This is the official Accellence property taxonomy for CycloneDX.
It documents all custom key/value properties that may be added in CycloneDX SBOMs created for software products & components provided by Accellence Technologies GmbH (Hannover, Germany).
For more information about CycloneDX property taxonomies, refer to their official documentation.
| Namespace | Description |
|---|---|
accellence:about |
Namespace for any Accellence specific properties used for visualization in the application about dialogs. |
accellence:artifact |
Namespace for all Accellence specific properties associated the artifacts. |
accellence:metadata |
Namespace for all Accellence specific properties regarding any metadata (like license information, etc.). |
accellence:metadata:legal |
Namespace for all Accellence specific properties regarding any legal advisaries. |
accellence:signature |
Namespace for any Accellence specific properties regarding signatures. |
accellence:vulnerability |
Namespace for any Accellence specific properties regarding vulnerabilities. |
| Property | Description | Type | Property of |
|---|---|---|---|
accellence:about:icon |
Image prominently displayed in the list appearance of a component or service in the application about dialogs. | data:image;base64 | component/propertiesservice/properties |
accellence:about:publish |
A flag indicating whether the component or service appears in the application about dialogs (true) or not (false). |
bool | component/propertiesservice/properties |
accellence:about:sortKey |
Integer value defines the order of appearance of a component or service in the application about dialogs. | integer | component/propertiesservice/properties |
accellence:about:urls.homepage |
URL to the homepage of the components issuer/project. | URL | component/propertiesservice/properties |
accellence:about:urls.download |
Download URL to obtain the of the component packages or sourcecode. | URL | component/propertiesservice/properties |
| Property | Description | Type | Property of |
|---|---|---|---|
accellence:artifact:files |
Array of file describers of the artifacts content.
"(hash:[HASH]|fileName:[NAME]|modifiable:[0/1]|optional:[0/1]),..." |
objectlist | component/propertiesservice/properties |
accellence:artifact:linkage |
Only mandatory if the license is a weak or strong copyleft license (e.g., GPL, LGPL). Specifies how the component was integrated in the software.
|
enum: [dynamic, static, snippet, seperated] | component/propertiesservice/properties |
accellence:artifact:primaryLanguage |
Indicates the primary programming language the artifact is written in. | string | component/propertiesservice/properties |
| Property | Description | Type | Property of |
|---|---|---|---|
accellence:metadata:direct |
A flag indicating whether the component is a direct dependency (true)or a transitive dependency ( false). |
bool | component/propertiesservice/properties |
| Property | Description | Type | Property of |
|---|---|---|---|
accellence:metadata:legal:licenseObligations |
Important information to fulfill the license obligations for a distribution. | string | component/propertiesservice/properties |
accellence:metadata:legal:additionalCopyrightInformation |
The content of additional copyright information (e.g. NOTICE file - Apache License or additional hints in the license text, readme or authors, contributors files). | string | component/propertiesservice/properties |
accellence:metadata:legal:thirdPartyNotices |
The contents of all third-party notices found for the component, if any. Note that this is not the
path to the notice files, but the actual notice text (which may be quite a lot of text). Third-party
notices are provided by the component's author. Since CycloneDX allows only a single String value for this, we separate different notice files by two consecutive line feeds. |
string | component/propertiesservice/properties |
| Property | Description | Type | Property of |
|---|---|---|---|
accellence:signature:issuer:id |
Id of the issuer for sigining process. | string | component/propertiesservice/properties |
accellence:signature:issuer:pipeline |
Information about the signing pipeline. | string | component/propertiesservice/properties |
| Property | Description | Type | Property of |
|---|---|---|---|
accellence:vulnerability:toolchain:id |
A unique identifier in the vulnerability handling toolchain, aside from referenced id's (like CVE). | uuid | vulnerability/properties |
accellence:vulnerability:toolchain:processed |
The date and time (timestamp) when the vulnerability record was first processed by the toolchain. | date-time | vulnerability/properties |
accellence:vulnerability:tracking:accits |
List of tracking ids regarding the vulnerability, e.g. for analysis or from helpdesk. | list (comma seperated) | vulnerability/properties |
accellence:vulnerability:tracking:fixed |
Information about product version containing a fix. | string | vulnerability/properties |
These properties are maintained by Accellence Technologies. Feel free to raise an issue if you have any questions.
Copyright 2024 Accellence Technologies GmbH (Hannover, Germany).
Licensed under Apache License 2.0.