prop_ExternalRef_comment": { - "type": "string" + "type": "string" }, "prop_ExternalRef_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_ExternalRef_externalRefType": { - "enum": [ - "altDownloadLocation", - "altWebPage", - "binaryArtifact", - "bower", - "buildMeta", - "buildSystem", - "certificationReport", - "chat", - "componentAnalysisReport", - "cwe", - "documentation", - "dynamicAnalysisReport", - "eolNotice", - "exportControlAssessment", - "funding", - "issueTracker", - "license", - "mailingList", - "mavenCentral", - "metrics", - "npm", - "nuget", - "other", - "privacyAssessment", - "productMetadata", - "purchaseOrder", - "qualityAssessmentReport", - "releaseHistory", - "releaseNotes", - "riskAssessment", - "runtimeAnalysisReport", - "secureSoftwareAttestation", - "securityAdversaryModel", - "securityAdvisory", - "securityFix", - "securityOther", - "securityPenTestReport", - "securityPolicy", - "securityThreatModel", - "socialMedia", - "sourceArtifact", - "staticAnalysisReport", - "support", - "vcs", - "vulnerabilityDisclosureReport", - "vulnerabilityExploitabilityAssessment" - ] + "enum": [ + "altDownloadLocation", + "altWebPage", + "binaryArtifact", + "bower", + "buildMeta", + "buildSystem", + "certificationReport", + "chat", + "componentAnalysisReport", + "cwe", + "documentation", + "dynamicAnalysisReport", + "eolNotice", + "exportControlAssessment", + "funding", + "issueTracker", + "license", + "mailingList", + "mavenCentral", + "metrics", + "npm", + "nuget", + "other", + "privacyAssessment", + "productMetadata", + "purchaseOrder", + "qualityAssessmentReport", + "releaseHistory", + "releaseNotes", + "riskAssessment", + "runtimeAnalysisReport", + "secureSoftwareAttestation", + "securityAdversaryModel", + "securityAdvisory", + "securityFix", + "securityOther", + "securityPenTestReport", + "securityPolicy", + "securityThreatModel", + "socialMedia", + "sourceArtifact", + "staticAnalysisReport", + "support", + "vcs", + "vulnerabilityDisclosureReport", + "vulnerabilityExploitabilityAssessment" + ] }, "prop_ExternalRef_locator": { - "type": "string" + "type": "string" }, "ExternalRefType": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ExternalRefType" } @@ -1065,52 +1028,52 @@ { "$ref": "#/$defs/ExternalRefType" } ] }, - { "const": "spdx:Core/ExternalRefType/mailingList" }, - { "const": "spdx:Core/ExternalRefType/support" }, - { "const": "spdx:Core/ExternalRefType/securityOther" }, - { "const": "spdx:Core/ExternalRefType/securityFix" }, - { "const": "spdx:Core/ExternalRefType/staticAnalysisReport" }, - { "const": "spdx:Core/ExternalRefType/eolNotice" }, - { "const": "spdx:Core/ExternalRefType/qualityAssessmentReport" }, - { "const": "spdx:Core/ExternalRefType/issueTracker" }, - { "const": "spdx:Core/ExternalRefType/purchaseOrder" }, - { "const": "spdx:Core/ExternalRefType/license" }, - { "const": "spdx:Core/ExternalRefType/securityAdvisory" }, - { "const": "spdx:Core/ExternalRefType/vulnerabilityExploitabilityAssessment" }, + { "const": "spdx:Core/ExternalRefType/altDownloadLocation" }, + { "const": "spdx:Core/ExternalRefType/altWebPage" }, + { "const": "spdx:Core/ExternalRefType/binaryArtifact" }, + { "const": "spdx:Core/ExternalRefType/bower" }, + { "const": "spdx:Core/ExternalRefType/buildMeta" }, + { "const": "spdx:Core/ExternalRefType/buildSystem" }, { "const": "spdx:Core/ExternalRefType/certificationReport" }, - { "const": "spdx:Core/ExternalRefType/vulnerabilityDisclosureReport" }, - { "const": "spdx:Core/ExternalRefType/runtimeAnalysisReport" }, { "const": "spdx:Core/ExternalRefType/chat" }, - { "const": "spdx:Core/ExternalRefType/vcs" }, - { "const": "spdx:Core/ExternalRefType/other" }, + { "const": "spdx:Core/ExternalRefType/componentAnalysisReport" }, { "const": "spdx:Core/ExternalRefType/cwe" }, - { "const": "spdx:Core/ExternalRefType/releaseHistory" }, - { "const": "spdx:Core/ExternalRefType/metrics" }, - { "const": "spdx:Core/ExternalRefType/bower" }, - { "const": "spdx:Core/ExternalRefType/securityThreatModel" }, - { "const": "spdx:Core/ExternalRefType/exportControlAssessment" }, - { "const": "spdx:Core/ExternalRefType/npm" }, - { "const": "spdx:Core/ExternalRefType/buildSystem" }, - { "const": "spdx:Core/ExternalRefType/altWebPage" }, - { "const": "spdx:Core/ExternalRefType/binaryArtifact" }, - { "const": "spdx:Core/ExternalRefType/releaseNotes" }, + { "const": "spdx:Core/ExternalRefType/documentation" }, { "const": "spdx:Core/ExternalRefType/dynamicAnalysisReport" }, - { "const": "spdx:Core/ExternalRefType/socialMedia" }, + { "const": "spdx:Core/ExternalRefType/eolNotice" }, + { "const": "spdx:Core/ExternalRefType/exportControlAssessment" }, { "const": "spdx:Core/ExternalRefType/funding" }, - { "const": "spdx:Core/ExternalRefType/privacyAssessment" }, - { "const": "spdx:Core/ExternalRefType/riskAssessment" }, - { "const": "spdx:Core/ExternalRefType/altDownloadLocation" }, - { "const": "spdx:Core/ExternalRefType/productMetadata" }, + { "const": "spdx:Core/ExternalRefType/issueTracker" }, + { "const": "spdx:Core/ExternalRefType/license" }, + { "const": "spdx:Core/ExternalRefType/mailingList" }, { "const": "spdx:Core/ExternalRefType/mavenCentral" }, - { "const": "spdx:Core/ExternalRefType/buildMeta" }, - { "const": "spdx:Core/ExternalRefType/securityPenTestReport" }, + { "const": "spdx:Core/ExternalRefType/metrics" }, + { "const": "spdx:Core/ExternalRefType/npm" }, { "const": "spdx:Core/ExternalRefType/nuget" }, - { "const": "spdx:Core/ExternalRefType/componentAnalysisReport" }, - { "const": "spdx:Core/ExternalRefType/sourceArtifact" }, - { "const": "spdx:Core/ExternalRefType/documentation" }, + { "const": "spdx:Core/ExternalRefType/other" }, + { "const": "spdx:Core/ExternalRefType/privacyAssessment" }, + { "const": "spdx:Core/ExternalRefType/productMetadata" }, + { "const": "spdx:Core/ExternalRefType/purchaseOrder" }, + { "const": "spdx:Core/ExternalRefType/qualityAssessmentReport" }, + { "const": "spdx:Core/ExternalRefType/releaseHistory" }, + { "const": "spdx:Core/ExternalRefType/releaseNotes" }, + { "const": "spdx:Core/ExternalRefType/riskAssessment" }, + { "const": "spdx:Core/ExternalRefType/runtimeAnalysisReport" }, { "const": "spdx:Core/ExternalRefType/secureSoftwareAttestation" }, - { "const": "spdx:Core/ExternalRefType/securityPolicy" }, { "const": "spdx:Core/ExternalRefType/securityAdversaryModel" }, + { "const": "spdx:Core/ExternalRefType/securityAdvisory" }, + { "const": "spdx:Core/ExternalRefType/securityFix" }, + { "const": "spdx:Core/ExternalRefType/securityOther" }, + { "const": "spdx:Core/ExternalRefType/securityPenTestReport" }, + { "const": "spdx:Core/ExternalRefType/securityPolicy" }, + { "const": "spdx:Core/ExternalRefType/securityThreatModel" }, + { "const": "spdx:Core/ExternalRefType/socialMedia" }, + { "const": "spdx:Core/ExternalRefType/sourceArtifact" }, + { "const": "spdx:Core/ExternalRefType/staticAnalysisReport" }, + { "const": "spdx:Core/ExternalRefType/support" }, + { "const": "spdx:Core/ExternalRefType/vcs" }, + { "const": "spdx:Core/ExternalRefType/vulnerabilityDisclosureReport" }, + { "const": "spdx:Core/ExternalRefType/vulnerabilityExploitabilityAssessment" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -1129,7 +1092,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "HashAlgorithm" } @@ -1149,28 +1112,28 @@ { "$ref": "#/$defs/HashAlgorithm" } ] }, - { "const": "spdx:Core/HashAlgorithm/sha512" }, - { "const": "spdx:Core/HashAlgorithm/md4" }, - { "const": "spdx:Core/HashAlgorithm/sha224" }, - { "const": "spdx:Core/HashAlgorithm/sha3_224" }, - { "const": "spdx:Core/HashAlgorithm/blake2b384" }, - { "const": "spdx:Core/HashAlgorithm/sha1" }, + { "const": "spdx:Core/HashAlgorithm/adler32" }, { "const": "spdx:Core/HashAlgorithm/blake2b256" }, - { "const": "spdx:Core/HashAlgorithm/md2" }, - { "const": "spdx:Core/HashAlgorithm/sha256" }, - { "const": "spdx:Core/HashAlgorithm/sha3_512" }, - { "const": "spdx:Core/HashAlgorithm/md6" }, - { "const": "spdx:Core/HashAlgorithm/crystalsKyber" }, + { "const": "spdx:Core/HashAlgorithm/blake2b384" }, + { "const": "spdx:Core/HashAlgorithm/blake2b512" }, + { "const": "spdx:Core/HashAlgorithm/blake3" }, { "const": "spdx:Core/HashAlgorithm/crystalsDilithium" }, - { "const": "spdx:Core/HashAlgorithm/sha3_256" }, + { "const": "spdx:Core/HashAlgorithm/crystalsKyber" }, { "const": "spdx:Core/HashAlgorithm/falcon" }, - { "const": "spdx:Core/HashAlgorithm/adler32" }, - { "const": "spdx:Core/HashAlgorithm/blake3" }, + { "const": "spdx:Core/HashAlgorithm/md2" }, + { "const": "spdx:Core/HashAlgorithm/md4" }, + { "const": "spdx:Core/HashAlgorithm/md5" }, + { "const": "spdx:Core/HashAlgorithm/md6" }, + { "const": "spdx:Core/HashAlgorithm/other" }, + { "const": "spdx:Core/HashAlgorithm/sha1" }, + { "const": "spdx:Core/HashAlgorithm/sha224" }, + { "const": "spdx:Core/HashAlgorithm/sha256" }, { "const": "spdx:Core/HashAlgorithm/sha384" }, + { "const": "spdx:Core/HashAlgorithm/sha3_224" }, + { "const": "spdx:Core/HashAlgorithm/sha3_256" }, { "const": "spdx:Core/HashAlgorithm/sha3_384" }, - { "const": "spdx:Core/HashAlgorithm/other" }, - { "const": "spdx:Core/HashAlgorithm/md5" }, - { "const": "spdx:Core/HashAlgorithm/blake2b512" }, + { "const": "spdx:Core/HashAlgorithm/sha3_512" }, + { "const": "spdx:Core/HashAlgorithm/sha512" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -1184,6 +1147,47 @@ } ] }, + "IndividualElement": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { + "oneOf": [ + { "const": "IndividualElement" } + ] + } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/IndividualElement_props" } + ] + }, + "IndividualElement_derived": { + "anyOf": [ + { + "type": "object", + "unevaluatedProperties": false, + "anyOf": [ + { "$ref": "#/$defs/IndividualElement" } + ] + }, + { "const": "NoAssertionElement" }, + { "const": "NoneElement" }, + { "$ref": "#/$defs/BlankNodeOrIRI" } + ] + }, + "IndividualElement_props": { + "allOf": [ + { "$ref": "#/$defs/Element_props" }, + { + "type": "object", + "properties": { + } + } + ] + }, "IntegrityMethod_derived": { "anyOf": [ { @@ -1212,14 +1216,14 @@ ] }, "prop_IntegrityMethod_comment": { - "type": "string" + "type": "string" }, "LifecycleScopeType": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "LifecycleScopeType" } @@ -1240,11 +1244,11 @@ ] }, { "const": "spdx:Core/LifecycleScopeType/build" }, - { "const": "spdx:Core/LifecycleScopeType/other" }, - { "const": "spdx:Core/LifecycleScopeType/test" }, { "const": "spdx:Core/LifecycleScopeType/design" }, { "const": "spdx:Core/LifecycleScopeType/development" }, + { "const": "spdx:Core/LifecycleScopeType/other" }, { "const": "spdx:Core/LifecycleScopeType/runtime" }, + { "const": "spdx:Core/LifecycleScopeType/test" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -1263,7 +1267,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "NamespaceMap" } @@ -1307,17 +1311,17 @@ ] }, "prop_NamespaceMap_namespace": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_NamespaceMap_prefix": { - "type": "string" + "type": "string" }, "PackageVerificationCode": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "PackageVerificationCode" } @@ -1371,43 +1375,43 @@ ] }, "prop_PackageVerificationCode_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_PackageVerificationCode_hashValue": { - "type": "string" + "type": "string" }, "prop_PackageVerificationCode_packageVerificationCodeExcludedFile": { - "type": "string" + "type": "string" }, "PositiveIntegerRange": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "PositiveIntegerRange" } @@ -1451,19 +1455,19 @@ ] }, "prop_PositiveIntegerRange_beginIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "prop_PositiveIntegerRange_endIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "PresenceType": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "PresenceType" } @@ -1483,9 +1487,9 @@ { "$ref": "#/$defs/PresenceType" } ] }, - { "const": "spdx:Core/PresenceType/yes" }, { "const": "spdx:Core/PresenceType/no" }, { "const": "spdx:Core/PresenceType/noAssertion" }, + { "const": "spdx:Core/PresenceType/yes" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -1504,7 +1508,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "ProfileIdentifierType" } @@ -1524,17 +1528,17 @@ { "$ref": "#/$defs/ProfileIdentifierType" } ] }, + { "const": "spdx:Core/ProfileIdentifierType/ai" }, + { "const": "spdx:Core/ProfileIdentifierType/build" }, { "const": "spdx:Core/ProfileIdentifierType/core" }, { "const": "spdx:Core/ProfileIdentifierType/dataset" }, - { "const": "spdx:Core/ProfileIdentifierType/lite" }, { "const": "spdx:Core/ProfileIdentifierType/expandedLicensing" }, - { "const": "spdx:Core/ProfileIdentifierType/software" }, - { "const": "spdx:Core/ProfileIdentifierType/simpleLicensing" }, - { "const": "spdx:Core/ProfileIdentifierType/build" }, - { "const": "spdx:Core/ProfileIdentifierType/ai" }, { "const": "spdx:Core/ProfileIdentifierType/extension" }, + { "const": "spdx:Core/ProfileIdentifierType/lite" }, { "const": "spdx:Core/ProfileIdentifierType/security" }, - { "$ref": "#/$defs/BlankNodeOrIRI" } + { "const": "spdx:Core/ProfileIdentifierType/simpleLicensing" }, + { "const": "spdx:Core/ProfileIdentifierType/software" }, + { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, "ProfileIdentifierType_props": { @@ -1581,8 +1585,6 @@ { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship" }, { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship" }, { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship" }, - { "$ref": "#/$defs/security_VexVulnAssessmentRelationship" }, - { "$ref": "#/$defs/security_VulnAssessmentRelationship" }, { "$ref": "#/$defs/Relationship" } ] }, @@ -1631,109 +1633,109 @@ ] }, "prop_Relationship_completeness": { - "enum": [ - "complete", - "incomplete", - "noAssertion" - ] + "enum": [ + "complete", + "incomplete", + "noAssertion" + ] }, "prop_Relationship_endTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_from_": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_Relationship_relationshipType": { - "enum": [ - "affects", - "amendedBy", - "ancestorOf", - "availableFrom", - "configures", - "contains", - "coordinatedBy", - "copiedTo", - "delegatedTo", - "dependsOn", - "descendantOf", - "describes", - "doesNotAffect", - "expandsTo", - "exploitCreatedBy", - "fixedBy", - "fixedIn", - "foundBy", - "generates", - "hasAddedFile", - "hasAssessmentFor", - "hasAssociatedVulnerability", - "hasConcludedLicense", - "hasDataFile", - "hasDeclaredLicense", - "hasDeletedFile", - "hasDependencyManifest", - "hasDistributionArtifact", - "hasDocumentation", - "hasDynamicLink", - "hasEvidence", - "hasExample", - "hasHost", - "hasInput", - "hasMetadata", - "hasOptionalComponent", - "hasOptionalDependency", - "hasOutput", - "hasPrerequisite", - "hasProvidedDependency", - "hasRequirement", - "hasSpecification", - "hasStaticLink", - "hasTest", - "hasTestCase", - "hasVariant", - "invokedBy", - "modifiedBy", - "other", - "packagedBy", - "patchedBy", - "publishedBy", - "reportedBy", - "republishedBy", - "serializedInArtifact", - "testedOn", - "trainedOn", - "underInvestigationFor", - "usesTool" - ] + "enum": [ + "affects", + "amendedBy", + "ancestorOf", + "availableFrom", + "configures", + "contains", + "coordinatedBy", + "copiedTo", + "delegatedTo", + "dependsOn", + "descendantOf", + "describes", + "doesNotAffect", + "expandsTo", + "exploitCreatedBy", + "fixedBy", + "fixedIn", + "foundBy", + "generates", + "hasAddedFile", + "hasAssessmentFor", + "hasAssociatedVulnerability", + "hasConcludedLicense", + "hasDataFile", + "hasDeclaredLicense", + "hasDeletedFile", + "hasDependencyManifest", + "hasDistributionArtifact", + "hasDocumentation", + "hasDynamicLink", + "hasEvidence", + "hasExample", + "hasHost", + "hasInput", + "hasMetadata", + "hasOptionalComponent", + "hasOptionalDependency", + "hasOutput", + "hasPrerequisite", + "hasProvidedDependency", + "hasRequirement", + "hasSpecification", + "hasStaticLink", + "hasTest", + "hasTestCase", + "hasVariant", + "invokedBy", + "modifiedBy", + "other", + "packagedBy", + "patchedBy", + "publishedBy", + "reportedBy", + "republishedBy", + "serializedInArtifact", + "testedOn", + "trainedOn", + "underInvestigationFor", + "usesTool" + ] }, "prop_Relationship_startTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_to": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "RelationshipCompleteness": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "RelationshipCompleteness" } @@ -1753,8 +1755,8 @@ { "$ref": "#/$defs/RelationshipCompleteness" } ] }, - { "const": "spdx:Core/RelationshipCompleteness/incomplete" }, { "const": "spdx:Core/RelationshipCompleteness/complete" }, + { "const": "spdx:Core/RelationshipCompleteness/incomplete" }, { "const": "spdx:Core/RelationshipCompleteness/noAssertion" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] @@ -1774,7 +1776,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "RelationshipType" } @@ -1794,65 +1796,65 @@ { "$ref": "#/$defs/RelationshipType" } ] }, - { "const": "spdx:Core/RelationshipType/hasAssessmentFor" }, - { "const": "spdx:Core/RelationshipType/publishedBy" }, - { "const": "spdx:Core/RelationshipType/hasHost" }, - { "const": "spdx:Core/RelationshipType/trainedOn" }, - { "const": "spdx:Core/RelationshipType/hasOutput" }, - { "const": "spdx:Core/RelationshipType/hasDynamicLink" }, - { "const": "spdx:Core/RelationshipType/exploitCreatedBy" }, - { "const": "spdx:Core/RelationshipType/hasDocumentation" }, - { "const": "spdx:Core/RelationshipType/hasStaticLink" }, - { "const": "spdx:Core/RelationshipType/hasAddedFile" }, + { "const": "spdx:Core/RelationshipType/affects" }, + { "const": "spdx:Core/RelationshipType/amendedBy" }, + { "const": "spdx:Core/RelationshipType/ancestorOf" }, + { "const": "spdx:Core/RelationshipType/availableFrom" }, { "const": "spdx:Core/RelationshipType/configures" }, + { "const": "spdx:Core/RelationshipType/contains" }, { "const": "spdx:Core/RelationshipType/coordinatedBy" }, + { "const": "spdx:Core/RelationshipType/copiedTo" }, + { "const": "spdx:Core/RelationshipType/delegatedTo" }, + { "const": "spdx:Core/RelationshipType/dependsOn" }, + { "const": "spdx:Core/RelationshipType/descendantOf" }, + { "const": "spdx:Core/RelationshipType/describes" }, + { "const": "spdx:Core/RelationshipType/doesNotAffect" }, + { "const": "spdx:Core/RelationshipType/expandsTo" }, + { "const": "spdx:Core/RelationshipType/exploitCreatedBy" }, + { "const": "spdx:Core/RelationshipType/fixedBy" }, + { "const": "spdx:Core/RelationshipType/fixedIn" }, + { "const": "spdx:Core/RelationshipType/foundBy" }, + { "const": "spdx:Core/RelationshipType/generates" }, + { "const": "spdx:Core/RelationshipType/hasAddedFile" }, + { "const": "spdx:Core/RelationshipType/hasAssessmentFor" }, + { "const": "spdx:Core/RelationshipType/hasAssociatedVulnerability" }, { "const": "spdx:Core/RelationshipType/hasConcludedLicense" }, - { "const": "spdx:Core/RelationshipType/hasDependencyManifest" }, - { "const": "spdx:Core/RelationshipType/serializedInArtifact" }, - { "const": "spdx:Core/RelationshipType/hasTestCase" }, { "const": "spdx:Core/RelationshipType/hasDataFile" }, - { "const": "spdx:Core/RelationshipType/usesTool" }, - { "const": "spdx:Core/RelationshipType/dependsOn" }, - { "const": "spdx:Core/RelationshipType/affects" }, + { "const": "spdx:Core/RelationshipType/hasDeclaredLicense" }, + { "const": "spdx:Core/RelationshipType/hasDeletedFile" }, + { "const": "spdx:Core/RelationshipType/hasDependencyManifest" }, + { "const": "spdx:Core/RelationshipType/hasDistributionArtifact" }, + { "const": "spdx:Core/RelationshipType/hasDocumentation" }, + { "const": "spdx:Core/RelationshipType/hasDynamicLink" }, + { "const": "spdx:Core/RelationshipType/hasEvidence" }, { "const": "spdx:Core/RelationshipType/hasExample" }, + { "const": "spdx:Core/RelationshipType/hasHost" }, { "const": "spdx:Core/RelationshipType/hasInput" }, - { "const": "spdx:Core/RelationshipType/hasVariant" }, - { "const": "spdx:Core/RelationshipType/contains" }, - { "const": "spdx:Core/RelationshipType/hasRequirement" }, - { "const": "spdx:Core/RelationshipType/other" }, - { "const": "spdx:Core/RelationshipType/testedOn" }, { "const": "spdx:Core/RelationshipType/hasMetadata" }, - { "const": "spdx:Core/RelationshipType/delegatedTo" }, - { "const": "spdx:Core/RelationshipType/hasDistributionArtifact" }, - { "const": "spdx:Core/RelationshipType/reportedBy" }, { "const": "spdx:Core/RelationshipType/hasOptionalComponent" }, - { "const": "spdx:Core/RelationshipType/generates" }, - { "const": "spdx:Core/RelationshipType/amendedBy" }, - { "const": "spdx:Core/RelationshipType/patchedBy" }, - { "const": "spdx:Core/RelationshipType/hasProvidedDependency" }, - { "const": "spdx:Core/RelationshipType/describes" }, - { "const": "spdx:Core/RelationshipType/ancestorOf" }, - { "const": "spdx:Core/RelationshipType/copiedTo" }, + { "const": "spdx:Core/RelationshipType/hasOptionalDependency" }, + { "const": "spdx:Core/RelationshipType/hasOutput" }, { "const": "spdx:Core/RelationshipType/hasPrerequisite" }, - { "const": "spdx:Core/RelationshipType/descendantOf" }, - { "const": "spdx:Core/RelationshipType/packagedBy" }, - { "const": "spdx:Core/RelationshipType/republishedBy" }, + { "const": "spdx:Core/RelationshipType/hasProvidedDependency" }, + { "const": "spdx:Core/RelationshipType/hasRequirement" }, { "const": "spdx:Core/RelationshipType/hasSpecification" }, - { "const": "spdx:Core/RelationshipType/hasAssociatedVulnerability" }, - { "const": "spdx:Core/RelationshipType/availableFrom" }, - { "const": "spdx:Core/RelationshipType/fixedIn" }, + { "const": "spdx:Core/RelationshipType/hasStaticLink" }, { "const": "spdx:Core/RelationshipType/hasTest" }, + { "const": "spdx:Core/RelationshipType/hasTestCase" }, + { "const": "spdx:Core/RelationshipType/hasVariant" }, + { "const": "spdx:Core/RelationshipType/invokedBy" }, { "const": "spdx:Core/RelationshipType/modifiedBy" }, - { "const": "spdx:Core/RelationshipType/hasOptionalDependency" }, - { "const": "spdx:Core/RelationshipType/hasDeletedFile" }, - { "const": "spdx:Core/RelationshipType/hasEvidence" }, + { "const": "spdx:Core/RelationshipType/other" }, + { "const": "spdx:Core/RelationshipType/packagedBy" }, + { "const": "spdx:Core/RelationshipType/patchedBy" }, + { "const": "spdx:Core/RelationshipType/publishedBy" }, + { "const": "spdx:Core/RelationshipType/reportedBy" }, + { "const": "spdx:Core/RelationshipType/republishedBy" }, + { "const": "spdx:Core/RelationshipType/serializedInArtifact" }, + { "const": "spdx:Core/RelationshipType/testedOn" }, + { "const": "spdx:Core/RelationshipType/trainedOn" }, { "const": "spdx:Core/RelationshipType/underInvestigationFor" }, - { "const": "spdx:Core/RelationshipType/hasDeclaredLicense" }, - { "const": "spdx:Core/RelationshipType/doesNotAffect" }, - { "const": "spdx:Core/RelationshipType/foundBy" }, - { "const": "spdx:Core/RelationshipType/invokedBy" }, - { "const": "spdx:Core/RelationshipType/expandsTo" }, - { "const": "spdx:Core/RelationshipType/fixedBy" }, + { "const": "spdx:Core/RelationshipType/usesTool" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -1929,20 +1931,20 @@ ] }, "prop_SpdxDocument_dataLicense": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "prop_SpdxDocument_import_": { - "$ref": "#/$defs/ExternalMap_derived" + "$ref": "#/$defs/ExternalMap_derived" }, "prop_SpdxDocument_namespaceMap": { - "$ref": "#/$defs/NamespaceMap_derived" + "$ref": "#/$defs/NamespaceMap_derived" }, "SupportType": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "SupportType" } @@ -1962,13 +1964,13 @@ { "$ref": "#/$defs/SupportType" } ] }, - { "const": "spdx:Core/SupportType/noAssertion" }, - { "const": "spdx:Core/SupportType/limitedSupport" }, { "const": "spdx:Core/SupportType/deployed" }, - { "const": "spdx:Core/SupportType/support" }, { "const": "spdx:Core/SupportType/development" }, - { "const": "spdx:Core/SupportType/noSupport" }, { "const": "spdx:Core/SupportType/endOfSupport" }, + { "const": "spdx:Core/SupportType/limitedSupport" }, + { "const": "spdx:Core/SupportType/noAssertion" }, + { "const": "spdx:Core/SupportType/noSupport" }, + { "const": "spdx:Core/SupportType/support" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2026,7 +2028,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "dataset_ConfidentialityLevelType" } @@ -2046,10 +2048,10 @@ { "$ref": "#/$defs/dataset_ConfidentialityLevelType" } ] }, - { "const": "spdx:Dataset/ConfidentialityLevelType/green" }, - { "const": "spdx:Dataset/ConfidentialityLevelType/red" }, { "const": "spdx:Dataset/ConfidentialityLevelType/amber" }, { "const": "spdx:Dataset/ConfidentialityLevelType/clear" }, + { "const": "spdx:Dataset/ConfidentialityLevelType/green" }, + { "const": "spdx:Dataset/ConfidentialityLevelType/red" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2068,7 +2070,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "dataset_DatasetAvailabilityType" } @@ -2089,10 +2091,10 @@ ] }, { "const": "spdx:Dataset/DatasetAvailabilityType/clickthrough" }, + { "const": "spdx:Dataset/DatasetAvailabilityType/directDownload" }, { "const": "spdx:Dataset/DatasetAvailabilityType/query" }, - { "const": "spdx:Dataset/DatasetAvailabilityType/scrapingScript" }, { "const": "spdx:Dataset/DatasetAvailabilityType/registration" }, - { "const": "spdx:Dataset/DatasetAvailabilityType/directDownload" }, + { "const": "spdx:Dataset/DatasetAvailabilityType/scrapingScript" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2111,7 +2113,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "dataset_DatasetType" } @@ -2132,19 +2134,19 @@ ] }, { "const": "spdx:Dataset/DatasetType/audio" }, - { "const": "spdx:Dataset/DatasetType/graph" }, - { "const": "spdx:Dataset/DatasetType/video" }, - { "const": "spdx:Dataset/DatasetType/syntactic" }, { "const": "spdx:Dataset/DatasetType/categorical" }, - { "const": "spdx:Dataset/DatasetType/timestamp" }, - { "const": "spdx:Dataset/DatasetType/timeseries" }, + { "const": "spdx:Dataset/DatasetType/graph" }, { "const": "spdx:Dataset/DatasetType/image" }, - { "const": "spdx:Dataset/DatasetType/structured" }, { "const": "spdx:Dataset/DatasetType/noAssertion" }, - { "const": "spdx:Dataset/DatasetType/sensor" }, { "const": "spdx:Dataset/DatasetType/numeric" }, { "const": "spdx:Dataset/DatasetType/other" }, + { "const": "spdx:Dataset/DatasetType/sensor" }, + { "const": "spdx:Dataset/DatasetType/structured" }, + { "const": "spdx:Dataset/DatasetType/syntactic" }, { "const": "spdx:Dataset/DatasetType/text" }, + { "const": "spdx:Dataset/DatasetType/timeseries" }, + { "const": "spdx:Dataset/DatasetType/timestamp" }, + { "const": "spdx:Dataset/DatasetType/video" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2210,22 +2212,22 @@ ] }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_additionText": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_isDeprecatedAdditionId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_standardAdditionTemplate": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicenseException": { "allOf": [ @@ -2273,17 +2275,17 @@ ] }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "extension_CdxPropertyEntry": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "extension_CdxPropertyEntry" } @@ -2326,18 +2328,36 @@ ] }, "prop_extension_CdxPropertyEntry_extension_cdxPropName": { - "type": "string" + "type": "string" }, "prop_extension_CdxPropertyEntry_extension_cdxPropValue": { - "type": "string" + "type": "string" + }, + "extension_Extension": { + "allOf": [ + { + "type": "object", + "unevaluatedProperties": true, + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { + "allOf": [ + { "$ref": "#/$defs/IRI" }, + { "not": { "const": "extension_Extension" } } + ] + } + } + }, + { "$ref": "#/$defs/extension_Extension_props" } + ] }, "extension_Extension_derived": { "anyOf": [ { "type": "object", - "unevaluatedProperties": false, "anyOf": [ - { "$ref": "#/$defs/extension_CdxPropertiesExtension" } + { "$ref": "#/$defs/extension_CdxPropertiesExtension" }, + { "$ref": "#/$defs/extension_Extension_props" } ] }, { "$ref": "#/$defs/BlankNodeOrIRI" } @@ -2358,7 +2378,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "security_CvssSeverityType" } @@ -2378,11 +2398,11 @@ { "$ref": "#/$defs/security_CvssSeverityType" } ] }, - { "const": "spdx:Security/CvssSeverityType/low" }, - { "const": "spdx:Security/CvssSeverityType/none" }, { "const": "spdx:Security/CvssSeverityType/critical" }, - { "const": "spdx:Security/CvssSeverityType/medium" }, { "const": "spdx:Security/CvssSeverityType/high" }, + { "const": "spdx:Security/CvssSeverityType/low" }, + { "const": "spdx:Security/CvssSeverityType/medium" }, + { "const": "spdx:Security/CvssSeverityType/none" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2401,7 +2421,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "security_ExploitCatalogType" } @@ -2441,7 +2461,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "security_SsvcDecisionType" } @@ -2461,8 +2481,8 @@ { "$ref": "#/$defs/security_SsvcDecisionType" } ] }, - { "const": "spdx:Security/SsvcDecisionType/attend" }, { "const": "spdx:Security/SsvcDecisionType/act" }, + { "const": "spdx:Security/SsvcDecisionType/attend" }, { "const": "spdx:Security/SsvcDecisionType/track" }, { "const": "spdx:Security/SsvcDecisionType/trackStar" }, { "$ref": "#/$defs/BlankNodeOrIRI" } @@ -2483,7 +2503,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "security_VexJustificationType" } @@ -2503,11 +2523,11 @@ { "$ref": "#/$defs/security_VexJustificationType" } ] }, - { "const": "spdx:Security/VexJustificationType/vulnerableCodeNotInExecutePath" }, { "const": "spdx:Security/VexJustificationType/componentNotPresent" }, - { "const": "spdx:Security/VexJustificationType/vulnerableCodeNotPresent" }, { "const": "spdx:Security/VexJustificationType/inlineMitigationsAlreadyExist" }, { "const": "spdx:Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary" }, + { "const": "spdx:Security/VexJustificationType/vulnerableCodeNotInExecutePath" }, + { "const": "spdx:Security/VexJustificationType/vulnerableCodeNotPresent" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2536,9 +2556,7 @@ { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship" }, { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship" }, { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship" }, - { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship" }, - { "$ref": "#/$defs/security_VexVulnAssessmentRelationship" }, - { "$ref": "#/$defs/security_VulnAssessmentRelationship" } + { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship" } ] }, { "$ref": "#/$defs/BlankNodeOrIRI" } @@ -2570,43 +2588,43 @@ ] }, "prop_security_VulnAssessmentRelationship_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_security_VulnAssessmentRelationship_security_assessedElement": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/software_SoftwareArtifact_derived" }, "prop_security_VulnAssessmentRelationship_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "simplelicensing_AnyLicenseInfo_derived": { "anyOf": [ @@ -2624,8 +2642,8 @@ { "$ref": "#/$defs/simplelicensing_LicenseExpression" } ] }, - { "const": "spdx:ExpandedLicensing/NoAssertionLicense" }, - { "const": "spdx:ExpandedLicensing/NoneLicense" }, + { "const": "expandedlicensing_NoAssertionLicense" }, + { "const": "expandedlicensing_NoneLicense" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2698,14 +2716,14 @@ ] }, "prop_simplelicensing_LicenseExpression_simplelicensing_customIdToUri": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseExpression": { - "type": "string" + "type": "string" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseListVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "simplelicensing_SimpleLicensingText": { "allOf": [ @@ -2753,14 +2771,14 @@ ] }, "prop_simplelicensing_SimpleLicensingText_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "software_ContentIdentifier": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "software_ContentIdentifier" } @@ -2804,20 +2822,20 @@ ] }, "prop_software_ContentIdentifier_software_contentIdentifierType": { - "enum": [ - "gitoid", - "swhid" - ] + "enum": [ + "gitoid", + "swhid" + ] }, "prop_software_ContentIdentifier_software_contentIdentifierValue": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "software_ContentIdentifierType": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "software_ContentIdentifierType" } @@ -2837,8 +2855,8 @@ { "$ref": "#/$defs/software_ContentIdentifierType" } ] }, - { "const": "spdx:Software/ContentIdentifierType/swhid" }, { "const": "spdx:Software/ContentIdentifierType/gitoid" }, + { "const": "spdx:Software/ContentIdentifierType/swhid" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2857,7 +2875,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "software_FileKindType" } @@ -2877,8 +2895,8 @@ { "$ref": "#/$defs/software_FileKindType" } ] }, - { "const": "spdx:Software/FileKindType/file" }, { "const": "spdx:Software/FileKindType/directory" }, + { "const": "spdx:Software/FileKindType/file" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2897,7 +2915,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "software_SbomType" } @@ -2917,12 +2935,12 @@ { "$ref": "#/$defs/software_SbomType" } ] }, - { "const": "spdx:Software/SbomType/design" }, - { "const": "spdx:Software/SbomType/deployed" }, { "const": "spdx:Software/SbomType/analyzed" }, + { "const": "spdx:Software/SbomType/build" }, + { "const": "spdx:Software/SbomType/deployed" }, + { "const": "spdx:Software/SbomType/design" }, { "const": "spdx:Software/SbomType/runtime" }, { "const": "spdx:Software/SbomType/source" }, - { "const": "spdx:Software/SbomType/build" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -2941,7 +2959,7 @@ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "software_SoftwarePurpose" } @@ -2961,35 +2979,35 @@ { "$ref": "#/$defs/software_SoftwarePurpose" } ] }, - { "const": "spdx:Software/SoftwarePurpose/file" }, - { "const": "spdx:Software/SoftwarePurpose/other" }, - { "const": "spdx:Software/SoftwarePurpose/specification" }, + { "const": "spdx:Software/SoftwarePurpose/application" }, + { "const": "spdx:Software/SoftwarePurpose/archive" }, { "const": "spdx:Software/SoftwarePurpose/bom" }, + { "const": "spdx:Software/SoftwarePurpose/configuration" }, { "const": "spdx:Software/SoftwarePurpose/container" }, - { "const": "spdx:Software/SoftwarePurpose/platform" }, + { "const": "spdx:Software/SoftwarePurpose/data" }, { "const": "spdx:Software/SoftwarePurpose/device" }, - { "const": "spdx:Software/SoftwarePurpose/firmware" }, - { "const": "spdx:Software/SoftwarePurpose/install" }, - { "const": "spdx:Software/SoftwarePurpose/source" }, + { "const": "spdx:Software/SoftwarePurpose/deviceDriver" }, { "const": "spdx:Software/SoftwarePurpose/diskImage" }, - { "const": "spdx:Software/SoftwarePurpose/configuration" }, - { "const": "spdx:Software/SoftwarePurpose/module" }, - { "const": "spdx:Software/SoftwarePurpose/archive" }, - { "const": "spdx:Software/SoftwarePurpose/application" }, - { "const": "spdx:Software/SoftwarePurpose/operatingSystem" }, + { "const": "spdx:Software/SoftwarePurpose/documentation" }, + { "const": "spdx:Software/SoftwarePurpose/evidence" }, { "const": "spdx:Software/SoftwarePurpose/executable" }, + { "const": "spdx:Software/SoftwarePurpose/file" }, + { "const": "spdx:Software/SoftwarePurpose/filesystemImage" }, + { "const": "spdx:Software/SoftwarePurpose/firmware" }, + { "const": "spdx:Software/SoftwarePurpose/framework" }, + { "const": "spdx:Software/SoftwarePurpose/install" }, { "const": "spdx:Software/SoftwarePurpose/library" }, - { "const": "spdx:Software/SoftwarePurpose/evidence" }, { "const": "spdx:Software/SoftwarePurpose/manifest" }, { "const": "spdx:Software/SoftwarePurpose/model" }, + { "const": "spdx:Software/SoftwarePurpose/module" }, + { "const": "spdx:Software/SoftwarePurpose/operatingSystem" }, + { "const": "spdx:Software/SoftwarePurpose/other" }, + { "const": "spdx:Software/SoftwarePurpose/patch" }, + { "const": "spdx:Software/SoftwarePurpose/platform" }, { "const": "spdx:Software/SoftwarePurpose/requirement" }, - { "const": "spdx:Software/SoftwarePurpose/filesystemImage" }, - { "const": "spdx:Software/SoftwarePurpose/documentation" }, + { "const": "spdx:Software/SoftwarePurpose/source" }, + { "const": "spdx:Software/SoftwarePurpose/specification" }, { "const": "spdx:Software/SoftwarePurpose/test" }, - { "const": "spdx:Software/SoftwarePurpose/framework" }, - { "const": "spdx:Software/SoftwarePurpose/data" }, - { "const": "spdx:Software/SoftwarePurpose/deviceDriver" }, - { "const": "spdx:Software/SoftwarePurpose/patch" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -3108,47 +3126,47 @@ ] }, "prop_build_Build_build_buildEndTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_build_Build_build_buildId": { - "type": "string" + "type": "string" }, "prop_build_Build_build_buildStartTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_build_Build_build_buildType": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_build_Build_build_configSourceDigest": { - "$ref": "#/$defs/Hash_derived" + "$ref": "#/$defs/Hash_derived" }, "prop_build_Build_build_configSourceEntrypoint": { - "type": "string" + "type": "string" }, "prop_build_Build_build_configSourceUri": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_build_Build_build_environment": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_build_Build_build_parameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "Agent": { "allOf": [ @@ -3179,6 +3197,7 @@ { "$ref": "#/$defs/Agent" } ] }, + { "const": "SpdxOrganization" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -3248,20 +3267,20 @@ ] }, "prop_Annotation_annotationType": { - "enum": [ - "other", - "review" - ] + "enum": [ + "other", + "review" + ] }, "prop_Annotation_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_Annotation_statement": { - "type": "string" + "type": "string" }, "prop_Annotation_subject": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "Artifact_derived": { "anyOf": [ @@ -3333,57 +3352,57 @@ ] }, "prop_Artifact_builtTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_originatedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_releaseTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_standardName": { - "type": "string" + "type": "string" }, "prop_Artifact_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_supportLevel": { - "enum": [ - "deployed", - "development", - "endOfSupport", - "limitedSupport", - "noAssertion", - "noSupport", - "support" - ] + "enum": [ + "deployed", + "development", + "endOfSupport", + "limitedSupport", + "noAssertion", + "noSupport", + "support" + ] }, "prop_Artifact_validUntilTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "Bundle": { "allOf": [ @@ -3430,14 +3449,14 @@ ] }, "prop_Bundle_context": { - "type": "string" + "type": "string" }, "Hash": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "Hash" } @@ -3481,33 +3500,33 @@ ] }, "prop_Hash_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_Hash_hashValue": { - "type": "string" + "type": "string" }, "LifecycleScopedRelationship": { "allOf": [ @@ -3552,14 +3571,14 @@ ] }, "prop_LifecycleScopedRelationship_scope": { - "enum": [ - "build", - "design", - "development", - "other", - "runtime", - "test" - ] + "enum": [ + "build", + "design", + "development", + "other", + "runtime", + "test" + ] }, "Organization": { "allOf": [ @@ -3587,6 +3606,7 @@ { "$ref": "#/$defs/Organization" } ] }, + { "const": "SpdxOrganization" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -3732,7 +3752,7 @@ ] }, "prop_expandedlicensing_ConjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_CustomLicenseAddition": { "allOf": [ @@ -3827,7 +3847,7 @@ ] }, "prop_expandedlicensing_DisjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_ExtendableLicense_derived": { "anyOf": [ @@ -3879,8 +3899,8 @@ { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo" } ] }, - { "const": "spdx:ExpandedLicensing/NoAssertionLicense" }, - { "const": "spdx:ExpandedLicensing/NoneLicense" }, + { "const": "expandedlicensing_NoAssertionLicense" }, + { "const": "expandedlicensing_NoneLicense" }, { "$ref": "#/$defs/BlankNodeOrIRI" } ] }, @@ -3955,31 +3975,31 @@ ] }, "prop_expandedlicensing_License_expandedlicensing_isDeprecatedLicenseId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isFsfLibre": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isOsiApproved": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseHeader": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseTemplate": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicense": { "allOf": [ @@ -4027,10 +4047,10 @@ ] }, "prop_expandedlicensing_ListedLicense_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicense_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "expandedlicensing_OrLaterOperator": { "allOf": [ @@ -4078,7 +4098,7 @@ ] }, "prop_expandedlicensing_OrLaterOperator_expandedlicensing_subjectLicense": { - "$ref": "#/$defs/expandedlicensing_License_derived" + "$ref": "#/$defs/expandedlicensing_License_derived" }, "expandedlicensing_WithAdditionOperator": { "allOf": [ @@ -4130,17 +4150,17 @@ ] }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectAddition": { - "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" + "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectExtendableLicense": { - "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" + "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" }, "extension_CdxPropertiesExtension": { "allOf": [ { "type": "object", "properties": { - "spdxId": { "$ref": "#/$defs/BlankNode" }, + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, "type": { "oneOf": [ { "const": "extension_CdxPropertiesExtension" } @@ -4188,7 +4208,7 @@ ] }, "prop_extension_CdxPropertiesExtension_extension_cdxProperty": { - "$ref": "#/$defs/extension_CdxPropertyEntry_derived" + "$ref": "#/$defs/extension_CdxPropertyEntry_derived" }, "security_CvssV2VulnAssessmentRelationship": { "allOf": [ @@ -4240,18 +4260,18 @@ ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV3VulnAssessmentRelationship": { "allOf": [ @@ -4307,27 +4327,27 @@ ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV4VulnAssessmentRelationship": { "allOf": [ @@ -4383,27 +4403,27 @@ ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_EpssVulnAssessmentRelationship": { "allOf": [ @@ -4455,26 +4475,26 @@ ] }, "prop_security_EpssVulnAssessmentRelationship_security_percentile": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_EpssVulnAssessmentRelationship_security_probability": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "security_ExploitCatalogVulnAssessmentRelationship": { "allOf": [ @@ -4530,16 +4550,16 @@ ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_catalogType": { - "enum": [ - "kev", - "other" - ] + "enum": [ + "kev", + "other" + ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_exploited": { - "type": "boolean" + "type": "boolean" }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_locator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "security_SsvcVulnAssessmentRelationship": { "allOf": [ @@ -4587,12 +4607,12 @@ ] }, "prop_security_SsvcVulnAssessmentRelationship_security_decisionType": { - "enum": [ - "act", - "attend", - "track", - "trackStar" - ] + "enum": [ + "act", + "attend", + "track", + "trackStar" + ] }, "security_VexVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4603,8 +4623,7 @@ { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship" }, { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship" }, { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship" }, - { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship" }, - { "$ref": "#/$defs/security_VexVulnAssessmentRelationship" } + { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship" } ] }, { "$ref": "#/$defs/BlankNodeOrIRI" } @@ -4627,10 +4646,10 @@ ] }, "prop_security_VexVulnAssessmentRelationship_security_statusNotes": { - "type": "string" + "type": "string" }, "prop_security_VexVulnAssessmentRelationship_security_vexVersion": { - "type": "string" + "type": "string" }, "security_Vulnerability": { "allOf": [ @@ -4681,37 +4700,37 @@ ] }, "prop_security_Vulnerability_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "software_SoftwareArtifact_derived": { "anyOf": [ @@ -4723,8 +4742,7 @@ { "$ref": "#/$defs/dataset_DatasetPackage" }, { "$ref": "#/$defs/software_File" }, { "$ref": "#/$defs/software_Package" }, - { "$ref": "#/$defs/software_Snippet" }, - { "$ref": "#/$defs/software_SoftwareArtifact" } + { "$ref": "#/$defs/software_Snippet" } ] }, { "$ref": "#/$defs/BlankNodeOrIRI" } @@ -4777,79 +4795,79 @@ ] }, "prop_software_SoftwareArtifact_software_additionalPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "prop_software_SoftwareArtifact_software_attributionText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_contentIdentifier": { - "$ref": "#/$defs/software_ContentIdentifier_derived" + "$ref": "#/$defs/software_ContentIdentifier_derived" }, "prop_software_SoftwareArtifact_software_copyrightText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_primaryPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "Bom": { "allOf": [ @@ -4969,32 +4987,28 @@ "$ref": "#/$defs/prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatement" }, "security_actionStatementTime": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/$defs/prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatementTime" - } - } - ] + "$ref": "#/$defs/prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatementTime" } - } + }, + "required": [ + "security_actionStatement" + ] } ] }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatement": { - "type": "string" + "type": "string" }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "security_VexFixedVulnAssessmentRelationship": { "allOf": [ @@ -5084,27 +5098,27 @@ ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatement": { - "type": "string" + "type": "string" }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_justificationType": { - "enum": [ - "componentNotPresent", - "inlineMitigationsAlreadyExist", - "vulnerableCodeCannotBeControlledByAdversary", - "vulnerableCodeNotInExecutePath", - "vulnerableCodeNotPresent" - ] + "enum": [ + "componentNotPresent", + "inlineMitigationsAlreadyExist", + "vulnerableCodeCannotBeControlledByAdversary", + "vulnerableCodeNotInExecutePath", + "vulnerableCodeNotPresent" + ] }, "security_VexUnderInvestigationVulnAssessmentRelationship": { "allOf": [ @@ -5191,14 +5205,14 @@ ] }, "prop_software_File_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_software_File_software_fileKind": { - "enum": [ - "directory", - "file" - ] + "enum": [ + "directory", + "file" + ] }, "software_Package": { "allOf": [ @@ -5257,19 +5271,19 @@ ] }, "prop_software_Package_software_downloadLocation": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_homePage": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageUrl": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageVersion": { - "type": "string" + "type": "string" }, "prop_software_Package_software_sourceInfo": { - "type": "string" + "type": "string" }, "software_Sbom": { "allOf": [ @@ -5321,14 +5335,14 @@ ] }, "prop_software_Sbom_software_sbomType": { - "enum": [ - "analyzed", - "build", - "deployed", - "design", - "runtime", - "source" - ] + "enum": [ + "analyzed", + "build", + "deployed", + "design", + "runtime", + "source" + ] }, "software_Snippet": { "allOf": [ @@ -5382,13 +5396,13 @@ ] }, "prop_software_Snippet_software_byteRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_lineRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_snippetFromFile": { - "$ref": "#/$defs/software_File_derived" + "$ref": "#/$defs/software_File_derived" }, "ai_AIPackage": { "allOf": [ @@ -5531,62 +5545,62 @@ ] }, "prop_ai_AIPackage_ai_autonomyType": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_ai_AIPackage_ai_domain": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_energyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumption_derived" + "$ref": "#/$defs/ai_EnergyConsumption_derived" }, "prop_ai_AIPackage_ai_hyperparameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_informationAboutApplication": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_informationAboutTraining": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_limitation": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_metric": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_metricDecisionThreshold": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_modelDataPreprocessing": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_modelExplainability": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_safetyRiskAssessment": { - "enum": [ - "high", - "low", - "medium", - "serious" - ] + "enum": [ + "high", + "low", + "medium", + "serious" + ] }, "prop_ai_AIPackage_ai_standardCompliance": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_typeOfModel": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_useSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "dataset_DatasetPackage": { "allOf": [ @@ -5706,74 +5720,74 @@ ] }, "prop_dataset_DatasetPackage_dataset_anonymizationMethodUsed": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_confidentialityLevel": { - "enum": [ - "amber", - "clear", - "green", - "red" - ] + "enum": [ + "amber", + "clear", + "green", + "red" + ] }, "prop_dataset_DatasetPackage_dataset_dataCollectionProcess": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_dataPreprocessing": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetAvailability": { - "enum": [ - "clickthrough", - "directDownload", - "query", - "registration", - "scrapingScript" - ] + "enum": [ + "clickthrough", + "directDownload", + "query", + "registration", + "scrapingScript" + ] }, "prop_dataset_DatasetPackage_dataset_datasetNoise": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetSize": { - "type": "integer", - "minimum": 0 + "type": "integer", + "minimum": 0 }, "prop_dataset_DatasetPackage_dataset_datasetType": { - "enum": [ - "audio", - "categorical", - "graph", - "image", - "noAssertion", - "numeric", - "other", - "sensor", - "structured", - "syntactic", - "text", - "timeseries", - "timestamp", - "video" - ] + "enum": [ + "audio", + "categorical", + "graph", + "image", + "noAssertion", + "numeric", + "other", + "sensor", + "structured", + "syntactic", + "text", + "timeseries", + "timestamp", + "video" + ] }, "prop_dataset_DatasetPackage_dataset_datasetUpdateMechanism": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_hasSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_dataset_DatasetPackage_dataset_intendedUse": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_knownBias": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_sensor": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "IRI": { "type": "string", @@ -5800,7 +5814,6 @@ { "$ref": "#/$defs/IRI" }, { "enum": [ - "http://spdx.invalid./AbstractClass", "ai_EnergyConsumption", "ai_EnergyConsumptionDescription", "ai_EnergyUnitType", @@ -5814,6 +5827,7 @@ "ExternalRef", "ExternalRefType", "HashAlgorithm", + "IndividualElement", "LifecycleScopeType", "NamespaceMap", "PackageVerificationCode", @@ -5887,7 +5901,6 @@ }, "AnyClass": { "anyOf": [ - { "$ref": "#/$defs/http_spdxinvalidAbstractClass" }, { "$ref": "#/$defs/ai_EnergyConsumption" }, { "$ref": "#/$defs/ai_EnergyConsumptionDescription" }, { "$ref": "#/$defs/ai_EnergyUnitType" }, @@ -5901,6 +5914,7 @@ { "$ref": "#/$defs/ExternalRef" }, { "$ref": "#/$defs/ExternalRefType" }, { "$ref": "#/$defs/HashAlgorithm" }, + { "$ref": "#/$defs/IndividualElement" }, { "$ref": "#/$defs/LifecycleScopeType" }, { "$ref": "#/$defs/NamespaceMap" }, { "$ref": "#/$defs/PackageVerificationCode" }, @@ -5968,4 +5982,4 @@ ] } } -} +} \ No newline at end of file diff --git a/resources/spdx-context-v3.0.1.jsonld b/resources/spdx-context-v3.0.1.jsonld index 83deaa0..f692cb9 100644 --- a/resources/spdx-context-v3.0.1.jsonld +++ b/resources/spdx-context-v3.0.1.jsonld @@ -17,10 +17,13 @@ "ExternalRefType": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "Hash": "https://spdx.org/rdf/3.0.1/terms/Core/Hash", "HashAlgorithm": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", + "IndividualElement": "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", "IntegrityMethod": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "LifecycleScopeType": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "LifecycleScopedRelationship": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", "NamespaceMap": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", + "NoAssertionElement": "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", + "NoneElement": "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "Organization": "https://spdx.org/rdf/3.0.1/terms/Core/Organization", "PackageVerificationCode": "https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "Person": "https://spdx.org/rdf/3.0.1/terms/Core/Person", @@ -32,6 +35,7 @@ "RelationshipType": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "SoftwareAgent": "https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", "SpdxDocument": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", + "SpdxOrganization": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SupportType": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "Tool": "https://spdx.org/rdf/3.0.1/terms/Core/Tool", "ai_AIPackage": "https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", @@ -306,9 +310,6 @@ "@type": "http://www.w3.org/2001/XMLSchema#string" }, "element": { - "@context": { - "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/Element/" - }, "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element", "@type": "@vocab" }, @@ -330,6 +331,8 @@ "expandedlicensing_LicenseAddition": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "expandedlicensing_ListedLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "expandedlicensing_ListedLicenseException": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", + "expandedlicensing_NoAssertionLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", + "expandedlicensing_NoneLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_OrLaterOperator": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "expandedlicensing_WithAdditionOperator": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "expandedlicensing_additionText": { @@ -446,9 +449,6 @@ "@type": "http://www.w3.org/2001/XMLSchema#anyURI" }, "from": { - "@context": { - "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/Element/" - }, "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from", "@type": "@vocab" }, @@ -527,9 +527,6 @@ "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" }, "rootElement": { - "@context": { - "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/Element/" - }, "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement", "@type": "@vocab" }, @@ -566,9 +563,6 @@ "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" }, "security_assessedElement": { - "@context": { - "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/Element/" - }, "@id": "https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", "@type": "@vocab" }, @@ -783,9 +777,6 @@ "@type": "http://www.w3.org/2001/XMLSchema#string" }, "subject": { - "@context": { - "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/Element/" - }, "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject", "@type": "@vocab" }, @@ -805,9 +796,6 @@ "@type": "@vocab" }, "to": { - "@context": { - "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/Element/" - }, "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to", "@type": "@vocab" }, diff --git a/resources/spdx-model-v3.0.1.jsonld b/resources/spdx-model-v3.0.1.jsonld index 08805f1..6abab4b 100644 --- a/resources/spdx-model-v3.0.1.jsonld +++ b/resources/spdx-model-v3.0.1.jsonld @@ -1,205 +1,328 @@ [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/statement", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Commentary on an assertion that an annotator has made." + "@value": "the element follows the SimpleLicensing profile specification" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "simpleLicensing" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period." + "@value": "A reference to an alternative web page." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasRequirement" + "@value": "altWebPage" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes potentially noisy elements of the dataset." + "@value": "data is a collection of images such as pictures of animals." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "image" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package." + "@value": "Records the time when a recommended action was communicated in a VEX statement\nto mitigate a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "securityThreatModel" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/justificationType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship." + "@value": "A reference to additional product metadata such as reference within organization's product catalog." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + "@value": "productMetadata" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is an archived collection of one or more files (.tar, .zip, etc)" + "@value": "A reference to a purchase order for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "archive" + "@value": "purchaseOrder" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a dynamic analysis report for a package." + "@value": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "dynamicAnalysisReport" + "@value": "vulnerableCodeNotInExecutePath" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies whether the License is listed as approved by the\nOpen Source Initiative (OSI)." + "@value": "A canonical, unique, immutable identifier" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N2f453dff5c3d4aeb9eeca1c273089f5d" + }, + { + "@id": "_:N6bd1a6d665974f37b6330aee72463c40" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", + "@id": "_:N2f453dff5c3d4aeb9eeca1c273089f5d", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType" + } + ] + }, + { + "@id": "_:N6bd1a6d665974f37b6330aee72463c40", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a quality assessment for a package." + "@value": "A collection of Elements that have a shared context." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "qualityAssessmentReport" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N9fbdc56679684b249b8cc7d20288fa52" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", + "@id": "_:N9fbdc56679684b249b8cc7d20288fa52", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/context" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the amount of energy consumed when finetuning the AI model that is\nbeing used in the AI system." + "@value": "A reference to a privacy assessment for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + "@value": "privacyAssessment" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property describes the invocation entrypoint of a build." + "@value": "Property that describes the time at which a build stops." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/description", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/summary", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a detailed description of the Element." + "@value": "A short description of an Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -209,31 +332,31 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/annotationType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locator", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes the type of annotation." + "@value": "Provides the location of an external reference." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the full text of a License or Addition." + "@value": "Identifies the full text of a LicenseAddition." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -243,122 +366,136 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource." + "@value": "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "urlScheme" + "@value": "sha256" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a module of a piece of software" + "@value": "Defines the end of a range." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "module" + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference build metadata related to a published package." + "@value": "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "buildMeta" + "@value": "diskImage" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a purchase order for a package." + "@value": "When a CVSS score is between 4.0 - 6.9" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "purchaseOrder" + "@value": "medium" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an EPSS assessment for a vulnerability." + "@value": "The Element is a single or a collection of source files." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + "@value": "source" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A key with an associated value." } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nb618ae63e1124869b9e8b168e9acb6b4" + "@id": "_:Na3ccc8a5475e4877bc9d318834c95e4e" }, { - "@id": "_:N03a14f66dcfd4c7b9d5c0a63388baaac" + "@id": "_:N11cf77d03f2047b6a91de3d4c0a81bf3" } ] }, { - "@id": "_:Nb618ae63e1124869b9e8b168e9acb6b4", + "@id": "_:Na3ccc8a5475e4877bc9d318834c95e4e", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -369,24 +506,20 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/probability" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/key" } ] }, { - "@id": "_:N03a14f66dcfd4c7b9d5c0a63388baaac", + "@id": "_:N11cf77d03f2047b6a91de3d4c0a81bf3", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -397,187 +530,197 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/percentile" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/value" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + "@value": "Captures the threshold that was used for computation of a metric described in\nthe metric field." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "sha3_512" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to additional product metadata such as reference within organization's product catalog." + "@value": "A string in the license expression format." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "productMetadata" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#Ontology" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], - "http://purl.org/dc/terms/abstract": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "This ontology defines the terms and relationships used in the SPDX specification to describe system packages" + "@value": "Abstract ancestor class for all VEX relationships" } ], - "http://purl.org/dc/terms/created": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@type": "http://www.w3.org/2001/XMLSchema#date", - "@value": "2024-04-05" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" } ], - "http://purl.org/dc/terms/creator": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "SPDX Project" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://purl.org/dc/terms/license": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/licenses/Community-Spec-1.0.html" - } - ], - "http://purl.org/dc/terms/references": [ + "@id": "_:N86fa428dffca47ed9477433da6de995f" + }, { - "@id": "https://spdx.dev/specifications/" + "@id": "_:Ne85767bf657647678f43e419fe3d7b41" + }, + { + "@id": "_:N827d4765f14f49ed9f7cc0b184462699" } - ], - "http://purl.org/dc/terms/title": [ + ] + }, + { + "@id": "_:N86fa428dffca47ed9477433da6de995f", + "http://www.w3.org/ns/shacl#message": [ { "@language": "en", - "@value": "System Package Data Exchange (SPDX) Ontology" + "@value": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#not": [ { - "@language": "en", - "@value": "System Package Data Exchange (SPDX) Ontology" + "@id": "_:Nca198a180eab425bb1941c939fbcab9c" } ], - "http://www.w3.org/2002/07/owl#versionIRI": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/" + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } - ], - "https://www.omg.org/spec/Commons/AnnotationVocabulary/copyright": [ + ] + }, + { + "@id": "_:Nca198a180eab425bb1941c939fbcab9c", + "http://www.w3.org/ns/shacl#hasValue": [ { - "@language": "en", - "@value": "Copyright (C) 2024 SPDX Project" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "@id": "_:Ne85767bf657647678f43e419fe3d7b41", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A reference to binary artifacts related to a package." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "binaryArtifact" + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N827d4765f14f49ed9f7cc0b184462699", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "A concrete subclass of AnyLicenseInfo used by Individuals in the\nExpandedLicensing profile." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes what the given dataset should be used for." + "@value": "Specifies the value of the content identifier." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the patch or source code that fixes a vulnerability." + "@value": "The Element doesn't fit into any of the other categories." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityFix" + "@value": "other" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes the preprocessing steps that were applied to the raw data to create the given dataset." + "@value": "The version of the SPDX License List used in the license expression." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -587,628 +730,566 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is the evidence that a specification or requirement has been fulfilled" + "@value": "Identifies all the text and metadata associated with a license in the license\nXML format." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "evidence" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element provides low level control over a device's hardware" + "@value": "Refers to any object that stores content on a computer." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "firmware" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "The `from` Element is an ancestor of each `to` Element." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "ancestorOf" + "@id": "_:N2c00f81f03274496b7c4c8ab8bf09b2a" + }, + { + "@id": "_:N77cfd96960c54e7da88fac7740281ef5" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N2c00f81f03274496b7c4c8ab8bf09b2a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Defines the end of a range." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + "@id": "http://www.w3.org/ns/shacl#Literal" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#pattern": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "^[^\\/]+\\/[^\\/]+$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N77cfd96960c54e7da88fac7740281ef5", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript." + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#in": [ { - "@value": "text" + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory" + } + ] } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "This property is used to denote the root Element(s) of a tree of elements contained in a BOM." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/fileKind" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies all the text and metadata associated with a license in the license\nXML format." + "@value": "A license that is not listed on the SPDX License List." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "MD4 message-digest algorithm, as defined in [RFC 1186](https://www.rfc-editor.org/info/rfc1186)." + "@value": "data is recorded from a physical sensor, such as a thermometer reading or biometric device." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "md4" + "@value": "sensor" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "@value": "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "track" + "@value": "describes" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provide context for a relationship that occurs in the lifecycle." + "@value": "Records if sensitive personal information is used during model training or\ncould be used during the inference." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Used when someone reviews the Element." } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:Na6076520369a4c939af966a109e9f81d" + "@value": "review" } ] }, { - "@id": "_:Na6076520369a4c939af966a109e9f81d", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other" - } - ] + "@language": "en", + "@value": "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "http://www.w3.org/2001/XMLSchema#string" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/scope" + "@value": "attend" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A distinct article or unit within the digital domain." + "@value": "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "hasPrerequisite" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "References the Element on the left-hand side of a relationship." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N82f168f519f84b918718a8fd0a5bd7a5" - }, - { - "@id": "_:N3eb59c0d8f1c4baebd95f29f7c0169fc" - }, - { - "@id": "_:N749bfae08b514a21a79f9d2f71057da9" - }, - { - "@id": "_:N2adb4f18d2704358ac6c9f6394de6e58" - }, - { - "@id": "_:Nc2f8077148fd44d3bbae6f49a7d8cfda" - }, - { - "@id": "_:N11ce0bf6c41d4212b5755b76ce0d76f7" - }, + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:N221785f36cd44208a4c5c9e834ac8250" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ] }, { - "@id": "_:N82f168f519f84b918718a8fd0a5bd7a5", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" } ] }, { - "@id": "_:N3eb59c0d8f1c4baebd95f29f7c0169fc", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + "@language": "en", + "@value": "Specifies the time when a vulnerability was published." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy" + "@value": "adler32" } ] }, { - "@id": "_:N749bfae08b514a21a79f9d2f71057da9", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/2001/XMLSchema#string" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/builtTime" + "@language": "en", + "@value": "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period." } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@value": "hasSpecification" } ] }, { - "@id": "_:N2adb4f18d2704358ac6c9f6394de6e58", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#Literal" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime" - } - ], - "http://www.w3.org/ns/shacl#pattern": [ - { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] - }, - { - "@id": "_:Nc2f8077148fd44d3bbae6f49a7d8cfda", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#Literal" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime" + "@language": "en", + "@value": "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency." } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@value": "hasDataFile" } ] }, { - "@id": "_:N11ce0bf6c41d4212b5755b76ce0d76f7", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/standardName" + "@value": "configures" } ] }, { - "@id": "_:N221785f36cd44208a4c5c9e834ac8250", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" - } - ], - "http://www.w3.org/ns/shacl#in": [ - { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion" - } - ] - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "any hashing algorithm that does not exist in this list of entries" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel" + "@value": "other" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the time an artifact was released." + "@value": "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@value": "publishedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Data points in the dataset are highly confidential and can only be shared with named recipients." + "@value": "The second-highest level of risk posed by an AI system." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "red" + "@value": "high" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element doesn't fit into any of the other categories" + "@value": "A reference to funding information related to a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "funding" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes methods that can be used to explain the results from the AI model." + "@value": "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "md2" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Categories of confidentiality level." + "@value": "The Element is configuration data." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "configuration" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/fileKind", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes if a given file is a directory or non-directory kind of file." + "@value": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + "@value": "track" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a export control assessment for a package." + "@value": "Identifies the full text of a License or Addition." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "exportControlAssessment" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "no assertion about the type of support is made. This is considered the default if no other support type is used." + "@value": "Describes the preprocessing steps that were applied to the raw data to create the given dataset." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "noAssertion" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -1216,12 +1297,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an exploit assessment of a vulnerability." + "@value": "Describes a certain part of a file." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -1231,289 +1312,319 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N931c62956d61489bacba3d588781a983" + "@id": "_:N580b2e41639f459ca779e7f403e8a1a0" }, { - "@id": "_:Nbc1b1034cec741988cac42eedaab273f" + "@id": "_:N49255f1d76a848aa802391a2afe0cbe1" }, { - "@id": "_:Naaf109d0e18d412e9ea248e3520479d6" + "@id": "_:Nd7add987f24d4d6680bce9a2d944db6a" } ] }, { - "@id": "_:N931c62956d61489bacba3d588781a983", + "@id": "_:N580b2e41639f459ca779e7f403e8a1a0", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" - } - ], - "http://www.w3.org/ns/shacl#in": [ - { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other" - } - ] + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" } ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/catalogType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/byteRange" } ] }, { - "@id": "_:Nbc1b1034cec741988cac42eedaab273f", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N49255f1d76a848aa802391a2afe0cbe1", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" } ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/exploited" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/lineRange" } ] }, { - "@id": "_:Naaf109d0e18d412e9ea248e3520479d6", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:Nd7add987f24d4d6680bce9a2d944db6a", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/locator" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a static analysis report for a package." + "@value": "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "staticAnalysisReport" + "@value": "syntactic" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period." + "@value": "A reference to the security adversary model for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasProvidedDependency" + "@value": "securityAdversaryModel" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/probability", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A probability score between 0 and 1 of a vulnerability being exploited." + "@value": "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@value": "doesNotAffect" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a CVSS version 2.0 assessment for a vulnerability." + "@value": "The `from` Element contains each `to` Element." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + "@value": "contains" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/context", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nfcfabd6837334800902d702a2224cf63" - }, + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:N51b3938945d142239a7569ee5ec8d5c8" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:Nfcfabd6837334800902d702a2224cf63", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@language": "en", + "@value": "Provides the license under which the SPDX documentation of the Element can be\nused." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Information about the relationship between two Elements." } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/homePage", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "A place for the SPDX document creator to record a website that serves as the\npackage's home page." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "_:N51b3938945d142239a7569ee5ec8d5c8", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "Specifies a time when a vulnerability assessment was modified" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a License author's preferred text to indicate that a file is covered\nby the License." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "http://www.w3.org/2001/XMLSchema#string" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" + "@value": "blake2b384" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day." + "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "timeseries" + "@value": "swhid" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the algorithm used for calculating the hash value." + "@value": "A reference to the patch or source code that fixes a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "@value": "securityFix" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -1521,34 +1632,69 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)." + "@value": "The `from` Element generates each `to` Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "delegatedTo" + "@value": "generates" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes how the dataset was collected." + "@value": "Provides additional purpose information of the software artifact." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/decisionType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provide the enumeration of possible decisions in the\n[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a published list of releases for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "releaseHistory" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/Build", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -1556,12 +1702,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a CVSS version 3 assessment for a vulnerability." + "@value": "Class that describes a build instance of software/artifacts." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -1571,30 +1717,50 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nef292b5a2b964a438a19a87abc0b770e" + "@id": "_:N17b11e9782cb42ceba98928679b0f78b" + }, + { + "@id": "_:Nd70830e62e09431f9f5ac0ca57ad91de" + }, + { + "@id": "_:Nea626a2a6c9a4deab1b1cdd962d00ea7" + }, + { + "@id": "_:N3d3db55210ce441eb305cdf967d96a2d" + }, + { + "@id": "_:N3cf836c0e1cc41a780ab94e0d629cfc8" + }, + { + "@id": "_:N9d3e8c20daa5400b957c25be113efe89" + }, + { + "@id": "_:Na8466e22ae484f8ab197aa7b0d012695" }, { - "@id": "_:Ncc153a1e18284300ab41f5f13fd7ff4f" + "@id": "_:N15521aa0152f4af5a3545aa71f2c4b78" }, { - "@id": "_:N42fb44c466e14d8e8b257e244bc34c3a" + "@id": "_:N81443e2b66644d6f8f751bad29789396" } ] }, { - "@id": "_:Nef292b5a2b964a438a19a87abc0b770e", + "@id": "_:N17b11e9782cb42ceba98928679b0f78b", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -1605,76 +1771,41 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType" } ] }, { - "@id": "_:Ncc153a1e18284300ab41f5f13fd7ff4f", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" - } - ], - "http://www.w3.org/ns/shacl#in": [ + "@id": "_:Nd70830e62e09431f9f5ac0ca57ad91de", + "http://www.w3.org/ns/shacl#datatype": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none" - } - ] + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity" + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId" } ] }, { - "@id": "_:N42fb44c466e14d8e8b257e244bc34c3a", + "@id": "_:Nea626a2a6c9a4deab1b1cdd962d00ea7", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#Literal" @@ -1682,660 +1813,722 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N3d3db55210ce441eb305cdf967d96a2d", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "The version of the SPDX License List used in the license expression." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N3cf836c0e1cc41a780ab94e0d629cfc8", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Identifies an external Element used within a Document but defined external to\nthat Document." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N9d3e8c20daa5400b957c25be113efe89", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Identifies the full text of a LicenseAddition, in SPDX templating format." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Na8466e22ae484f8ab197aa7b0d012695", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships." + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "doesNotAffect" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Provide consumers with comments by the creator of the Element about the\nElement." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#pattern": [ { - "@language": "en", - "@value": "Specifies the VEX justification type." + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N15521aa0152f4af5a3545aa71f2c4b78", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "A license or addition that is not listed on the SPDX License List." + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ { - "@id": "_:N5750d0691e19484581ac36403f62e6cc" + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "_:N5750d0691e19484581ac36403f62e6cc", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N81443e2b66644d6f8f751bad29789396", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": 1 + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText" + "@value": "hasAssessmentFor" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes a relationship between one or more elements." + "@value": "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "endOfSupport" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N468bb83c053f48bcb3dda74b00344449" - }, - { - "@id": "_:Nbc970ba271ed48bd96807610a5fc1664" - }, - { - "@id": "_:N9e292defd1ab42b8a9f96e0b89605ce9" - }, - { - "@id": "_:N914c9ddc167b46f888ff032d632c6422" - }, - { - "@id": "_:Na2c671e4043a4e7e9c060e7f3a54ba3e" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N2422650402e049119d8cea81354c58e1" + "@value": "hasOptionalDependency" } ] }, { - "@id": "_:N468bb83c053f48bcb3dda74b00344449", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The third-highest level of risk posed by an AI system." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "medium" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Specified the time and date when a vulnerability was withdrawn." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, { - "@id": "_:Nbc970ba271ed48bd96807610a5fc1664", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@language": "en", + "@value": "An Individual Value for License when no assertion can be made about its actual\nvalue." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2002/07/owl#sameAs": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to" + "@language": "en", + "@value": "Specifies the VEX justification type." } ] }, { - "@id": "_:N9e292defd1ab42b8a9f96e0b89605ce9", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "@language": "en", + "@value": "A reference to a quality assessment for a package." } ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool" - } - ] + "@value": "qualityAssessmentReport" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Specifies whether an additional text identifier has been marked as deprecated." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "A reference to the software support channel or other support information for a package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType" + "@value": "support" } ] }, { - "@id": "_:N914c9ddc167b46f888ff032d632c6422", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + "@language": "en", + "@value": "The `from` Element is an ancestor of each `to` Element." } ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion" - } - ] + "@value": "ancestorOf" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/limitation", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Captures a limitation of the AI software." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Defines the original host file that the snippet information applies to." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element represents a runtime environment." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "platform" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies an external Element used within an SpdxDocument but defined\nexternal to that SpdxDocument." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The field describes the availability of a dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The file represents a single file (default)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "file" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has been tested on the `to` Element(s)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "testedOn" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the unit in which energy is measured." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is documentation." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "documentation" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the amount of energy consumed during inference time by an AI model\nthat is being used in the AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", + "@type": [ + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "This individual element was defined by the spec." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ { - "@value": 1 + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" } ], - "http://www.w3.org/ns/shacl#path": [ + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/completeness" + "@value": "3.0.1" } ] }, { - "@id": "_:Na2c671e4043a4e7e9c060e7f3a54ba3e", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A relationship has specific context implications during development phase of an element." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@value": "development" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/startTime" + "@language": "en", + "@value": "A reference to a dynamic analysis report for a package." } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@value": "dynamicAnalysisReport" } ] }, { - "@id": "_:N2422650402e049119d8cea81354c58e1", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@language": "en", + "@value": "Refers to one or more Elements that are part of an ElementCollection." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/created", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies when the Element was originally created." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endTime" + "@language": "en", + "@value": "The Element is a module of a piece of software." } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@value": "module" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a software library" + "@value": "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "library" + "@value": "other" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", "@type": [ "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of the content identifier." + "@value": "Records a hyperparameter used to build the AI model contained in the AI\npackage." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during an element's testing phase, during development." + "@value": "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "test" + "@value": "text" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes the type of the given dataset." + "@value": "Specifies the version of a VEX statement." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element refers to a chipset, processor, or electronic board" + "@value": "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "device" + "@value": "hasStaticLink" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/prefix", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A substitute for a URI." + "@value": "Describes all the preprocessing steps applied to the training data before the\nmodel training." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -2345,66 +2538,67 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/value", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A value used in a generic key-value pair." + "@value": "Specifies an Element contained in a piece of software where a vulnerability was\nfound." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a runtime analysis report for a package." + "@value": "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "runtimeAnalysisReport" + "@value": "packagedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/limitation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Captures a limitation of the AI software." + "@value": "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "sha512" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locator", + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides the location of an external reference." + "@value": "A value used in a CdxPropertyEntry name-value pair." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -2414,47 +2608,41 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Designates elements as products where the impact of a vulnerability is being\ninvestigated." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + "@value": "Describes a mechanism to update the dataset." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element is documentation" + "@value": "Specifies the CVSS vector string for a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "documentation" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -2462,375 +2650,424 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships." + "@value": "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "affects" + "@value": "serializedInArtifact" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/justificationType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package." + "@value": "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "eolNotice" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset." + "@value": "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "query" + "@value": "sha1" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms." + "@value": "Availability of dataset." } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": "registration" + "@language": "en", + "@value": "A license that is listed on the SPDX License List." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N354ff8b540a0427a97dc3c7fe3fcaba2" + }, + { + "@id": "_:N424a5985e65648579f3f351d5ddcbe9a" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N354ff8b540a0427a97dc3c7fe3fcaba2", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Provides a place for the SPDX data creator to record the package URL string\n(in accordance with the Package URL specification) for a software Package." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N424a5985e65648579f3f351d5ddcbe9a", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "the element follows the simple Licensing profile specification" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "simpleLicensing" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "scrapingScript" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element)." + "@value": "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "analyzed" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identify the version of a package." + "@value": "Designates elements as products where the impact of a vulnerability is being\ninvestigated." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", "@type": [ "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a map of a property names to a values." + "@value": "Information about the relationship between two Elements." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period." + "@value": "A reference to the issue tracker for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasPrerequisite" + "@value": "issueTracker" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifier", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs." + "@value": "Uniquely identifies an external element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "build" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/created", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies when the Element was originally created." + "@value": "[Kyber](https://pq-crystals.org/kyber/)" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@value": "crystalsKyber" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The highest level of risk posed by an AI system." + "@value": "A distinct article or unit related to Software." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "serious" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "the Element is an operating system" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "operatingSystem" + "@id": "_:N30278794a47b432991916e0f8b7edd43" + }, + { + "@id": "_:Ne7bb452ea72c40559a74147d8436b910" + }, + { + "@id": "_:N2d6f29ae54bf4063ae6b902a9d9d0e65" + }, + { + "@id": "_:Nce85940987124e80ab8a09c3b530105f" + }, + { + "@id": "_:N3cb59368bd5246eb9331b056be55010f" + }, + { + "@id": "_:N369dde9853ee441baf76508a7b5b2087" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Sbom", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N30278794a47b432991916e0f8b7edd43", + "http://www.w3.org/ns/shacl#message": [ { "@language": "en", - "@value": "A collection of SPDX Elements describing a single package." + "@value": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#not": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bom" + "@id": "_:Nb8cfa0626ffe40b4bf076a3698bb7221" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } - ], - "http://www.w3.org/ns/shacl#property": [ + ] + }, + { + "@id": "_:Nb8cfa0626ffe40b4bf076a3698bb7221", + "http://www.w3.org/ns/shacl#hasValue": [ { - "@id": "_:N86f9b7b90af545a4baaa4b71867cbb18" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" } ] }, { - "@id": "_:N86f9b7b90af545a4baaa4b71867cbb18", + "@id": "_:Ne7bb452ea72c40559a74147d8436b910", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed" - } - ] - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sbomType" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N054580222e4f4782981d41f8556d0325" - } - ] - }, - { - "@id": "_:N054580222e4f4782981d41f8556d0325", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test" + } + ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -2841,156 +3078,150 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of an annotation." - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to related security information of unspecified type." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityOther" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://www.rfc-editor.org/info/rfc6234)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha256" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Person", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N2d6f29ae54bf4063ae6b902a9d9d0e65", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "An individual human being." + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#in": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test" + } + ] } ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#IRI" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Contains a URL where the License or LicenseAddition can be found in use." - } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "@id": "_:Nce85940987124e80ab8a09c3b530105f", + "http://www.w3.org/ns/shacl#datatype": [ { - "@value": "bower" + "@id": "http://www.w3.org/2001/XMLSchema#string" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A tuple of two positive integers that define a range." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N9e83153a23b242d790e3aeb68efd4994" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N6b5c35c4731e4a98b5f647e14dfe258d" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText" } ] }, { - "@id": "_:N9e83153a23b242d790e3aeb68efd4994", + "@id": "_:N3cb59368bd5246eb9331b056be55010f", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -3000,82 +3231,72 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/attributionText" } ] }, { - "@id": "_:N6b5c35c4731e4a98b5f647e14dfe258d", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ + "@id": "_:N369dde9853ee441baf76508a7b5b2087", + "http://www.w3.org/ns/shacl#class": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the security adversary model for a package." + "@value": "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityAdversaryModel" + "@value": "hasAddedFile" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/catalogType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/startTime", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the exploit catalog type." + "@value": "Specifies the time from which an element is applicable / valid." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the full text of a License, in SPDX templating format." + "@value": "Describes potentially noisy elements of the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -3085,600 +3306,618 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Extension profile specification" + "@value": "Specifies an AI package and its associated information." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "extension" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "The `from` Element is modified by each `to` Element." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "modifiedBy" + "@id": "_:N47fb54a94ed9447280f7321c48e2982b" + }, + { + "@id": "_:Nb6114b281470409dba07ab5b55d23066" + }, + { + "@id": "_:N7c2570f4196247ea90dd5b3d7ca0b22e" + }, + { + "@id": "_:Nfb56dda28f4e4167ae11a43fab219b2f" + }, + { + "@id": "_:N683ff685a95941dfbff264b5fb2feb94" + }, + { + "@id": "_:N370ed73a1c1e4ff09d768ae422e135dd" + }, + { + "@id": "_:Ne1a811cecaeb4f3ea40377cb54d1a8ad" + }, + { + "@id": "_:N840f91254c8c467788b8d2ccb69e172c" + }, + { + "@id": "_:N29eb269c4389443f8ded26f8ac3ba6b6" + }, + { + "@id": "_:N1f22a6fa2025402ebb1d66bae0bbfd63" + }, + { + "@id": "_:N7dc5b81f3a044db6ba8e80d052ea722f" + }, + { + "@id": "_:Nedc283c28c9b44ccad4b01a90a31f2ca" + }, + { + "@id": "_:N6f7c535ec5984714bdc5cd9e6f23c8a7" + }, + { + "@id": "_:N19ca4558cdb341ee9c37bfe7dbd5725f" + }, + { + "@id": "_:N32ea05029eca4d0cb9b3191393efdb1c" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "@id": "_:N47fb54a94ed9447280f7321c48e2982b", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#in": [ { - "@language": "en", - "@value": "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://www.rfc-editor.org/info/rfc6234)." + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" + } + ] } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "sha384" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/decisionType", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Provide the enumeration of possible decisions in the\n[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "@id": "_:Nb6114b281470409dba07ab5b55d23066", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A reference build system used to create or publish the package." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "buildSystem" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/domain" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N7c2570f4196247ea90dd5b3d7ca0b22e", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "Identifies from where or whom the Element originally came." + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "the element follows the expanded Licensing profile specification" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "expandedLicensing" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:Nfb56dda28f4e4167ae11a43fab219b2f", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Describes the anonymization methods used." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "@id": "_:N683ff685a95941dfbff264b5fb2feb94", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "data is stored in tabular format or retrieved from a relational database." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "structured" + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N370ed73a1c1e4ff09d768ae422e135dd", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Property describing the session in which a build is invoked." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" + "@id": "_:Ne1a811cecaeb4f3ea40377cb54d1a8ad", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "An Individual Value for License where the SPDX data creator determines that no\nlicense is present." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2002/07/owl#sameAs": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/None" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/limitation" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/extension", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N840f91254c8c467788b8d2ccb69e172c", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Specifies an Extension characterization of some aspect of an Element." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metric" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "@id": "_:N29eb269c4389443f8ded26f8ac3ba6b6", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A reference to a published list of releases for a package." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "releaseHistory" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "@id": "_:N1f22a6fa2025402ebb1d66bae0bbfd63", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "the Element is a file system image that can be written to a disk (or virtual) partition" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "filesystemImage" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "@id": "_:N7dc5b81f3a044db6ba8e80d052ea722f", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "The `from` Element is documented by each `to` Element." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasDocumentation" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "@id": "_:Nedc283c28c9b44ccad4b01a90a31f2ca", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#in": [ { - "@language": "en", - "@value": "The `from` Element is amended by each `to` Element." + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low" + } + ] } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "amendedBy" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A reference to a social media channel for a package." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "socialMedia" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N6f7c535ec5984714bdc5cd9e6f23c8a7", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A License participating in a 'with addition' model." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "@id": "_:N19ca4558cdb341ee9c37bfe7dbd5725f", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "data is of a type not included in this list." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "other" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + "@id": "_:N32ea05029eca4d0cb9b3191393efdb1c", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#in": [ { - "@language": "en", - "@value": "The product is not affected because the code underlying the vulnerability is not present in the product." + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" + } + ] } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "vulnerableCodeNotPresent" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Captures the threshold that was used for computation of a metric described in\nthe metric field." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license expression participating in a license set." + "@value": "Provides relevant information about the AI software, not including the model\ndescription." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)" + "@value": "The `from` archive expands out as an artifact described by each `to` Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "md6" + "@value": "expandsTo" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A type of extension consisting of a list of name value pairs." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#BlankNode" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N206dc3e31b334531b49d79b656fd480f" + "@value": "Specifies the CVSS base, temporal, threat, or environmental severity type." } ] }, { - "@id": "_:N206dc3e31b334531b49d79b656fd480f", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry" - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@language": "en", + "@value": "The Element represents software that controls hardware devices." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty" + "@value": "deviceDriver" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A property name with an associated value." - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@value": "Identifies the download Uniform Resource Identifier for the package at the time\nthat the document was created." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N778443bad04e415198c45113ec4c13c0" - }, - { - "@id": "_:N75f6dd2dc4c147bdabfc8532dfcf92f4" - } - ] - }, - { - "@id": "_:N778443bad04e415198c45113ec4c13c0", - "http://www.w3.org/ns/shacl#datatype": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName" + "@id": "_:Na7ae4c31f5884568a3bf48b6f9676216" } ] }, { - "@id": "_:N75f6dd2dc4c147bdabfc8532dfcf92f4", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:Na7ae4c31f5884568a3bf48b6f9676216", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": 1 + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 2 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has been copied to each `to` Element." + "@value": "The Element is a software library." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "copiedTo" + "@value": "library" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the issue tracker for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "issueTracker" + "@value": "A mathematical algorithm that maps data of arbitrary size to a bit string." } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used." + "@value": "Specifies the type of the content identifier." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "describes" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" @@ -3686,140 +3925,142 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to an artifact containing the sources for a package." + "@value": "A reference to metrics related to package such as OpenSSF scorecards." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sourceArtifact" + "@value": "metrics" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sbomType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the type of an SBOM." + "@value": "A reference to a runtime analysis report for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + "@value": "runtimeAnalysisReport" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the AI profile specification" + "@value": "An Individual Value for Element representing a set of Elements of unknown\nidentify or cardinality (number)." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ { - "@value": "ai" + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Kilowatt-hour." + "@value": "the element follows the Extension profile specification" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "kilowattHour" + "@value": "extension" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)." + "@value": "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "secureSoftwareAttestation" + "@value": "query" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/locator", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides the location of an exploit catalog." + "@value": "The Element is a software application." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "application" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The result of applying a hash algorithm to an Element." + "@value": "Provides an IntegrityMethod with which the integrity of an Element can be\nasserted." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element contains a set of changes to update, fix, or improve another Element" + "@value": "the element follows the AI profile specification" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "patch" + "@value": "ai" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -3827,29 +4068,24 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period." + "@value": "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasOutput" + "@value": "fixedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property describing a parameter used in an instance of a build." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@value": "Provide an enumerated set of lifecycle phases that can provide context to relationships." } ] }, @@ -3857,7 +4093,6 @@ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "@type": [ "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ @@ -3878,31 +4113,62 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N6dac1d6c9ca64ac38eadad84ed1d5170" + "@id": "_:N50ac56aefa494b28ac37f9f5f9fe85c9" + }, + { + "@id": "_:Nd02644afb1dc49c1a5d3579aee9238e5" }, { - "@id": "_:Ne52ce52e1443444faae3b0449006d205" + "@id": "_:Nb3940c1a89ea40fd93067b312aa7ec47" }, { - "@id": "_:N6bb7f461efcb4cb998e8804841b7fda0" + "@id": "_:N4378898d7a4e45aba687da8f75c50a03" }, { - "@id": "_:Nb400ecece6c843fab2b420ca043dfc7c" + "@id": "_:Nb926c51e6e424f4d91bff7da1f5c5f5d" }, { - "@id": "_:N3de73e4305e246a8bf2c725622ca4600" + "@id": "_:N1668119826b547d294ab973a0b1f44fa" + } + ] + }, + { + "@id": "_:N50ac56aefa494b28ac37f9f5f9fe85c9", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N87ae6f2c35244fb3828abd80ac3d36af" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } ] }, { - "@id": "_:N6dac1d6c9ca64ac38eadad84ed1d5170", + "@id": "_:N87ae6f2c35244fb3828abd80ac3d36af", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ] + }, + { + "@id": "_:Nd02644afb1dc49c1a5d3579aee9238e5", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -3918,7 +4184,7 @@ ] }, { - "@id": "_:Ne52ce52e1443444faae3b0449006d205", + "@id": "_:Nb3940c1a89ea40fd93067b312aa7ec47", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" @@ -3926,6 +4192,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -3946,7 +4213,7 @@ ] }, { - "@id": "_:N6bb7f461efcb4cb998e8804841b7fda0", + "@id": "_:N4378898d7a4e45aba687da8f75c50a03", "http://www.w3.org/ns/shacl#class": [ { "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" @@ -3954,6 +4221,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -3969,7 +4237,7 @@ ] }, { - "@id": "_:Nb400ecece6c843fab2b420ca043dfc7c", + "@id": "_:Nb926c51e6e424f4d91bff7da1f5c5f5d", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" @@ -3977,6 +4245,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -3997,7 +4266,7 @@ ] }, { - "@id": "_:N3de73e4305e246a8bf2c725622ca4600", + "@id": "_:N1668119826b547d294ab973a0b1f44fa", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" @@ -4005,6 +4274,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -4025,108 +4295,59 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A name used in a CdxPropertyEntry name-value pair." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "amber" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Software profile specification" + "@value": "the dataset is publicly available and can be downloaded directly." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "software" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of an external reference." + "@value": "directDownload" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The file represents a single file (default)." + "@value": "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom\nLicense Addition to its URI ID." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "file" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." + "@value": "Identifies the full text of a License, in SPDX templating format." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "swhid" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bundle", + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -4134,12 +4355,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A collection of Elements that have a shared context." + "@value": "A license or addition that is not listed on the SPDX License List." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -4149,12 +4370,12 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N8f4b130d97fd4ea59197c4f4ee29325b" + "@id": "_:N8a001b06f8f846f58ca16289c8bb98e9" } ] }, { - "@id": "_:N8f4b130d97fd4ea59197c4f4ee29325b", + "@id": "_:N8a001b06f8f846f58ca16289c8bb98e9", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -4162,6 +4383,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -4172,101 +4400,123 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/context" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The file represents a directory and all content stored in that directory." + "@value": "The `from` Element is documented by each `to` Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "directory" + "@value": "hasDocumentation" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)." + "@value": "This individual element was defined by the spec." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ { - "@value": "hasVariant" + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element provides a requirement needed as input for another Element" + "@value": "data is video based, such as a collection of movie clips featuring Tom Hanks." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "requirement" + "@value": "video" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a numerical (0-10) representation of the severity of a vulnerability." + "@value": "An Individual Value for Element representing a set of Elements with\ncardinality (number/count) of zero." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneElement" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data type is not known." + "@value": "Provides a set of values to be used to describe the common types of SBOMs that\ntools may create." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provide consumers with comments by the creator of the Element about the\nElement." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "noAssertion" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -4274,410 +4524,341 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is a descendant of each `to` Element." + "@value": "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "descendantOf" + "@value": "delegatedTo" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specified the time and date when a vulnerability was withdrawn." + "@value": "Describes what the given dataset should be used for." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Annotation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An assertion made in relation to one or more elements." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@value": "The `from` Element is amended by each `to` Element." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N31777364e1b2457a8465887f9b803aa0" - }, - { - "@id": "_:Nd35b310133e647fd8d2b51c862b26e9b" - }, - { - "@id": "_:N00bb830fd1be4237943796ef5c2a3757" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:Nae03077299b9421a808a3180dac825be" + "@value": "amendedBy" } ] }, { - "@id": "_:N31777364e1b2457a8465887f9b803aa0", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" - } - ], - "http://www.w3.org/ns/shacl#in": [ - { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review" - } - ] - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "The Element is a test used to verify functionality on an software element." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/annotationType" + "@value": "test" } ] }, { - "@id": "_:Nd35b310133e647fd8d2b51c862b26e9b", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#Literal" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" + "@language": "en", + "@value": "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification." } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "^[^\\/]+\\/[^\\/]+$" + "@value": "packageUrl" } ] }, { - "@id": "_:N00bb830fd1be4237943796ef5c2a3757", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "The Element is used to install software on disk." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/statement" + "@value": "install" } ] }, { - "@id": "_:Nae03077299b9421a808a3180dac825be", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject" + "@value": "scrapingScript" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has been tested on the `to` Element(s)." + "@value": "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "testedOn" + "@value": "securityThreatModel" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies whether an additional text identifier has been marked as deprecated." + "@value": "Provides information about the content type of an Element or a Property." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the artifact is in active development and is not considered ready for formal support from the supplier." + "@value": "A reference to a certification report for a package from an accredited/independent body." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "development" + "@value": "certificationReport" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/completeness", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license that is listed on the SPDX License List." + "@value": "Provides information about the completeness of relationships." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "the element follows the Dataset profile specification" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N7cd189e8be9f4dc5815f9e81ae3ce820" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N80aa1cda37ae4cd581e891c827cc0c9b" + "@value": "dataset" } ] }, { - "@id": "_:N7cd189e8be9f4dc5815f9e81ae3ce820", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion" + "@value": "hasOptionalComponent" } ] }, { - "@id": "_:N80aa1cda37ae4cd581e891c827cc0c9b", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Agent represents anything with the potential to act on a system." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded" + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "MD5 message-digest algorithm, as defined in [RFC 1321](https://www.rfc-editor.org/info/rfc1321)." + "@value": "Identify the version of a package." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "md5" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A license addition that is not listed on the SPDX Exceptions List." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + "@value": "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@value": "clickthrough" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "CISA's Known Exploited Vulnerability (KEV) Catalog" + "@value": "An Individual Value for License where the SPDX data creator determines that no\nlicense is present." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2002/07/owl#sameAs": [ { - "@value": "kev" + "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/None" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the dataset is publicly available and can be downloaded directly." + "@value": "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "directDownload" + "@value": "design" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "@type": [ "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A distinct article or unit related to Software." + "@value": "Describes a relationship between one or more elements." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -4687,238 +4868,281 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nbeb07c201dcf458a8bacc413d6353a84" + "@id": "_:Nc7934e8be9ac4597a30ceb464f3d5037" + }, + { + "@id": "_:N2d48f33c49aa4655a422188c69928cd8" }, { - "@id": "_:Nbc97f2b119224f25b65ca35df6aed4ac" + "@id": "_:N45063856b753439d8cf82d7fee02490e" }, { - "@id": "_:N674fac0430d5459bb0cf490a90f57434" + "@id": "_:N51e95bcda10e477fb13d33c114b9440e" }, { - "@id": "_:Nf9e1cd864d7e4d62b6f36ad3092f833f" + "@id": "_:N54056810820d48cf8ab5b16acee5b46e" }, { - "@id": "_:Ne60b00694aa94f8baccf10e2402fd155" + "@id": "_:N5c04e2eaeb8d44b48535608e5aed9b28" } ] }, { - "@id": "_:Nbeb07c201dcf458a8bacc413d6353a84", + "@id": "_:Nc7934e8be9ac4597a30ceb464f3d5037", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from" + } + ] + }, + { + "@id": "_:N2d48f33c49aa4655a422188c69928cd8", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to" + } + ] + }, + { + "@id": "_:N45063856b753439d8cf82d7fee02490e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test" - } - ] - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose" - } - ] - }, - { - "@id": "_:Nbc97f2b119224f25b65ca35df6aed4ac", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" - } - ], - "http://www.w3.org/ns/shacl#in": [ - { - "@list": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation" + }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool" } ] } ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#IRI" @@ -4926,38 +5150,60 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType" } ] }, { - "@id": "_:N674fac0430d5459bb0cf490a90f57434", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N51e95bcda10e477fb13d33c114b9440e", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion" + } + ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/completeness" } ] }, { - "@id": "_:Nf9e1cd864d7e4d62b6f36ad3092f833f", + "@id": "_:N54056810820d48cf8ab5b16acee5b46e", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -4967,165 +5213,198 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/attributionText" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/startTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "_:Ne60b00694aa94f8baccf10e2402fd155", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:N5c04e2eaeb8d44b48535608e5aed9b28", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + "@value": "The Element is a software framework." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha3_384" + "@value": "framework" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service." + "@value": "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "deployed" + "@value": "md4" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)" + "@value": "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "blake3" + "@value": "hasOutput" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/annotationType", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The class that helps note down the quantity of energy consumption and the unit\nused for measurement." + "@value": "Describes the type of annotation." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "_:N5fcfc42501ef49e3a11c0aa014fe8328" - }, + "@language": "en", + "@value": "Makes no assertion about the field." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N54bbd788f8cb43d29b11808f85787e58" + "@value": "noAssertion" } ] }, { - "@id": "_:N5fcfc42501ef49e3a11c0aa014fe8328", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Annotation", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "An assertion made in relation to one or more elements." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity" + "@id": "_:N1599c92508f549eeadacc4250040a171" + }, + { + "@id": "_:N5448c070514c428eaa4d89cbdbc61908" + }, + { + "@id": "_:N943f36b7c5ef4596ab447543bb558d7e" + }, + { + "@id": "_:Nfa8ad30b19ec414288e9039e2e1f534e" } ] }, { - "@id": "_:N54bbd788f8cb43d29b11808f85787e58", + "@id": "_:N1599c92508f549eeadacc4250040a171", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review" } ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -5136,161 +5415,90 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDataFile" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasAddedFile" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/annotationType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "@id": "_:N5448c070514c428eaa4d89cbdbc61908", + "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/domain", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Captures the domain in which the AI package can be used." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/ns/shacl#Literal" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#pattern": [ { - "@value": "vulnerableCodeNotInExecutePath" + "@value": "^[^\\/]+\\/[^\\/]+$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "@id": "_:N943f36b7c5ef4596ab447543bb558d7e", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "support" + "@id": "http://www.w3.org/ns/shacl#Literal" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Information about the relationship between two Elements." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/statement" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "@id": "_:Nfa8ad30b19ec414288e9039e2e1f534e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "sha3_224" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Dataset may be distributed freely, without restriction." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "clear" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject" } ] }, @@ -5313,145 +5521,144 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)." + "@value": "Property describes the invocation entrypoint of a build." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasDeletedFile" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies until when the artifact can be used before its usage needs to be\nreassessed." + "@value": "A buildType is a hint that is used to indicate the toolchain, platform, or\ninfrastructure that the build was invoked on." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[Kyber](https://pq-crystals.org/kyber/)" + "@value": "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "crystalsKyber" + "@value": "hasRequirement" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM." + "@value": "A collection of Elements, not necessarily with unifying context." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "runtime" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "the Element is a machine learning or artificial intelligence model" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "model" + "@id": "_:N482bb00385844dc6b842a414c6156a37" + }, + { + "@id": "_:N56610830d7ac4b88becc196329620d76" + }, + { + "@id": "_:N8ec3a357913b4e8f9be6010fede1f88b" + }, + { + "@id": "_:N04198a73e7ea442393c03cfc23850af1" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N482bb00385844dc6b842a414c6156a37", + "http://www.w3.org/ns/shacl#message": [ { "@language": "en", - "@value": "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends." + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#not": [ { - "@value": "graph" + "@id": "_:Nc9e50174e3d448448737206a174eb9e1" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "the Element is a software framework" + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + ] + }, + { + "@id": "_:Nc9e50174e3d448448737206a174eb9e1", + "http://www.w3.org/ns/shacl#hasValue": [ { - "@value": "framework" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "@id": "_:N56610830d7ac4b88becc196329620d76", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A license exception that is listed on the SPDX Exceptions list." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element" + } + ] + }, + { + "@id": "_:N8ec3a357913b4e8f9be6010fede1f88b", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -5459,198 +5666,229 @@ "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nd95a627714ad42e4adb7d1bf83c642a4" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N41b858cb90c34188b2fa16e9695ef2c0" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement" } ] }, { - "@id": "_:Nd95a627714ad42e4adb7d1bf83c642a4", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N04198a73e7ea442393c03cfc23850af1", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#in": [ { - "@value": 1 + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite" + } + ] } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance" } ] }, { - "@id": "_:N41b858cb90c34188b2fa16e9695ef2c0", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "The Element is a software manifest." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded" + "@value": "manifest" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines." + "@value": "A reference to the documentation for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "trackStar" + "@value": "documentation" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships." + "@value": "Identifies who or what created the Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "fixedIn" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/name", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the name of an Element as designated by the creator." + "@value": "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "md5" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion." + "@value": "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@value": "swid" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the download Uniform Resource Identifier for the package at the time\nthat the document was created." + "@value": "Indicates presence of the field." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "yes" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Enumeration of dataset types." + "@value": "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "limitedSupport" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during an element's build phase, during development." + "@value": "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "build" + "@value": "hasDeclaredLicense" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies who or what created the Element." + "@value": "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + "@value": "sha224" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -5658,52 +5896,52 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)." + "@value": "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasExample" + "@value": "hasEvidence" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes a sensor used for collecting the data." + "@value": "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@value": "timestamp" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to an alternative web page." + "@value": "Specifies whether the License is listed as free by the\nFree Software Foundation (FSF)." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "altWebPage" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -5711,57 +5949,87 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an SSVC assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + "@value": "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element." } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N1d9d3c8305a94173942d5d6a8c854d77" + "@id": "_:Nb231c2e250ea41fa9d72b8605352f378" + }, + { + "@id": "_:N6097953061744c33b80298571399ff7c" + }, + { + "@id": "_:N10108a0536bb489f88b2fe61aae33caa" + }, + { + "@id": "_:Nbba9abfd6a68448dbef334e60ce75826" + }, + { + "@id": "_:N51eef082985242c7aad70e82f553a639" } ] }, { - "@id": "_:N1d9d3c8305a94173942d5d6a8c854d77", + "@id": "_:Nb231c2e250ea41fa9d72b8605352f378", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme" } ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -5772,193 +6040,307 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/decisionType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endTime", + "@id": "_:N6097953061744c33b80298571399ff7c", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifier" + } + ] + }, + { + "@id": "_:N10108a0536bb489f88b2fe61aae33caa", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + } + ] + }, + { + "@id": "_:Nbba9abfd6a68448dbef334e60ce75826", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator" + } + ] + }, + { + "@id": "_:N51eef082985242c7aad70e82f553a639", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the time from which an element is no longer applicable / valid." + "@value": "A reference to instructions for reporting newly discovered security vulnerabilities for a package." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@value": "securityPolicy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/prefix", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Represents the energy quantity." + "@value": "A substitute for a URI." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a software application" + "@value": "Indicates absence of the field." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "application" + "@value": "no" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element is data" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "data" + "@value": "Categories of presence or absence." } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the amount of energy consumed during inference time by an AI model\nthat is being used in the AI system." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + "@value": "Specifies the type of an external identifier." } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition." + "@value": "This individual element was defined by the spec." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/Organization" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides the license under which the SPDX documentation of the Element can be\nused." + "@value": "An Organization representing the SPDX Project." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2002/07/owl#sameAs": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@id": "https://spdx.org/" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance." + "@value": "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/standardName", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The name of a relevant standard that may apply to an artifact." + "@value": "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "amber" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "References an Element on the right-hand side of a relationship." + "@value": "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "sha3_512" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Sbom", "@type": [ "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Base domain class from which all other SPDX-3.0 domain classes derive." + "@value": "A collection of SPDX Elements describing a single package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bom" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -5968,504 +6350,538 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N4c19a42281e443c1909e7887700bbb32" - }, - { - "@id": "_:N58d2b37a2b724395ae94d1b9013ea10e" - }, - { - "@id": "_:N78201280f92a4e5f903065d77ea1aa4c" - }, - { - "@id": "_:N4333e5b9b6ad416cadabf7c353eca58f" - }, - { - "@id": "_:N2f5b83f916864331ab6c8331e569c2ba" - }, - { - "@id": "_:N852456b6d8f84baeb49e0a2c42ee1c49" - }, - { - "@id": "_:N52f971b17c794ad9a500d1ceffaf56f2" - }, - { - "@id": "_:N508148db6aa744e1bf401c5024152569" - }, - { - "@id": "_:N4a56ff6d7c864c72baaccc66766960da" + "@id": "_:N7f4bec2d3c5e42af9f82b5964d720ac9" } ] }, { - "@id": "_:N4c19a42281e443c1909e7887700bbb32", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N7f4bec2d3c5e42af9f82b5964d720ac9", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#in": [ { - "@value": 1 + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed" + } + ] } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/name" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sbomType" } ] }, { - "@id": "_:N58d2b37a2b724395ae94d1b9013ea10e", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes methods that can be used to explain the results from the AI model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@value": "hasProvidedDependency" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/summary" + "@language": "en", + "@value": "the element follows the Build profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "build" } ] }, { - "@id": "_:N78201280f92a4e5f903065d77ea1aa4c", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/", + "@type": [ + "http://www.w3.org/2002/07/owl#Ontology" + ], + "http://purl.org/dc/terms/abstract": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "This ontology defines the terms and relationships used in the SPDX specification to describe system packages" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://purl.org/dc/terms/created": [ { - "@value": 1 + "@type": "http://www.w3.org/2001/XMLSchema#date", + "@value": "2024-04-05" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://purl.org/dc/terms/creator": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "SPDX Project" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://purl.org/dc/terms/license": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/description" + "@id": "https://spdx.org/licenses/Community-Spec-1.0.html" } - ] - }, - { - "@id": "_:N4333e5b9b6ad416cadabf7c353eca58f", - "http://www.w3.org/ns/shacl#datatype": [ + ], + "http://purl.org/dc/terms/references": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.dev/specifications/" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://purl.org/dc/terms/title": [ { - "@value": 1 + "@language": "en", + "@value": "System Package Data Exchange (SPDX) Ontology" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "System Package Data Exchange (SPDX) Ontology" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2002/07/owl#versionIRI": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + "@id": "https://spdx.org/rdf/3.0.1/terms/" } - ] - }, - { - "@id": "_:N2f5b83f916864331ab6c8331e569c2ba", - "http://www.w3.org/ns/shacl#class": [ + ], + "https://www.omg.org/spec/Commons/AnnotationVocabulary/copyright": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + "@language": "en", + "@value": "Copyright (C) 2024 SPDX Project" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A distinct article or unit within the digital domain." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo" + "@id": "_:N7cd9750385bc4a599bec4444bf204571" + }, + { + "@id": "_:N672fab4a7fc044949e885d5809f89577" + }, + { + "@id": "_:Nc045fbbe74684a038b56bd5c153fdabf" + }, + { + "@id": "_:Ne69badf11b7147abb2046a897c76c730" + }, + { + "@id": "_:N41c9b9a507de47d4a519c0b6be4c3019" + }, + { + "@id": "_:Nc05a6979941045b19ff160e0990b67c9" + }, + { + "@id": "_:N83e7170013b548ba92e291f418b50a47" + }, + { + "@id": "_:N69f1d00a23cc4b8e8a94de780133c16f" } ] }, { - "@id": "_:N852456b6d8f84baeb49e0a2c42ee1c49", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:N7cd9750385bc4a599bec4444bf204571", + "http://www.w3.org/ns/shacl#message": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#not": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "_:Nd4b49a969b8f429da92f35fcb6ed199d" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing" + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } ] }, { - "@id": "_:N52f971b17c794ad9a500d1ceffaf56f2", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" - } - ], - "http://www.w3.org/ns/shacl#path": [ + "@id": "_:Nd4b49a969b8f429da92f35fcb6ed199d", + "http://www.w3.org/ns/shacl#hasValue": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRef" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" } ] }, { - "@id": "_:N508148db6aa744e1bf401c5024152569", + "@id": "_:N672fab4a7fc044949e885d5809f89577", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy" } ] }, { - "@id": "_:N4a56ff6d7c864c72baaccc66766960da", + "@id": "_:Nc045fbbe74684a038b56bd5c153fdabf", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/extension" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Ne69badf11b7147abb2046a897c76c730", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "A software agent." + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "the Element is a single or a collection of source files" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/builtTime" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#pattern": [ { - "@value": "source" + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N41c9b9a507de47d4a519c0b6be4c3019", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "When a CVSS score is between 0.1 - 3.9" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "low" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Enumeration of the different kinds of SPDX file." + "@id": "http://www.w3.org/ns/shacl#Literal" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/homePage", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "A place for the SPDX document creator to record a website that serves as the\npackage's home page." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#pattern": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespace", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:Nc05a6979941045b19ff160e0990b67c9", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Provides an unambiguous mechanism for conveying a URI fragment portion of an\nElement ID." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "http://www.w3.org/ns/shacl#Literal" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#pattern": [ { - "@value": "hasDeclaredLicense" + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N83e7170013b548ba92e291f418b50a47", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Records a hyperparameter used to build the AI model contained in the AI\npackage." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/standardName" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N69f1d00a23cc4b8e8a94de780133c16f", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#in": [ { - "@value": "attend" + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion" + } + ] } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/key", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A key used in a generic key-value pair." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies an Element contained in a piece of software where a vulnerability was\nfound." + "@value": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "inlineMitigationsAlreadyExist" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metric", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property that describes the time at which a build stops." + "@value": "Records the measurement of prediction quality of the AI model." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The relative file name of a file to be excluded from the\n`PackageVerificationCode`." + "@value": "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "other" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply." + "@value": "Other exploit catalogs" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@value": "other" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/catalogType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Specifies the exploit catalog type." } ], - "http://www.w3.org/ns/shacl#property": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:Nbd25b58e97b146dbb21f2641cadfecca" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" } ] }, { - "@id": "_:Nbd25b58e97b146dbb21f2641cadfecca", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 2 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "no assertion about the type of support is made. This is considered the default if no other support type is used." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member" + "@value": "noAssertion" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -6473,40 +6889,48 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies a vulnerability and its associated information." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + "@value": "Provides information about the creation of the Element." } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N3f869e99b2ba48b89af03eacf9b9bf26" + "@id": "_:N7731592841b44d1f9105c81c87ead7bb" + }, + { + "@id": "_:Nabdb0a76ad4947e4993004af784ba9b7" + }, + { + "@id": "_:N142a867c450d484d86db550e64996345" }, { - "@id": "_:N82d93ef24b334a1bbb035e97623cd248" + "@id": "_:Nb358c8f5280a4bcb8f424632e755e642" }, { - "@id": "_:Nd59faf03f051496f8e9e82c610a67d89" + "@id": "_:N826a427a992d4c63a9b10b25d7bb37d2" } ] }, { - "@id": "_:N3f869e99b2ba48b89af03eacf9b9bf26", + "@id": "_:N7731592841b44d1f9105c81c87ead7bb", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -6517,24 +6941,25 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/specVersion" } ], "http://www.w3.org/ns/shacl#pattern": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@value": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" } ] }, { - "@id": "_:N82d93ef24b334a1bbb035e97623cd248", + "@id": "_:Nabdb0a76ad4947e4993004af784ba9b7", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -6545,17 +6970,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime" - } - ], - "http://www.w3.org/ns/shacl#pattern": [ - { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" } ] }, { - "@id": "_:Nd59faf03f051496f8e9e82c610a67d89", + "@id": "_:N142a867c450d484d86db550e64996345", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" @@ -6563,6 +6983,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -6573,7 +7000,7 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/created" } ], "http://www.w3.org/ns/shacl#pattern": [ @@ -6583,120 +7010,49 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes relevant information about different steps of the training process." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nb358c8f5280a4bcb8f424632e755e642", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "An element of hardware and/or software utilized to carry out a particular function." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#IRI" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes the confidentiality level of the data points contained in the dataset." - } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records the biases that the dataset is known to encompass." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "@id": "_:N826a427a992d4c63a9b10b25d7bb37d2", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Element represents a runtime environment" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "platform" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" @@ -6704,115 +7060,86 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`." + "@value": "A reference to a static analysis report for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "mavenCentral" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "staticAnalysisReport" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/locator", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A value used in a CdxPropertyEntry name-value pair." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A License participating in an 'or later' model." + "@value": "Provides the location of an exploit catalog." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Information about the relationship between two Elements." + "@value": "A relationship has specific context implications during an element's design." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "@value": "design" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRef", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Megajoule." + "@value": "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "megajoule" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the SSVC decision type." + "@value": "Identifies who or what supplied the artifact or VulnAssessmentRelationship\nreferenced by the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -6820,30 +7147,135 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability." + "@value": "An SPDX version 2.X compatible verification method for software packages." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N6bba2de989194f029aea10dfdcb043f6" + "@id": "_:Nc8909d7de8dc47cb82651301dd403cf5" + }, + { + "@id": "_:N9d2d3f5922e74c2ea3e0b15c523461bb" }, { - "@id": "_:Nfa5b0e0676334f19be192beeaf683022" + "@id": "_:N4fc5b94e528a42f7afe6c41473174094" + } + ] + }, + { + "@id": "_:Nc8909d7de8dc47cb82651301dd403cf5", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm" } ] }, { - "@id": "_:N6bba2de989194f029aea10dfdcb043f6", + "@id": "_:N9d2d3f5922e74c2ea3e0b15c523461bb", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -6851,6 +7283,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -6861,15 +7300,15 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue" } ] }, { - "@id": "_:Nfa5b0e0676334f19be192beeaf683022", + "@id": "_:N4fc5b94e528a42f7afe6c41473174094", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -6879,161 +7318,186 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/statement", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Commentary on an assertion that an annotator has made." } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An SPDX Element containing an SPDX license expression string." + "@value": "A License participating in an 'or later' model." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Ndf7bc2e369a84f2895d4533e51e99738" - }, - { - "@id": "_:Nab3a2a4f1f2a432098096c92f7b68fc8" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:Ndb3f359b3020426face20fe429a35912" + "@value": "urlScheme" } ] }, { - "@id": "_:Ndf7bc2e369a84f2895d4533e51e99738", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "the element follows the ExpandedLicensing profile specification" } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "expandedLicensing" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Describes one a profile which the creator of this ElementCollection intends to\nconform to." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" } ] }, { - "@id": "_:Nab3a2a4f1f2a432098096c92f7b68fc8", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A reference to the release notes for a package." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@value": "releaseNotes" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/key", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion" + "@language": "en", + "@value": "A key used in a generic key-value pair." } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:Ndb3f359b3020426face20fe429a35912", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/description", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@language": "en", + "@value": "Provides a detailed description of the Element." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact." + "@value": "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "design" + "@value": "hasDynamicLink" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the mailing list used by the maintainer for a package." + "@value": "Provides a numerical (0-10) representation of the severity of a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "mailingList" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -7041,51 +7505,63 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period." + "@value": "The `from` Element has manifest files that contain dependency information in each `to` Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "configures" + "@value": "hasDependencyManifest" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records the time when a recommended action was communicated in a VEX statement\nto mitigate a vulnerability." + "@value": "Provides a place for the SPDX data creator to record the package URL string\n(in accordance with the Package URL specification) for a software Package." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the creation of the Element." + "@value": "Categories of confidentiality level." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Represents the energy quantity." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -7093,827 +7569,1006 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period." + "@value": "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasStaticLink" + "@value": "patchedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license." + "@value": "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasConcludedLicense" + "@value": "blake3" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies whether the License is listed as free by the\nFree Software Foundation (FSF)." + "@value": "Specifies the type of the external reference." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is audio based, such as a collection of music from the 80s." + "@value": "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "audio" + "@value": "usesTool" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack." + "@value": "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "vulnerableCodeCannotBeControlledByAdversary" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A LicenseAddition participating in a 'with addition' model." + "@value": "Kilowatt-hour." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + "@value": "kilowattHour" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends." + "@value": "Used to associate a `from` Artifact with each `to` Vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "timestamp" + "@value": "hasAssociatedVulnerability" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An Individual Value for Element representing a set of Elements of unknown\nidentify or cardinality (number)." + "@value": "Enumeration of dataset types." } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@language": "en", + "@value": "A reference to additional license information related to an artifact." } ], - "http://www.w3.org/2002/07/owl#sameAs": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement" + "@value": "license" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Asbtract ancestor class for all VEX relationships" + "@value": "Specifies the type of an annotation." } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + "@language": "en", + "@value": "Specifies the safety risk level." } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "A License participating in a 'with addition' model." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N23954f44594140d1b35bad2e392034b9" - }, + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:N56a2290993de402f8ccbee297ddbc624" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" } ] }, { - "@id": "_:N23954f44594140d1b35bad2e392034b9", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "The Element is data." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "data" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion" + "@value": "cwe" } ] }, { - "@id": "_:N56a2290993de402f8ccbee297ddbc624", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@value": "hasDeletedFile" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes" + "@language": "en", + "@value": "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness." } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[FALCON](https://falcon-sign.info/falcon.pdf)" + "@value": "The Element is an archived collection of one or more files (.tar, .zip, etc.)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "falcon" + "@value": "archive" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Organization", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to an alternative download location." + "@value": "A group of people who work together in an organized way for a shared purpose." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "altDownloadLocation" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locationHint", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/import", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an indication of where to retrieve an external Element." + "@value": "Provides an ExternalMap of Element identifiers." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period." + "@value": "Specifies whether a license or additional text identifier has been marked as\ndeprecated." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "usesTool" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of the external reference." + "@value": "Contains a URL where the License or LicenseAddition can be found in use." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/byteRange", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the safety risk level." + "@value": "Defines the byte range in the original host file that the snippet information\napplies to." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/exploited", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period." + "@value": "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasTest" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Captures a standard that is being complied with." + "@value": "Provides the location for more information regarding an external identifier." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a Software Composition Analysis (SCA) report." + "@value": "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "componentAnalysisReport" + "@value": "invokedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the CVSS base, temporal, threat, or environmental severity type." + "@value": "Timestamp of impact statement." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records if sensitive personal information is used during model training or\ncould be used during the inference." + "@value": "Provides a reference number that can be used to understand how to parse and\ninterpret an Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period." + "@value": "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasInput" + "@value": "blake2b512" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[Dilithium](https://pq-crystals.org/dilithium/)" + "@value": "data is of a type not included in this list." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "crystalsDilithium" + "@value": "other" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/exploited", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog." + "@value": "Abstract class for the portion of an AnyLicenseInfo representing a license." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A reference to the release notes for a package." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "releaseNotes" + "@id": "_:Nfa471bceb89b4edaa32262f73d08f93f" + }, + { + "@id": "_:Ndae7379c02584fffb6506e7a8828e22a" + }, + { + "@id": "_:N3e29af3bed3d478b8963ae1822aa1c32" + }, + { + "@id": "_:N5cddeb9dcb2146139887c2fd1e84cfa9" + }, + { + "@id": "_:N4917b1e13e4948c3ba296ae65637fe94" + }, + { + "@id": "_:Nf6895f10a25a4c93bebd86ffcf1880aa" + }, + { + "@id": "_:N648f9ffbb9ba43b6aab8f8d5f154cc28" + }, + { + "@id": "_:N6c7a51ed84ac4676a3ba3d01dc04d315" + }, + { + "@id": "_:Nb0cacc9c6dba43949be9de7002ca8e9d" + }, + { + "@id": "_:N9b60d6fcf46f4094acac3c7d16abd05f" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nfa471bceb89b4edaa32262f73d08f93f", + "http://www.w3.org/ns/shacl#message": [ { "@language": "en", - "@value": "References the Element on the left-hand side of a relationship." + "@value": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#not": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@id": "_:N7f0fc372e3a741e5a8bb04b1ae7a2456" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#path": [ { - "@language": "en", - "@value": "Specifies the level of support associated with an artifact." + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + ] + }, + { + "@id": "_:N7f0fc372e3a741e5a8bb04b1ae7a2456", + "http://www.w3.org/ns/shacl#hasValue": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "@id": "_:Ndae7379c02584fffb6506e7a8828e22a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "vulnerabilityDisclosureReport" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless)." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "other" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "@id": "_:N3e29af3bed3d478b8963ae1822aa1c32", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A reference to a risk assessment for a package." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "riskAssessment" + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Snippet", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N5cddeb9dcb2146139887c2fd1e84cfa9", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "Describes a certain part of a file." + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N8d491d7852ff4e22bc55ceee52d6acab" - }, - { - "@id": "_:N6433086de7c749dc8a7dbe53e484018c" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N902104e76952430498ddeb7b1464b8e5" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre" } ] }, { - "@id": "_:N8d491d7852ff4e22bc55ceee52d6acab", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:N4917b1e13e4948c3ba296ae65637fe94", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/byteRange" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved" } ] }, { - "@id": "_:N6433086de7c749dc8a7dbe53e484018c", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:Nf6895f10a25a4c93bebd86ffcf1880aa", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/lineRange" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml" } ] }, { - "@id": "_:N902104e76952430498ddeb7b1464b8e5", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:N648f9ffbb9ba43b6aab8f8d5f154cc28", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "@id": "_:N6c7a51ed84ac4676a3ba3d01dc04d315", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasTestCase" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nb0cacc9c6dba43949be9de7002ca8e9d", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "sha3_256" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "republishedBy" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N9b60d6fcf46f4094acac3c7d16abd05f", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "Agent represents anything with the potential to act on a system." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The third-highest level of risk posed by an AI system." + "@value": "A reference to a resource outside the scope of SPDX-3.0 content related to an Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "medium" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N8114becca8804d67bed986f971629c1c" + }, + { + "@id": "_:N5c84929041474695a6ed261ce7b4ad19" + }, + { + "@id": "_:N46c085d9b83f4ef3b53633491f4e362a" + }, + { + "@id": "_:N0921a60ce67049798ca7d56bcdec6dab" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N8114becca8804d67bed986f971629c1c", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#in": [ { - "@language": "en", - "@value": "Describes a mechanism to update the dataset." + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment" + } + ] } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/attributionText", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N5c84929041474695a6ed261ce7b4ad19", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "A key with an associated value." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nbf925889bed944f6a9625f5002eac9e7" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:Na6e06700eb334c7e9cf7ac3acded65cd" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locator" } ] }, { - "@id": "_:Nbf925889bed944f6a9625f5002eac9e7", + "@id": "_:N46c085d9b83f4ef3b53633491f4e362a", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -7921,11 +8576,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -7936,12 +8587,17 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/key" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^[^\\/]+\\/[^\\/]+$" } ] }, { - "@id": "_:Na6e06700eb334c7e9cf7ac3acded65cd", + "@id": "_:N0921a60ce67049798ca7d56bcdec6dab", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -7949,6 +8605,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -7959,469 +8616,274 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/value" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifier", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Uniquely identifies an external element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bom", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bundle" + "@value": "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@value": "reportedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespace", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A string in the license expression format." + "@value": "Provides an unambiguous mechanism for conveying a URI fragment portion of an\nElement ID." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/scope", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc." + "@value": "Capture the scope of information about a specific relationship between elements." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "diskImage" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A collection of Elements, not necessarily with unifying context." + "@value": "A license addition that is not listed on the SPDX Exceptions List." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nfc98a7f1060c4724ba55be573ade03fb" - }, - { - "@id": "_:N17932823cc684487ab9a936881894fef" - }, - { - "@id": "_:Nc4e586bf90034937b2f3108f7b50fd4b" - } - ] - }, - { - "@id": "_:Nfc98a7f1060c4724ba55be573ade03fb", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element" - } - ] - }, - { - "@id": "_:N17932823cc684487ab9a936881894fef", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement" - } - ] - }, - { - "@id": "_:Nc4e586bf90034937b2f3108f7b50fd4b", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" - } - ], - "http://www.w3.org/ns/shacl#in": [ - { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite" - } - ] + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#IRI" } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "inlineMitigationsAlreadyExist" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDynamicLink" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies who or what supplied the artifact or VulnAssessmentRelationship\nreferenced by the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" - } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification." + "@value": "This individual element was defined by the spec." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ { - "@value": "packageUrl" + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during an element's design." + "@value": "The Element refers to a chipset, processor, or electronic board." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "design" + "@value": "device" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/lineRange", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Build profile specification" + "@value": "Defines the line range in the original host file that the snippet information\napplies to." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "build" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a plan, guideline or strategy how to create, perform or analyse an application" + "@value": "Property that describes the URI of the build configuration source file." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "specification" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "@type": [ "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the unit of energy consumption." + "@value": "Provides information about the primary purpose of an Element." } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used when there is a security related identifier of unspecified type." + "@value": "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityOther" + "@value": "build" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "When a CVSS score is between 7.0 - 8.9" + "@value": "The highest level of risk posed by an AI system." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "high" + "@value": "serious" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the software support channel or other support information for a package." + "@value": "A type of extension consisting of a list of name value pairs." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "support" + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#property": [ { - "@value": "hasOptionalDependency" + "@id": "_:N72245f846f4c4a56aaff12fd8a595f1b" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N72245f846f4c4a56aaff12fd8a595f1b", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "Specifies the version of a VEX statement." + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Low/no risk is posed by an AI system." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "low" + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element", "@type": [ "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "Base domain class from which all other SPDX-3.0 domain classes derive." } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -8431,27 +8893,66 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nc68fecf09db94d8496e762b7c7b9be45" + "@id": "_:Naba532c8417a4c379b511d2a06a9d2fe" + }, + { + "@id": "_:Ndf3547c4313b46d5a449051395fdc15f" + }, + { + "@id": "_:Nfc923ccf1ea740df81bd77a3cddf7027" }, { - "@id": "_:Ndaadee2758d7471882687cae281ab7ba" + "@id": "_:N066a871ed8d14e67989e39b2bd55c848" }, { - "@id": "_:Nb7903557c62244b58b8ad8f6ea84285c" + "@id": "_:N3198c8321a1240af8c99caf34a2348ae" }, { - "@id": "_:N44951f0b8deb4638872837c5fb425f46" + "@id": "_:N6d18b467590e4ae986b20549403ebfc4" }, { - "@id": "_:Ncea398279e5543b1b11ea176007febd7" + "@id": "_:N5062d561da4648989b12854ee210a870" }, { - "@id": "_:Nf215537efb9440d8ab0c3a1e73eb7f58" + "@id": "_:Ncae5f5c7bcc644478c0d7931eff17663" + }, + { + "@id": "_:N1732a010a6e64fbbb5091d00bdf2e390" + }, + { + "@id": "_:Nb873ceb870fd443ea791544deae8e0ea" + } + ] + }, + { + "@id": "_:Naba532c8417a4c379b511d2a06a9d2fe", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:Nc909d96b399d4098a1f291c2e4c67299" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:Nc909d96b399d4098a1f291c2e4c67299", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ] }, { - "@id": "_:Nc68fecf09db94d8496e762b7c7b9be45", + "@id": "_:Ndf3547c4313b46d5a449051395fdc15f", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -8459,11 +8960,31 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/name" + } + ] + }, + { + "@id": "_:Nfc923ccf1ea740df81bd77a3cddf7027", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -8474,19 +8995,20 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/summary" } ] }, { - "@id": "_:Ndaadee2758d7471882687cae281ab7ba", + "@id": "_:N066a871ed8d14e67989e39b2bd55c848", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -8497,12 +9019,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/description" } ] }, { - "@id": "_:Nb7903557c62244b58b8ad8f6ea84285c", + "@id": "_:N3198c8321a1240af8c99caf34a2348ae", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -8510,6 +9032,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -8520,265 +9043,283 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" } ] }, { - "@id": "_:N44951f0b8deb4638872837c5fb425f46", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N6d18b467590e4ae986b20549403ebfc4", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo" } ] }, { - "@id": "_:Ncea398279e5543b1b11ea176007febd7", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N5062d561da4648989b12854ee210a870", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing" } ] }, { - "@id": "_:Nf215537efb9440d8ab0c3a1e73eb7f58", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:Ncae5f5c7bcc644478c0d7931eff17663", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": 1 + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRef" + } + ] + }, + { + "@id": "_:N1732a010a6e64fbbb5091d00bdf2e390", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "@id": "_:Nb873ceb870fd443ea791544deae8e0ea", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://www.rfc-editor.org/info/rfc6234)." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "sha512" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/extension" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "When a CVSS score is between 9.0 - 10.0" + "@value": "The class that helps note down the quantity of energy consumption and the unit\nused for measurement." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N49573a6d817241a29c43c15a2355169a" + }, { - "@value": "critical" + "@id": "_:Nf56f6c0a984245cebdfaf7de7413c7fa" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "@id": "_:N49573a6d817241a29c43c15a2355169a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "the element follows the Dataset profile specification" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "dataset" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "the Element is a container image which can be used by a container runtime application" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "container" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "@id": "_:Nf56f6c0a984245cebdfaf7de7413c7fa", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#in": [ { - "@language": "en", - "@value": "Availability of dataset." + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other" + } + ] } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/summary", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A short description of an Element." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "analyzed" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the full text of a LicenseAddition." + "@value": "Describes the type of the given dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "No assertion can be made about the completeness of the relationship." + "@value": "Specifies the level of support associated with an artifact." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "noAssertion" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/value", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Used when the type does not match any of the other options." + "@value": "A value used in a generic key-value pair." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "other" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", "@type": [ "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Identifies the tooling that was used during the creation of the Element." + "@value": "Describes a sensor used for collecting the data." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -8786,12 +9327,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies a data package and its associated information." + "@value": "A license exception that is listed on the SPDX Exceptions list." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -8801,53 +9342,26 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nf336cd620cf04373a4e83db96820f17d" + "@id": "_:N2aca376e7fa643248d0ae1615af9bc14" }, { - "@id": "_:N64fc1b4a54654e0988a8e6710599a297" - }, - { - "@id": "_:N6dd771f4849d4e68a9a4136b391be203" - }, - { - "@id": "_:N375265aad98b4320b8508b7e62d509c8" - }, - { - "@id": "_:N03b894ce4ba740e9a5e7c08dd6926732" - }, - { - "@id": "_:N56f01879123844839ed853ba3df3d7c3" - }, - { - "@id": "_:N2d742e04677e40cda0ef3609598358a1" - }, - { - "@id": "_:N8fe0d8cf98474fa2aa5813c633808b6c" - }, - { - "@id": "_:N8c87f6c1ad3d405dacfe600a6058387e" - }, - { - "@id": "_:N7d4120ef00cb4a369ca2fd520546a524" - }, - { - "@id": "_:N4462a24da9ac4df0a6bbb8877bb10f0f" - }, - { - "@id": "_:N63f4ac18a23e489f91a9d600f54bacd8" - }, - { - "@id": "_:Nc7b698ebea774cad8555c953e5ecf6f6" + "@id": "_:Nb195befe2d4c41458b75e269d6d5d20d" } ] }, { - "@id": "_:Nf336cd620cf04373a4e83db96820f17d", + "@id": "_:N2aca376e7fa643248d0ae1615af9bc14", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" } ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#Literal" @@ -8855,262 +9369,299 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion" } ] }, { - "@id": "_:N64fc1b4a54654e0988a8e6710599a297", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" - } - ], - "http://www.w3.org/ns/shacl#in": [ + "@id": "_:Nb195befe2d4c41458b75e269d6d5d20d", + "http://www.w3.org/ns/shacl#datatype": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear" - } - ] + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded" } ] }, { - "@id": "_:N6dd771f4849d4e68a9a4136b391be203", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "When a CVSS score is between 7.0 - 8.9" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "high" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "there is no support for the artifact from the supplier, consumer assumes any support obligations." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess" + "@value": "noSupport" } ] }, { - "@id": "_:N375265aad98b4320b8508b7e62d509c8", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "A software agent." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to binary artifacts related to a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "binaryArtifact" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing" + "@value": "support" } ] }, { - "@id": "_:N03b894ce4ba740e9a5e7c08dd6926732", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript" - } - ] + "@language": "en", + "@value": "A license expression participating in a license set." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Any other units of energy measurement." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability" + "@value": "other" } ] }, { - "@id": "_:N56f01879123844839ed853ba3df3d7c3", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "The `from` Vulnerability has had an exploit created against it by each `to` Agent." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "exploitCreatedBy" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Specifies the amount of energy consumed when finetuning the AI model that is\nbeing used in the AI system." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" } ] }, { - "@id": "_:N2d742e04677e40cda0ef3609598358a1", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" + "@language": "en", + "@value": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "vulnerableCodeCannotBeControlledByAdversary" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize" + "@value": "secureSoftwareAttestation" } ] }, { - "@id": "_:N8fe0d8cf98474fa2aa5813c633808b6c", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "@language": "en", + "@value": "References an Element on the right-hand side of a relationship." } ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video" - } - ] + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A map of Element identifiers that are used within an SpdxDocument but defined\nexternal to that SpdxDocument." } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType" + "@id": "_:Na360199da8ee498c93cf88f92c327427" + }, + { + "@id": "_:N0424b2581a0d4d4aabfbe49ee71c6de7" + }, + { + "@id": "_:N3f1160e3da0e48f5a7f879d3089bc895" + }, + { + "@id": "_:Nf25c1da35dd24967a70cec4affc61874" } ] }, { - "@id": "_:N8c87f6c1ad3d405dacfe600a6058387e", + "@id": "_:Na360199da8ee498c93cf88f92c327427", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9121,57 +9672,38 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId" } ] }, { - "@id": "_:N7d4120ef00cb4a369ca2fd520546a524", + "@id": "_:N0424b2581a0d4d4aabfbe49ee71c6de7", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" - } - ], - "http://www.w3.org/ns/shacl#in": [ - { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" - } - ] - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing" } ] }, { - "@id": "_:N4462a24da9ac4df0a6bbb8877bb10f0f", + "@id": "_:N3f1160e3da0e48f5a7f879d3089bc895", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9182,233 +9714,171 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locationHint" } ] }, { - "@id": "_:N63f4ac18a23e489f91a9d600f54bacd8", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "@id": "_:Nf25c1da35dd24967a70cec4affc61874", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" } ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias" - } - ] - }, - { - "@id": "_:Nc7b698ebea774cad8555c953e5ecf6f6", - "http://www.w3.org/ns/shacl#class": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://www.rfc-editor.org/info/rfc3174)." + "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha1" + "@value": "gitoid" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The second-highest level of risk posed by an AI system." + "@value": "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "high" + "@value": "hasVariant" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a License author's preferred text to indicate that a file is covered\nby the License." + "@value": "Provides a CVSS version 4 assessment for a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/lineRange", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Defines the line range in the original host file that the snippet information\napplies to." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + "@id": "_:N84436e39e61e449db908a48de410450c" + }, + { + "@id": "_:N9dca46da15a4481796f46a2098859f31" + }, + { + "@id": "_:N54ddca5880464f17bd5206be1ecb8932" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "@id": "_:N84436e39e61e449db908a48de410450c", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "A mathematically calculated representation of a grouping of data." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N24f39978786f41aca8f7ceccd90e7a45" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:Na6e1130f93ff40c0b85418052b32c23b" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" } ] }, { - "@id": "_:N24f39978786f41aca8f7ceccd90e7a45", + "@id": "_:N9dca46da15a4481796f46a2098859f31", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none" } ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9419,12 +9889,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity" } ] }, { - "@id": "_:Na6e1130f93ff40c0b85418052b32c23b", + "@id": "_:N54ddca5880464f17bd5206be1ecb8932", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -9432,11 +9902,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9447,12 +9919,30 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is an operating system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "operatingSystem" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -9460,37 +9950,39 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A mapping between prefixes and namespace partial URIs." + "@value": "A tuple of two positive integers that define a range." } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Na0bd142333fe466090b215722e1bd7dc" + "@id": "_:Ne72021f629d34d889aa64dd671270777" }, { - "@id": "_:N20936b05ef7943339eb70d4b8d179de1" + "@id": "_:Nd6f96cdb35ca487ebe5f0c1ef4d318eb" } ] }, { - "@id": "_:Na0bd142333fe466090b215722e1bd7dc", + "@id": "_:Ne72021f629d34d889aa64dd671270777", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9501,24 +9993,26 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/prefix" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange" } ] }, { - "@id": "_:N20936b05ef7943339eb70d4b8d179de1", + "@id": "_:Nd6f96cdb35ca487ebe5f0c1ef4d318eb", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9529,127 +10023,123 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespace" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Dataset can be shared within a community of peers and partners." + "@value": "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "green" + "@value": "runtime" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to additional license information related to an artifact." + "@value": "The `from` Element is a descendant of each `to` Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "license" + "@value": "descendantOf" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/extension", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a privacy assessment for a package." + "@value": "Specifies an Extension characterization of some aspect of an Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "privacyAssessment" + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage." + "@value": "Provides information about the creation of the Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "clickthrough" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The relationship is known not to be exhaustive." + "@value": "Specifies whether the License is listed as approved by the\nOpen Source Initiative (OSI)." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "incomplete" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is used to install software on disk" + "@value": "The result of applying a hash algorithm to an Element." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "install" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated." + "@value": "Records the type of the model used in the AI software." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -9659,41 +10149,29 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Person", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An Element an annotator has made an assertion about." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "An individual human being." } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@language": "en", - "@value": "Describes if any sensitive personal information is present in the dataset." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -9701,12 +10179,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies an AI package and its associated information." + "@value": "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -9716,76 +10194,47 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Ne3ddf71626f34a73963733f824453ebf" - }, - { - "@id": "_:Na4a125de0db74c67b9d9caaa182d332b" - }, - { - "@id": "_:N90232a851de745ee88c1d137defa0b7b" - }, - { - "@id": "_:N67a5de6b3a1a45b98b9437626e94b0f2" - }, - { - "@id": "_:N257a47ad2ada4a208bc06f33c0794b5c" - }, - { - "@id": "_:Nf5d47dfb93494734926bddf6dae680cd" - }, - { - "@id": "_:Nf01d41b953aa4e06a96c735641079898" - }, - { - "@id": "_:N7b86f028fbec4b38b2d7ef7a975a7b0b" - }, - { - "@id": "_:N7909ea1c09b143beba829a92898a366b" - }, - { - "@id": "_:Naf89de47bf1348b4a5223b3ce54aa593" - }, - { - "@id": "_:N826979fdb92742bebcea72727a9858fe" - }, - { - "@id": "_:N7884b75a16e44cb9ba16b24a2038614f" - }, - { - "@id": "_:Nc598bb0ec1b34324b281b27622a73d4c" + "@id": "_:Nc0c5231e0c44437eaef8bba4677a31f6" }, { - "@id": "_:Nc61c1da4ba95465d888c4c47b17d59e2" + "@id": "_:N45c6754475234fb3981040e1eb691220" }, { - "@id": "_:N16d14b85dba64e24833ae7450bcce4cb" + "@id": "_:N0d825a0c45ee44bca0cb57c439a3a445" } ] }, { - "@id": "_:Ne3ddf71626f34a73963733f824453ebf", + "@id": "_:Nc0c5231e0c44437eaef8bba4677a31f6", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist" } ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9796,17 +10245,23 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/justificationType" } ] }, { - "@id": "_:Na4a125de0db74c67b9d9caaa182d332b", + "@id": "_:N45c6754475234fb3981040e1eb691220", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" } ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#Literal" @@ -9814,76 +10269,120 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/domain" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement" } ] }, { - "@id": "_:N90232a851de745ee88c1d137defa0b7b", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:N0d825a0c45ee44bca0cb57c439a3a445", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "_:N67a5de6b3a1a45b98b9437626e94b0f2", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@language": "en", + "@value": "Megajoule." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@value": "megajoule" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter" + "@value": "fixedIn" } ] }, { - "@id": "_:N257a47ad2ada4a208bc06f33c0794b5c", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "Describes the confidentiality level of the data points contained in the dataset." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A property name with an associated value." } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication" + "@id": "_:N1eceff509a414ae0a364c00261c99d82" + }, + { + "@id": "_:N6b07fbd78cf44270865f58743c1d4717" } ] }, { - "@id": "_:Nf5d47dfb93494734926bddf6dae680cd", + "@id": "_:N1eceff509a414ae0a364c00261c99d82", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -9891,6 +10390,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9901,12 +10407,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining" + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName" } ] }, { - "@id": "_:Nf01d41b953aa4e06a96c735641079898", + "@id": "_:N6b07fbd78cf44270865f58743c1d4717", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -9914,6 +10420,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -9924,194 +10431,195 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/limitation" + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue" } ] }, { - "@id": "_:N7b86f028fbec4b38b2d7ef7a975a7b0b", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@language": "en", + "@value": "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metric" + "@value": "sha384" } ] }, { - "@id": "_:N7909ea1c09b143beba829a92898a366b", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@language": "en", + "@value": "A reference build system used to create or publish the package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold" + "@value": "buildSystem" } ] }, { - "@id": "_:Naf89de47bf1348b4a5223b3ce54aa593", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Specifies the type of the external identifier." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" } ] }, { - "@id": "_:N826979fdb92742bebcea72727a9858fe", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Identifies the full text of a LicenseAddition, in SPDX templating format." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:N7884b75a16e44cb9ba16b24a2038614f", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low" - } - ] + "@language": "en", + "@value": "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "hasMetadata" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Artifact representing a serialization instance of SPDX data containing the\ndefinition of a particular Element." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" } ] }, { - "@id": "_:Nc598bb0ec1b34324b281b27622a73d4c", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance" + "@value": "npm" } ] }, { - "@id": "_:Nc61c1da4ba95465d888c4c47b17d59e2", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel" + "@value": "hasHost" } ] }, { - "@id": "_:N16d14b85dba64e24833ae7450bcce4cb", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + "@language": "en", + "@value": "Used when there is a security related identifier of unspecified type." } ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" - } - ] + "@value": "securityOther" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Indicates the type of support that is associated with an artifact." } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Specifies the time from which an element is no longer applicable / valid." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, @@ -10133,96 +10641,128 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is video based, such as a collection of movie clips featuring Tom Hanks." + "@value": "Abstract class representing a License or an OrLaterOperator." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "video" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N389d3e9e81e74e3797b180d81edca2e0" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N389d3e9e81e74e3797b180d81edca2e0", + "http://www.w3.org/ns/shacl#message": [ { "@language": "en", - "@value": "Provides a reference number that can be used to understand how to parse and\ninterpret an Element." + "@value": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#not": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "_:Nba9d94c6ccef43378e341caf081b2205" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", + "@id": "_:Nba9d94c6ccef43378e341caf081b2205", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Security profile specification" + "@value": "The Element is the evidence that a specification or requirement has been fulfilled." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "security" + "@value": "evidence" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "MD2 message-digest algorithm, as defined in [RFC 1319](https://www.rfc-editor.org/info/rfc1319/)." + "@value": "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "md2" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N5d3cfef88942468f8626584333640c31" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N5d3cfef88942468f8626584333640c31", + "http://www.w3.org/ns/shacl#message": [ { "@language": "en", - "@value": "A reference to the instant messaging system used by the maintainer for a package." + "@value": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#not": [ { - "@value": "chat" + "@id": "_:N13ceb50f498b427f8678e0084e8f5ace" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", + "@id": "_:N13ceb50f498b427f8678e0084e8f5ace", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -10230,42 +10770,42 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)." + "@value": "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasMetadata" + "@value": "hasInput" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "any hashing algorithm that does not exist in this list of entries" + "@value": "the element follows the Security profile specification" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "security" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/name", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes all the preprocessing steps applied to the training data before the\nmodel training." + "@value": "Identifies the name of an Element as designated by the creator." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -10275,314 +10815,351 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bom", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it." + "@value": "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bundle" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/scope", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Capture the scope of information about a specific relationship between elements." + "@value": "The Element is an Artifact that can be run on a computer." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + "@value": "executable" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a version control system related to a software artifact." + "@value": "A collection of SPDX Elements that could potentially be serialized." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "vcs" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nee0116ffe8b74e748a52829e474a1d0a" + }, + { + "@id": "_:Nae0ececb588e4377a9d54f80ce52155c" + }, + { + "@id": "_:Nd0757799307e48a4b05ca61c03827be6" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" + "@id": "_:Nee0116ffe8b74e748a52829e474a1d0a", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Used when someone reviews the Element." + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "review" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/import" + } + ] + }, + { + "@id": "_:Nae0ececb588e4377a9d54f80ce52155c", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "@id": "_:Nd0757799307e48a4b05ca61c03827be6", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "there is no support for the artifact from the supplier, consumer assumes any support obligations." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "noSupport" + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Vulnerability has had an exploit created against it by each `to` Agent." + "@value": "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "exploitCreatedBy" + "@value": "graph" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies a time when a vulnerability assessment was modified" + "@value": "the element follows the Software profile specification" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@value": "software" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Defines the beginning of a range." + "@value": "The Element is a file system image that can be written to a disk (or virtual) partition." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + "@value": "filesystemImage" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of the external identifier." + "@value": "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "@value": "deployed" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/attributionText", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing." + "@value": "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "syntactic" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metric", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/percentile", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records the measurement of prediction quality of the AI model." + "@value": "The percentile of the current probability score." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)" + "@value": "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "cpe22" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element is available from the additional supplier described by each `to` Element." + "@value": "Describes how the dataset was collected." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "availableFrom" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://www.rfc-editor.org/info/rfc9393) Section 2.3." + "@value": "Specifies the time an artifact was released." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "swid" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle." + "@value": "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "blake2b256" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool", "@type": [ "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A mathematical algorithm that maps data of arbitrary size to a bit string." + "@value": "An element of hardware and/or software utilized to carry out a particular function." } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@language": "en", - "@value": "The field describes the availability of a dataset." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "@type": [ "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Abstract class for the portion of an AnyLicenseInfo representing a license." + "@value": "Provides a CVSS version 2.0 assessment for a vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -10592,48 +11169,29 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N51684cf5bcbc4a20bbdb01edfe4efcac" - }, - { - "@id": "_:N36043d7db3634b37ab25e57be3c388b7" - }, - { - "@id": "_:N10aefd9f405949819c6d08c285cf111a" - }, - { - "@id": "_:N012fdc0af33a42699989122573b61599" - }, - { - "@id": "_:Na15b826144c24f07b9a0a625c9313f6b" - }, - { - "@id": "_:Ndb6ed9be32cd4e7fba424accec530b39" - }, - { - "@id": "_:Nb8929687502d49478ff0a6c18bc97db7" - }, - { - "@id": "_:N37bf0ab82eb94f598c70a653136cfa4f" + "@id": "_:N81d1f1b7a8ee4fb8b9c8253b4eb9aac0" }, { - "@id": "_:Nae44a89993884609aa0ed1e86fcb52f1" + "@id": "_:Nd15fc2a0dfc74dfebb9e5275ca4e5990" } ] }, { - "@id": "_:N51684cf5bcbc4a20bbdb01edfe4efcac", + "@id": "_:N81d1f1b7a8ee4fb8b9c8253b4eb9aac0", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -10644,42 +11202,26 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" } ] }, { - "@id": "_:N36043d7db3634b37ab25e57be3c388b7", + "@id": "_:Nd15fc2a0dfc74dfebb9e5275ca4e5990", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#Literal" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId" - } - ] - }, - { - "@id": "_:N10aefd9f405949819c6d08c285cf111a", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -10690,327 +11232,379 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" } ] }, { - "@id": "_:N012fdc0af33a42699989122573b61599", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved" + "@value": "registration" } ] }, { - "@id": "_:Na15b826144c24f07b9a0a625c9313f6b", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides information about the primary purpose of the software artifact." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml" + "@language": "en", + "@value": "Specifies the unit of energy consumption." } ] }, { - "@id": "_:Ndb6ed9be32cd4e7fba424accec530b39", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "The `from` Element is modified by each `to` Element." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "modifiedBy" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/standardName", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "The name of a relevant standard that may apply to an artifact." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:Nb8929687502d49478ff0a6c18bc97db7", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso" + "@value": "republishedBy" } ] }, { - "@id": "_:N37bf0ab82eb94f598c70a653136cfa4f", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "A relationship has specific context implications during an element's testing phase, during development." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "test" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "[FALCON](https://falcon-sign.info/falcon.pdf)" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader" + "@value": "falcon" } ] }, { - "@id": "_:Nae44a89993884609aa0ed1e86fcb52f1", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "the element follows the Lite profile specification" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "lite" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support." + "@value": "Dataset can be shared within a community of peers and partners." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "limitedSupport" + "@value": "green" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the exploit catalog type." + "@value": "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "timeseries" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The software is not affected because the vulnerable component is not in the product." + "@value": "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "componentNotPresent" + "@value": "hasTestCase" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)." + "@value": "Records any relevant background information or additional comments\nabout the origin of the package." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "foundBy" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/percentile", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The percentile of the current probability score." + "@value": "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@value": "sha3_384" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness." + "@value": "A reference to the mailing list used by the maintainer for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "mailingList" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/completeness", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", "@type": [ "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the completeness of relationships." + "@value": "Describes if any sensitive personal information is present in the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)." + "@value": "data type is not known." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasHost" + "@value": "noAssertion" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the CVSS vector string for a vulnerability." + "@value": "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "hasDistributionArtifact" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software." + "@value": "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + "@value": "mavenCentral" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent." + "@value": "The Element provides low level control over a device's hardware." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "reportedBy" + "@value": "firmware" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -11018,98 +11612,137 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A canonical, unique, immutable identifier" + "@value": "Specifies a vulnerability and its associated information." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nad7d1e91ec1b4dcbb4e9b1ed131d424a" + "@id": "_:N6acc1c288e61445bb0a50d0490a0c267" }, { - "@id": "_:N7a598531268947b186d3bb260a6374e7" + "@id": "_:Na76c1d0d30514ffb8beb4d48a0b220ff" + }, + { + "@id": "_:Nd66d5f38bdf145a99b1715d40993517c" } ] }, { - "@id": "_:Nad7d1e91ec1b4dcbb4e9b1ed131d424a", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:N6acc1c288e61445bb0a50d0490a0c267", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid" - } - ] + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": 1 + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:Na76c1d0d30514ffb8beb4d48a0b220ff", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "_:N7a598531268947b186d3bb260a6374e7", + "@id": "_:Nd66d5f38bdf145a99b1715d40993517c", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ { - "@value": 1 + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "A canonical, unique, immutable identifier of the artifact content, that may be\nused for verifying its identity and/or integrity." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -11117,12 +11750,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A collection of SPDX Elements that could potentially be serialized." + "@value": "Provides an SSVC assessment for a vulnerability." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -11132,61 +11765,44 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N1ead73ad501a415391f1e6b2e5197272" - }, - { - "@id": "_:Na28ed292986243a4a14387ac7116cf83" - }, - { - "@id": "_:Na07613a43da84858afb7ae449e133ae2" - } - ] - }, - { - "@id": "_:N1ead73ad501a415391f1e6b2e5197272", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/import" + "@id": "_:N4f0b7830361d4b38bff91506e120cb77" } ] }, { - "@id": "_:Na28ed292986243a4a14387ac7116cf83", + "@id": "_:N4f0b7830361d4b38bff91506e120cb77", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#in": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar" + } + ] } ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap" - } - ] - }, - { - "@id": "_:Na07613a43da84858afb7ae449e133ae2", - "http://www.w3.org/ns/shacl#class": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -11197,196 +11813,184 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/decisionType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the time when a vulnerability was published." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@value": "Specifies the SSVC decision type." } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Indicates presence of the field." + "@value": "This individual element was defined by the spec." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ { - "@value": "yes" + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ { - "@language": "en", - "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)." + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ { - "@value": "gitoid" + "@value": "3.0.1" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the creation of the Element." + "@value": "Abstract class representing a license combination consisting of one or more licenses." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Nc265e2cf73224fe898a76d845eb0d64c" - }, - { - "@id": "_:Nb8d82b05a2a9453ba30cb4d51ebb04fd" - }, - { - "@id": "_:Nc188a9cf29e14420ac6d51644cb721c3" - }, - { - "@id": "_:Nb9a3a0960c23474bbae976237641e0a9" - }, - { - "@id": "_:N18f4fa9faa664c24be83f193f1b03c5b" + "@id": "_:N34abe76a351f47099af1b04cc4cfd9c5" } ] }, { - "@id": "_:Nc265e2cf73224fe898a76d845eb0d64c", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ + "@id": "_:N34abe76a351f47099af1b04cc4cfd9c5", + "http://www.w3.org/ns/shacl#message": [ { - "@value": 1 + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#not": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "_:N5c04428de4e14d74824de2780dc99cbb" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/specVersion" - } - ], - "http://www.w3.org/ns/shacl#pattern": [ - { - "@value": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } ] }, { - "@id": "_:Nb8d82b05a2a9453ba30cb4d51ebb04fd", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ + "@id": "_:N5c04428de4e14d74824de2780dc99cbb", + "http://www.w3.org/ns/shacl#hasValue": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "When a CVSS score is between 9.0 - 10.0" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + "@value": "critical" } ] }, { - "@id": "_:Nc188a9cf29e14420ac6d51644cb721c3", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Provides an exploit assessment of a vulnerability." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/created" - } - ], - "http://www.w3.org/ns/shacl#pattern": [ + "@id": "_:Na8e8b62a6c9243ecb48de2e3205d6272" + }, { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@id": "_:N642e588df72d4639b95a7dcaf108f295" + }, + { + "@id": "_:N7ada87a7db754bf287181abb5c49bac4" } ] }, { - "@id": "_:Nb9a3a0960c23474bbae976237641e0a9", + "@id": "_:Na8e8b62a6c9243ecb48de2e3205d6272", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -11397,105 +12001,106 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdBy" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/catalogType" } ] }, { - "@id": "_:N18f4fa9faa664c24be83f193f1b03c5b", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:N642e588df72d4639b95a7dcaf108f295", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool" + "@id": "http://www.w3.org/2001/XMLSchema#boolean" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Defines the original host file that the snippet information applies to." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/exploited" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass" + "@id": "_:N7ada87a7db754bf287181abb5c49bac4", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Abstract class representing a License or an OrLaterOperator." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/locator" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Enumeration of the valid profiles." + "@value": "Provides a map of a property names to a values." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the value of the content identifier." + "@value": "This property is used to denote the root Element(s) of a tree of elements contained in a BOM." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ] }, { - "@id": "http://spdx.invalid./AbstractClass", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -11503,12 +12108,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability." + "@value": "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -11518,46 +12123,29 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N172162a57ee24477819cf9ba52da98a2" - }, - { - "@id": "_:N3f179f51222f4cdaac01e568f1869ad9" + "@id": "_:N8801efb6feb44626a0acd767c310b7a5" }, { - "@id": "_:Nfd73f5e76e5c4f21bd7e529aa71349d8" + "@id": "_:N277e37dd63f24c76a29e15a02660e003" } ] }, { - "@id": "_:N172162a57ee24477819cf9ba52da98a2", + "@id": "_:N8801efb6feb44626a0acd767c310b7a5", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" } ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist" - } - ] + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -11568,311 +12156,276 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/justificationType" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition" } ] }, { - "@id": "_:N3f179f51222f4cdaac01e568f1869ad9", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N277e37dd63f24c76a29e15a02660e003", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#Literal" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement" - } - ] - }, - { - "@id": "_:Nfd73f5e76e5c4f21bd7e529aa71349d8", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime" - } - ], - "http://www.w3.org/ns/shacl#pattern": [ - { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." + "@value": "The `from` Element has been trained on the `to` Element(s)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "swhid" + "@value": "trainedOn" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides the location for more information regarding an external identifier." + "@value": "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "affects" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element contains each `to` Element." + "@value": "The relative file name of a file to be excluded from the\n`PackageVerificationCode`." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "contains" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Timestamp of impact statement." + "@value": "Records the biases that the dataset is known to encompass." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)." + "@value": "CISA's Known Exploited Vulnerability (KEV) Catalog" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "vulnerabilityExploitabilityAssessment" + "@value": "kev" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package." + "@value": "the artifact is in active development and is not considered ready for formal support from the supplier." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityPenTestReport" + "@value": "development" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the amount of energy consumed when training the AI model that is\nbeing used in the AI system." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + "@value": "data is stored in tabular format or retrieved from a relational database." } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@language": "en", - "@value": "Provides information about the primary purpose of an Element." + "@value": "structured" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Any other units of energy measurement." + "@value": "A reference to related security information of unspecified type." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "securityOther" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provide an enumerated set of lifecycle phases that can provide context to relationships." + "@value": "Property that describes the digest of the build configuration file used to\ninvoke a build." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", "@type": [ "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a set of values to be used to describe the common types of SBOMs that\ntools may create." + "@value": "A concrete subclass of AnyLicenseInfo used by Individuals in the\nExpandedLicensing profile." } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@language": "en", - "@value": "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent." + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": "publishedBy" + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)." + "@value": "A reference to an alternative download location." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "invokedBy" + "@value": "altDownloadLocation" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` archive expands out as an artifact described by each `to` Element." + "@value": "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "expandsTo" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Indicates the amount of energy consumption incurred by an AI model." + "@value": "The Element is a plan, guideline or strategy how to create, perform or analyze an application." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption" + "@value": "specification" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -11880,7 +12433,7 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An SPDX version 2.X compatible verification method for software packages." + "@value": "A mathematically calculated representation of a grouping of data." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ @@ -11890,23 +12443,20 @@ ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N2971b946d85c4274842d7be539de7de3" - }, - { - "@id": "_:N3548f2d573694acd82cda1b98eaad2e3" + "@id": "_:Nb3de9ed0037c4b249b07b05a9af68f5b" }, { - "@id": "_:N9e1fea95a3104546b40963b7982f592d" + "@id": "_:Ne6b4111dd98f4642bdc8313bb4485ac4" } ] }, { - "@id": "_:N2971b946d85c4274842d7be539de7de3", + "@id": "_:Nb3de9ed0037c4b249b07b05a9af68f5b", "http://www.w3.org/ns/shacl#class": [ { "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" @@ -11986,11 +12536,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -12006,7 +12558,7 @@ ] }, { - "@id": "_:N3548f2d573694acd82cda1b98eaad2e3", + "@id": "_:Ne6b4111dd98f4642bdc8313bb4485ac4", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -12014,11 +12566,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -12034,73 +12588,14 @@ ] }, { - "@id": "_:N9e1fea95a3104546b40963b7982f592d", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#Literal" - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Abstract class representing a license combination consisting of one or more licenses." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#IRI" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "patchedBy" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Records the type of the model used in the AI software." + "@value": "Describes the anonymization methods used." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -12109,23 +12604,6 @@ } ] }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies whether a license or additional text identifier has been marked as\ndeprecated." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ] - }, { "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", "@type": [ @@ -12150,12 +12628,12 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N1adb97cfd8ac4a8083985d3326e5764c" + "@id": "_:N23238f039f16407faa4dfddc2d622573" } ] }, { - "@id": "_:N1adb97cfd8ac4a8083985d3326e5764c", + "@id": "_:N23238f039f16407faa4dfddc2d622573", "http://www.w3.org/ns/shacl#class": [ { "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" @@ -12163,6 +12641,7 @@ ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 2 } ], @@ -12178,160 +12657,148 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to instructions for reporting newly discovered security vulnerabilities for a package." + "@value": "The relationship is known to be exhaustive." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityPolicy" + "@value": "complete" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has been trained on the `to` Element(s)." + "@value": "The Element provides a requirement needed as input for another Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "trainedOn" + "@value": "requirement" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A buildId is a locally unique identifier used by a builder to identify a unique\ninstance of a build produced by it." + "@value": "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "coordinatedBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period." + "@value": "Specifies the amount of energy consumed when training the AI model that is\nbeing used in the AI system." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "hasSpecification" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/builtTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/probability", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the time an artifact was built." + "@value": "A probability score between 0 and 1 of a vulnerability being exploited." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#decimal" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/byteRange", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Defines the byte range in the original host file that the snippet information\napplies to." + "@value": "Captures the size of the dataset." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of an external identifier." + "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact." + "@value": "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "source" + "@value": "email" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)." + "@value": "A reference build metadata related to a published package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "fixedBy" + "@value": "buildMeta" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -12339,12 +12806,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Refers to any object that stores content on a computer." + "@value": "Specifies a data package and its associated information." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -12354,25 +12821,53 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Ncd0fe41f0b77431386026febcc4bb2dd" + "@id": "_:N7e77bec6ff6048d28db32877de71ab9e" + }, + { + "@id": "_:N0e42e2b59c914ea49f056fa11e0247af" + }, + { + "@id": "_:N308ac8913c6440c68ef5331eaaef0508" + }, + { + "@id": "_:N89a86d261e23427e9d1f83e49522a1db" + }, + { + "@id": "_:N9ef0c5442da84b0fae93ce92032c52f8" + }, + { + "@id": "_:Nd22fb99bf3914c40933f3c2889844f93" + }, + { + "@id": "_:N6f332b14dad848a1a73af602a8bf6c70" }, { - "@id": "_:Nac78ca7ea16a4a8b90435bf547a155d7" + "@id": "_:Nb341386f04fc4f4fbd57a5ececcf95ae" + }, + { + "@id": "_:Nde0b031cd5a84bd9b7232a8ab9b869b1" + }, + { + "@id": "_:N65d68fe531bd4a79bbf148d2cb0e410e" + }, + { + "@id": "_:N4acbfeca863a47f48ea0ccfc2d69b6c6" + }, + { + "@id": "_:Nc135d7690cec4e9eacf2c4b3838d3ce0" + }, + { + "@id": "_:Ne852771926b4432ab9b7910fdcae1056" } ] }, { - "@id": "_:Ncd0fe41f0b77431386026febcc4bb2dd", + "@id": "_:N7e77bec6ff6048d28db32877de71ab9e", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], "http://www.w3.org/ns/shacl#nodeKind": [ { "@id": "http://www.w3.org/ns/shacl#Literal" @@ -12380,36 +12875,38 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" - } - ], - "http://www.w3.org/ns/shacl#pattern": [ - { - "@value": "^[^\\/]+\\/[^\\/]+$" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed" } ] }, { - "@id": "_:Nac78ca7ea16a4a8b90435bf547a155d7", + "@id": "_:N0e42e2b59c914ea49f056fa11e0247af", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear" } ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -12420,278 +12917,267 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/fileKind" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Indicates absence of the field." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "no" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N308ac8913c6440c68ef5331eaaef0508", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "The `from` Element depends on each `to` Element, during a LifecycleScopeType period." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "dependsOn" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/startTime", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Specifies the time from which an element is applicable / valid." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "@id": "_:N89a86d261e23427e9d1f83e49522a1db", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "serializedInArtifact" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "@id": "_:N9ef0c5442da84b0fae93ce92032c52f8", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#in": [ { - "@language": "en", - "@value": "Records any relevant background information or additional comments\nabout the origin of the package." + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript" + } + ] } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "the element follows the Lite profile specification" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "lite" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nd22fb99bf3914c40933f3c2889844f93", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "hasDistributionArtifact" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "npm" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N6f332b14dad848a1a73af602a8bf6c70", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "When a CVSS score is 0.0" + "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "none" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasOptionalComponent" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nb341386f04fc4f4fbd57a5ececcf95ae", + "http://www.w3.org/ns/shacl#class": [ { - "@language": "en", - "@value": "A license that is not listed on the SPDX License List." + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#in": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video" + } + ] } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "hasEvidence" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nde0b031cd5a84bd9b7232a8ab9b869b1", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "A buildType is a hint that is used to indicate the toolchain, platform, or\ninfrastructure that the build was invoked on." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Element represents software that controls hardware devices" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "deviceDriver" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "@id": "_:N65d68fe531bd4a79bbf148d2cb0e410e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#in": [ { - "@language": "en", - "@value": "Refers to any unit of content that can be associated with a distribution of\nsoftware." + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" + } + ] } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -12699,33 +13185,22 @@ "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nc575b9657f484de2af1f8daaa12ad966" - }, - { - "@id": "_:Nc73f716af4b94333a198e094f0017d73" - }, - { - "@id": "_:N59c00a31db4c4f9fb9444452a40fb51e" - }, - { - "@id": "_:Nc9837df3ad30410eb53ae27eb52a1b71" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:Ne20d92c51ca24ad2b42d0505b65fc902" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation" } ] }, { - "@id": "_:Nc575b9657f484de2af1f8daaa12ad966", + "@id": "_:N4acbfeca863a47f48ea0ccfc2d69b6c6", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -12736,65 +13211,93 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse" } ] }, { - "@id": "_:Nc73f716af4b94333a198e094f0017d73", + "@id": "_:Nc135d7690cec4e9eacf2c4b3838d3ce0", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": 1 + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias" + } + ] + }, + { + "@id": "_:Ne852771926b4432ab9b7910fdcae1056", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/homePage" + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor" } ] }, { - "@id": "_:N59c00a31db4c4f9fb9444452a40fb51e", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion" + "@id": "_:N7f3e7e368ced487d87e98dc363b6b5cf" + }, + { + "@id": "_:Nd1687fdd5f6e44d68f2b4f7da570cb9f" } ] }, { - "@id": "_:Nc9837df3ad30410eb53ae27eb52a1b71", + "@id": "_:N7f3e7e368ced487d87e98dc363b6b5cf", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -12805,19 +13308,20 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement" } ] }, { - "@id": "_:Ne20d92c51ca24ad2b42d0505b65fc902", + "@id": "_:Nd1687fdd5f6e44d68f2b4f7da570cb9f", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -12828,83 +13332,130 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to metrics related to package such as OpenSSF scorecards." + "@value": "The Element contains a set of changes to update, fix, or improve another Element." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "metrics" + "@value": "patch" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the element follows the Core profile specification" + "@value": "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "core" + "@value": "other" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property describing the start time of a build." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Enumeration of the different kinds of SPDX file." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is a collection of images such as pictures of animals." + "@value": "Data points in the dataset are highly confidential and can only be shared with named recipients." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "image" + "@value": "red" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/context", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under." + "@value": "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@value": "sha3_224" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of a content identifier." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" @@ -12912,244 +13463,254 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`." + "@value": "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "nuget" + "@value": "vulnerabilityDisclosureReport" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides additional purpose information of the software artifact." + "@value": "data consists only of numeric entries." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "@value": "numeric" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/Build", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Class that describes a build instance of software/artifacts." + "@value": "The file represents a directory and all content stored in that directory." } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "directory" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N3b86018244cc461bb7e4c4920987316d" - }, - { - "@id": "_:Nad565eb0ad804bf8bbb9290c4c49b201" - }, - { - "@id": "_:N7573c49a39694bcfb3b14f8376c7aa3b" - }, - { - "@id": "_:Na82827a52a27443bb53d65511bb0d3d9" - }, - { - "@id": "_:N359b796c76e14b51a8bf7a531ca930b7" - }, - { - "@id": "_:N5e2c3feb084240a682763d57a317bd93" - }, - { - "@id": "_:Na1760a5f042f403e94a5bccbe5968f4c" - }, - { - "@id": "_:N94e9b6b2ddb44e709539f7640aeaa76c" - }, + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "_:N162fe7400da6473abcab29a4fafd2816" + "@value": "deployed" } ] }, { - "@id": "_:N3b86018244cc461bb7e4c4920987316d", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/builtTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "Specifies the time an artifact was built." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": 1 + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "A reference to an artifact containing the sources for a package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType" + "@value": "sourceArtifact" } ] }, { - "@id": "_:Nad565eb0ad804bf8bbb9290c4c49b201", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A concrete subclass of Element used by Individuals in the\nCore profile." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId" + "@id": "http://www.w3.org/ns/shacl#IRI" } ] }, { - "@id": "_:N7573c49a39694bcfb3b14f8376c7aa3b", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint" + "@value": "securityAdvisory" } ] }, { - "@id": "_:Na82827a52a27443bb53d65511bb0d3d9", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "When a CVSS score is between 0.1 - 3.9" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri" + "@value": "low" } ] }, { - "@id": "_:N359b796c76e14b51a8bf7a531ca930b7", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@language": "en", + "@value": "A reference to a social media channel for a package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest" + "@value": "socialMedia" } ] }, { - "@id": "_:N5e2c3feb084240a682763d57a317bd93", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@language": "en", + "@value": "An SPDX Element containing an SPDX license expression string." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter" + "@id": "_:N5451d9c16af6442d9bcc23c043b3d0da" + }, + { + "@id": "_:Nc7843f2d449645178198127dcec9cd3e" + }, + { + "@id": "_:Na8df8b76bfd84e51baaca8c4cdbfaec2" } ] }, { - "@id": "_:Na1760a5f042f403e94a5bccbe5968f4c", + "@id": "_:N5451d9c16af6442d9bcc23c043b3d0da", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression" } ] }, { - "@id": "_:N94e9b6b2ddb44e709539f7640aeaa76c", + "@id": "_:Nc7843f2d449645178198127dcec9cd3e", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -13160,17 +13721,17 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion" } ], "http://www.w3.org/ns/shacl#pattern": [ { - "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + "@value": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" } ] }, { - "@id": "_:N162fe7400da6473abcab29a4fafd2816", + "@id": "_:Na8df8b76bfd84e51baaca8c4cdbfaec2", "http://www.w3.org/ns/shacl#class": [ { "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" @@ -13183,435 +13744,340 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Used to associate a `from` Artifact with each `to` Vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasAssociatedVulnerability" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "act" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Email address, as defined in [RFC 3696](https://www.rfc-editor.org/info/rfc3986) Section 3." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "email" + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/fileKind", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data is recorded from a physical sensor, such as a thermometer reading or biometric device." + "@value": "Describes if a given file is a directory or non-directory kind of file." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "sensor" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://www.rfc-editor.org/info/rfc7693) Section 4." + "@value": "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "blake2b512" + "@value": "vulnerabilityExploitabilityAssessment" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element is configuration data" + "@value": "The `from` Element depends on each `to` Element, during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "configuration" + "@value": "dependsOn" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Element is a bill of materials" + "@value": "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "bom" + "@value": "hasConcludedLicense" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sbomType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to the documentation for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "documentation" + "@value": "Provides information about the type of an SBOM." } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", - "@type": [ - "http://www.w3.org/2002/07/owl#Class" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@language": "en", - "@value": "Indicates the type of support that is associated with an artifact." + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A canonical, unique, immutable identifier of the artifact content, that may be\nused for verifying its identity and/or integrity." + "@value": "Describes relevant information about different steps of the training process." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data that is classified into a discrete number of categories, such as the eye color of a population of people." + "@value": "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "categorical" - } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property that describes the URI of the build configuration source file." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@value": "foundBy" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#Class" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@language": "en", - "@value": "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "underInvestigationFor" + "@language": "en", + "@value": "Specifies the type of an external reference." } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to funding information related to a package." + "@value": "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "funding" + "@value": "source" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Indicates whether the system can perform a decision or action without human\ninvolvement or guidance." + "@value": "A mapping between prefixes and namespace partial URIs." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N9f51729e24eb42d4965a4a74fe302d3a" + }, + { + "@id": "_:N552625ddd9864602a0ee19418b5be3ad" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:N9f51729e24eb42d4965a4a74fe302d3a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Property that describes the digest of the build configuration file used to\ninvoke a build." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://www.rfc-editor.org/info/rfc7693) Section 4." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "blake2b384" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/prefix" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + "@id": "_:N552625ddd9864602a0ee19418b5be3ad", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "cwe" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "The `from` Element generates each `to` Element." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "generates" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespace" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "data consists only of numeric entries." + "@value": "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "numeric" + "@value": "sha3_256" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locationHint", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Conveys information about how VEX status was determined." + "@value": "Provides an indication of where to retrieve an external Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Organization", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A group of people who work together in an organized way for a shared purpose." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + "@value": "[Dilithium](https://pq-crystals.org/dilithium/)" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@value": "crystalsDilithium" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom\nLicense Addition to its URI ID." + "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + "@value": "gitoid" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRef", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element." + "@value": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef" + "@value": "act" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" @@ -13619,168 +14085,193 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)" + "@value": "Used when the type does not match any of the other options." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "cpe23" + "@value": "other" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)." + "@value": "Specifies the algorithm used for calculating the hash value." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@value": "packagedBy" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Property describing the start time of a build." + "@value": "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Provides relevant information about the AI software, not including the model\ndescription." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "_:N4589bfc7dc3f4233a4abb115ddaef820" + }, + { + "@id": "_:Nb20751516ec94669b1cd6f091b402af8" + }, + { + "@id": "_:Nda712abeccdd49c09c5c2bc685e05ee4" + }, + { + "@id": "_:N0d31a389bc9143c3bafe54fa421e0341" + }, + { + "@id": "_:N83d1d8ce6a5f4da29db196af54f27038" + }, + { + "@id": "_:Nd572e06c587345cd87d1d4094ca0fadb" + }, + { + "@id": "_:Nc40a347af0ca48028766e58ea8649917" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N4589bfc7dc3f4233a4abb115ddaef820", + "http://www.w3.org/ns/shacl#message": [ { "@language": "en", - "@value": "Captures the size of the dataset." + "@value": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#not": [ { - "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" + "@id": "_:N833037d94cbe4a28b7d115fbffced3f7" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "@id": "_:N833037d94cbe4a28b7d115fbffced3f7", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + } + ] + }, + { + "@id": "_:Nb20751516ec94669b1cd6f091b402af8", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Element is an Artifact that can be run on a computer" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "executable" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + "@id": "_:Nda712abeccdd49c09c5c2bc685e05ee4", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "A relationship has specific context implications during development phase of an element." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "development" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:N0d31a389bc9143c3bafe54fa421e0341", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "Provides a CVSS version 4 assessment for a vulnerability." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N3a7f86ab2d14471c86bf4a59ba076348" - }, - { - "@id": "_:N4ad53e3805a949009847f76197a78014" - }, + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N686ed16f71204aebbdc3435a08077ae7" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml" } ] }, { - "@id": "_:N3a7f86ab2d14471c86bf4a59ba076348", + "@id": "_:N83d1d8ce6a5f4da29db196af54f27038", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -13791,119 +14282,161 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy" } ] }, { - "@id": "_:N4ad53e3805a949009847f76197a78014", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:Nd572e06c587345cd87d1d4094ca0fadb", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none" - } - ] + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": 1 + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso" + } + ] + }, + { + "@id": "_:Nc40a347af0ca48028766e58ea8649917", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate" } ] }, { - "@id": "_:N686ed16f71204aebbdc3435a08077ae7", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "A relationship has specific context implications during the execution phase of an element." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "runtime" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Low/no risk is posed by an AI system." } ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "low" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "The software is not affected because the vulnerable component is not in the product." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" + "@value": "componentNotPresent" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The relationship is known to be exhaustive." + "@value": "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "complete" + "@value": "file" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Categories of presence or absence." + "@value": "The `from` Element has been copied to each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "copiedTo" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Indicates the amount of energy consumption incurred by an AI model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" @@ -13911,36 +14444,42 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries." + "@value": "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "securityAdvisory" + "@value": "bower" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", "@type": [ - "http://www.w3.org/2002/07/owl#Class" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Specifies the type of a content identifier." + "@value": "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityPenTestReport" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", "@type": [ "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the content type of an Element or a Property." + "@value": "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ @@ -13950,498 +14489,427 @@ ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/import", + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides an ExternalMap of Element identifiers." + "@value": "Captures a standard that is being complied with." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", "@type": [ "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Artifact representing a serialization instance of SPDX data containing the\ndefinition of a particular Element." + "@value": "Identifies from where or whom the Element originally came." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A class for describing the energy consumption incurred by an AI model in\ndifferent stages of its lifecycle." + "@value": "Defines the beginning of a range." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Naed2c73f504f483592f7369d7b072052" - }, + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "_:Nba7e016d110041fd95f954e36b9bd468" - }, + "@language": "en", + "@value": "A name used in a CdxPropertyEntry name-value pair." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:Nd59d49a61b7d49cba709dc0dd4d3c63a" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "_:Naed2c73f504f483592f7369d7b072052", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@language": "en", + "@value": "Indicates whether the system can perform a decision or action without human\ninvolvement or guidance." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" } ] }, { - "@id": "_:Nba7e016d110041fd95f954e36b9bd468", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + "@language": "en", + "@value": "Provide context for a relationship that occurs in the lifecycle." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption" + "@id": "_:Nef0aceefa2a54c08adc29b69c2987c08" } ] }, { - "@id": "_:Nd59d49a61b7d49cba709dc0dd4d3c63a", + "@id": "_:Nef0aceefa2a54c08adc29b69c2987c08", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#in": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other" + } + ] } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "When a CVSS score is between 4.0 - 6.9" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "medium" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/scope" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://www.rfc-editor.org/info/rfc3874)." + "@value": "When a CVSS score is 0.0" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "sha224" + "@value": "none" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject", "@type": [ "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides information about the primary purpose of the software artifact." + "@value": "An Element an annotator has made an assertion about." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Makes no assertion about the field." + "@value": "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "noAssertion" + "@value": "hasExample" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://www.rfc-editor.org/info/rfc7693) Section 4." + "@value": "The relationship is known not to be exhaustive." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "blake2b256" + "@value": "incomplete" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", "@type": [ "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element." + "@value": "A LicenseAddition participating in a 'with addition' model." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", "@type": [ - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a resource outside the scope of SPDX-3.0 content related to an Element." - } - ], - "http://www.w3.org/ns/shacl#nodeKind": [ - { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@value": "Specifies until when the artifact can be used before its usage needs to be\nreassessed." } ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N9aee7206959a49c094dc0fa44d1f3270" - }, - { - "@id": "_:N8a40a0c8b2a94136b028f7282d20c8a5" - }, - { - "@id": "_:Nc2c408fcf5c84840a88faf41254f7ce4" - }, + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "_:Nca9c308671ba4f57bcecf95f5b4cc5a2" + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } ] }, { - "@id": "_:N9aee7206959a49c094dc0fa44d1f3270", - "http://www.w3.org/ns/shacl#class": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" ], - "http://www.w3.org/ns/shacl#in": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@list": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment" - } - ] + "@language": "en", + "@value": "A relationship has specific context implications during an element's build phase, during development." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "build" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@language": "en", + "@value": "Dataset may be distributed freely, without restriction." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType" + "@value": "clear" } ] }, { - "@id": "_:N8a40a0c8b2a94136b028f7282d20c8a5", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "the element follows the Core profile specification" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@value": "core" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locator" + "@language": "en", + "@value": "Property describing the session in which a build is invoked." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" } ] }, { - "@id": "_:Nc2c408fcf5c84840a88faf41254f7ce4", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "A class for describing the energy consumption incurred by an AI model in\ndifferent stages of its lifecycle." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": 1 + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "_:N49fc85ac4b3e4255965bec1092f3b0bf" + }, + { + "@id": "_:N363c77746fe14d01b9156613c76390e7" + }, + { + "@id": "_:Nd69ae884faaa40898d49c158f8a742fb" + } + ] + }, + { + "@id": "_:N49fc85ac4b3e4255965bec1092f3b0bf", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], - "http://www.w3.org/ns/shacl#pattern": [ + "http://www.w3.org/ns/shacl#path": [ { - "@value": "^[^\\/]+\\/[^\\/]+$" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption" } ] }, { - "@id": "_:Nca9c308671ba4f57bcecf95f5b4cc5a2", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "_:N363c77746fe14d01b9156613c76390e7", + "http://www.w3.org/ns/shacl#class": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@value": 1 + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption" + } + ] + }, + { + "@id": "_:Nd69ae884faaa40898d49c158f8a742fb", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" @@ -14449,53 +14917,94 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a certification report for a package from an accredited/independent body." + "@value": "A reference to a Software Composition Analysis (SCA) report." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "certificationReport" + "@value": "componentAnalysisReport" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An Individual Value for License when no assertion can be made about its actual\nvalue." + "@value": "The `from` Element is available from the additional supplier described by each `to` Element." } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "availableFrom" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" + "@language": "en", + "@value": "Conveys information about how VEX status was determined." } ], - "http://www.w3.org/2002/07/owl#sameAs": [ + "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)." + "@value": "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "cve" + "@value": "eolNotice" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Enumeration of the valid profiles." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/domain", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Captures the domain in which the AI package can be used." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, @@ -14503,7 +15012,6 @@ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "@type": [ "http://www.w3.org/2002/07/owl#Class", - "http://spdx.invalid./AbstractClass", "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ @@ -14514,17 +15022,47 @@ ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N5623bb86fd7c413b82b71a62043494cb" + "@id": "_:N236de371a7df48ee905f0267cb6ca760" + }, + { + "@id": "_:N44f85a5a2d544ce2ac794e36c7150f73" + } + ] + }, + { + "@id": "_:N236de371a7df48ee905f0267cb6ca760", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N1a67920cb6604510b2f1857dabdf44c4" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:N1a67920cb6604510b2f1857dabdf44c4", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" } ] }, { - "@id": "_:N5623bb86fd7c413b82b71a62043494cb", + "@id": "_:N44f85a5a2d544ce2ac794e36c7150f73", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -14532,22 +15070,88 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the exploit catalog type." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a machine learning or artificial intelligence model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "model" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An entity that is authorized to issue identification credentials." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + "@value": "trackStar" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -14555,31 +15159,39 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A map of Element identifiers that are used within a Document but defined\nexternal to that Document." + "@value": "Refers to any unit of content that can be associated with a distribution of\nsoftware." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:Ndb37c7a9978a4ac8b665a6441f14d965" + "@id": "_:N9067cfbcf2ce44789dab84e7b2d41316" + }, + { + "@id": "_:Nb63b9b48ace04747b731a24ec5937acf" }, { - "@id": "_:N87d28a414efd4f9786b59664e97e2b07" + "@id": "_:N7bb26512f3b246a189e3c1caf404b878" }, { - "@id": "_:N40a10d28e31047ee926ed661077b4ca2" + "@id": "_:Nf79a3a3329be4b8fbccf847359371718" }, { - "@id": "_:N9e37e58b66a94224a5b60e4321758883" + "@id": "_:Nf456142b643f465ba3425afbe9dc23e9" } ] }, { - "@id": "_:Ndb37c7a9978a4ac8b665a6441f14d965", + "@id": "_:N9067cfbcf2ce44789dab84e7b2d41316", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#anyURI" @@ -14587,11 +15199,7 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -14602,37 +15210,44 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation" } ] }, { - "@id": "_:N87d28a414efd4f9786b59664e97e2b07", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:Nb63b9b48ace04747b731a24ec5937acf", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/homePage" } ] }, { - "@id": "_:N40a10d28e31047ee926ed661077b4ca2", + "@id": "_:N7bb26512f3b246a189e3c1caf404b878", "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -14643,111 +15258,95 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locationHint" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion" } ] }, { - "@id": "_:N9e37e58b66a94224a5b60e4321758883", - "http://www.w3.org/ns/shacl#class": [ + "@id": "_:Nf79a3a3329be4b8fbccf847359371718", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@id": "http://www.w3.org/ns/shacl#Literal" } ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "@id": "_:Nf456142b643f465ba3425afbe9dc23e9", + "http://www.w3.org/ns/shacl#datatype": [ { - "@language": "en", - "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)." + "@id": "http://www.w3.org/2001/XMLSchema#string" } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@value": "gitoid" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "Specifies the unit in which energy is measured." + "@id": "http://www.w3.org/ns/shacl#Literal" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A relationship has specific context implications during the execution phase of an element." + "@value": "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "runtime" + "@value": "nuget" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "http://www.w3.org/2002/07/owl#ObjectProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "An Individual Value for Element representing a set of Elements with\ncardinality (number/count) of zero." + "@value": "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" - } - ], - "http://www.w3.org/2002/07/owl#sameAs": [ - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement" + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -14755,12 +15354,12 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it." + "@value": "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License." } ], "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" } ], "http://www.w3.org/ns/shacl#nodeKind": [ @@ -14770,27 +15369,26 @@ ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N8e4cfdb12e9f40958d6cbdba3fadae30" - }, - { - "@id": "_:N75efcaf6ff15425d9edb33ffc0b50bed" + "@id": "_:N9fba27fae73449d2b5c74d5d14893170" } ] }, { - "@id": "_:N8e4cfdb12e9f40958d6cbdba3fadae30", + "@id": "_:N9fba27fae73449d2b5c74d5d14893170", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -14801,40 +15399,66 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition" + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense" } ] }, { - "@id": "_:N75efcaf6ff15425d9edb33ffc0b50bed", - "http://www.w3.org/ns/shacl#class": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + "@language": "en", + "@value": "A reference to the instant messaging system used by the maintainer for a package." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "chat" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#minCount": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@value": 1 + "@language": "en", + "@value": "A reference to a version control system related to a software artifact." } ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "http://www.w3.org/ns/shacl#IRI" + "@value": "vcs" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense" + "@language": "en", + "@value": "data is audio based, such as a collection of music from the 80s." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "audio" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" @@ -14842,35 +15466,87 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://www.rfc-editor.org/info/rfc1950) Section 2.3." + "@value": "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "adler32" + "@value": "md6" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The Element is a test used to verify functionality on an software element" + "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "test" + "@value": "swhid" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property describing a parameter used in an instance of a build." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the tooling that was used during the creation of the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The product is not affected because the code underlying the vulnerability is not present in the product." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "vulnerableCodeNotPresent" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -14878,175 +15554,197 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)." + "@value": "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "coordinatedBy" + "@value": "hasTest" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Other exploit catalogs" + "@value": "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "other" + "@value": "cve" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Refers to one or more Elements that are part of an ElementCollection." + "@value": "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + "@value": "cpe22" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types." + "@value": "The Element is a container image which can be used by a container runtime application." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasAssessmentFor" + "@value": "container" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId", "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "http://www.w3.org/2002/07/owl#DatatypeProperty" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "Describes one a profile which the creator of this ElementCollection intends to\nconform to." + "@value": "A buildId is a locally unique identifier used by a builder to identify a unique\ninstance of a build produced by it." } ], "http://www.w3.org/2000/01/rdf-schema#range": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + "@id": "http://www.w3.org/2001/XMLSchema#string" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a software manifest" + "@value": "A reference to a risk assessment for a package." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "manifest" + "@value": "riskAssessment" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment." + "@value": "Provides an EPSS assessment for a vulnerability." } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ { - "@value": "deployed" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" } - ] - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", - "@type": [ - "http://www.w3.org/2002/07/owl#DatatypeProperty" ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#nodeKind": [ { - "@language": "en", - "@value": "An entity that is authorized to issue identification credentials." + "@id": "http://www.w3.org/ns/shacl#IRI" } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#property": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@id": "_:Ndf582cda94a94023a3f5a11a839021c1" + }, + { + "@id": "_:Nb32bea549ae34bab9c5aef4829b9ee83" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", - "@type": [ - "http://www.w3.org/2002/07/owl#ObjectProperty" + "@id": "_:Ndf582cda94a94023a3f5a11a839021c1", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "Provides an IntegrityMethod with which the integrity of an Element can be\nasserted." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#range": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/probability" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + "@id": "_:Nb32bea549ae34bab9c5aef4829b9ee83", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ + "http://www.w3.org/ns/shacl#maxCount": [ { - "@language": "en", - "@value": "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact." + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 } ], - "http://www.w3.org/2000/01/rdf-schema#label": [ + "http://www.w3.org/ns/shacl#minCount": [ { - "@value": "endOfSupport" + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/percentile" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" @@ -15054,35 +15752,35 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "The `from` Element has manifest files that contain dependency information in each `to` Element." + "@value": "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships." } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "hasDependencyManifest" + "@value": "underInvestigationFor" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", "@type": [ "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" ], "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc)" + "@value": "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)" } ], "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": "file" + "@value": "cpe23" } ] }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "@type": [ "http://www.w3.org/2002/07/owl#Class", "http://www.w3.org/ns/shacl#NodeShape" @@ -15090,85 +15788,98 @@ "http://www.w3.org/2000/01/rdf-schema#comment": [ { "@language": "en", - "@value": "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element." + "@value": "Provides a CVSS version 3 assessment for a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" } ], "http://www.w3.org/ns/shacl#nodeKind": [ { - "@id": "http://www.w3.org/ns/shacl#BlankNode" + "@id": "http://www.w3.org/ns/shacl#IRI" } ], "http://www.w3.org/ns/shacl#property": [ { - "@id": "_:N2a107789c1094d15a6eb44e55d5bd3e6" + "@id": "_:N392736ad660c4444b162925f2f85a971" }, { - "@id": "_:Nf54188fb192f43499735be2474ba6013" + "@id": "_:Nd97fd6bc795a4c92b7847c716752f010" }, { - "@id": "_:N46ef41d434c44f76bbf4270e78dd8326" - }, + "@id": "_:N655a4f76a80043e59c274b12cb5b98cb" + } + ] + }, + { + "@id": "_:N392736ad660c4444b162925f2f85a971", + "http://www.w3.org/ns/shacl#datatype": [ { - "@id": "_:N4abc50f180a84921993cd17151590850" - }, + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ { - "@id": "_:N6f46c9b0564b46b9b7aab6aa4905be51" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" } ] }, { - "@id": "_:N2a107789c1094d15a6eb44e55d5bd3e6", + "@id": "_:Nd97fd6bc795a4c92b7847c716752f010", "http://www.w3.org/ns/shacl#class": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" } ], "http://www.w3.org/ns/shacl#in": [ { "@list": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other" - }, - { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low" }, { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none" } ] } ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -15179,12 +15890,12 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity" } ] }, { - "@id": "_:Nf54188fb192f43499735be2474ba6013", + "@id": "_:N655a4f76a80043e59c274b12cb5b98cb", "http://www.w3.org/ns/shacl#datatype": [ { "@id": "http://www.w3.org/2001/XMLSchema#string" @@ -15192,11 +15903,13 @@ ], "http://www.w3.org/ns/shacl#maxCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], "http://www.w3.org/ns/shacl#minCount": [ { + "@type": "http://www.w3.org/2001/XMLSchema#integer", "@value": 1 } ], @@ -15207,71 +15920,79 @@ ], "http://www.w3.org/ns/shacl#path": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifier" + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" } ] }, { - "@id": "_:N46ef41d434c44f76bbf4270e78dd8326", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ], - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "A reference to a export control assessment for a package." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + "@value": "exportControlAssessment" } ] }, { - "@id": "_:N4abc50f180a84921993cd17151590850", - "http://www.w3.org/ns/shacl#datatype": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "The Element is a bill of materials." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator" + "@value": "bom" } ] }, { - "@id": "_:N6f46c9b0564b46b9b7aab6aa4905be51", - "http://www.w3.org/ns/shacl#datatype": [ + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/2001/XMLSchema#string" + "@language": "en", + "@value": "data that is classified into a discrete number of categories, such as the eye color of a population of people." } ], - "http://www.w3.org/ns/shacl#maxCount": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@value": 1 + "@value": "categorical" } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" ], - "http://www.w3.org/ns/shacl#nodeKind": [ + "http://www.w3.org/2000/01/rdf-schema#comment": [ { - "@id": "http://www.w3.org/ns/shacl#Literal" + "@language": "en", + "@value": "No assertion can be made about the completeness of the relationship." } ], - "http://www.w3.org/ns/shacl#path": [ + "http://www.w3.org/2000/01/rdf-schema#label": [ { - "@id": "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority" + "@value": "noAssertion" } ] }