From 446daca26e6722ee3446cc8cecf8c5ddb3d7030d Mon Sep 17 00:00:00 2001 From: Marc-Etienne Vargenau Date: Tue, 30 Apr 2024 17:41:59 +0200 Subject: [PATCH 01/26] Meaning of the SPDX acronym has changed in SPDX 3.0 Signed-off-by: Marc-Etienne Vargenau --- docs/annexes/diffs-from-previous-editions.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/annexes/diffs-from-previous-editions.md b/docs/annexes/diffs-from-previous-editions.md index 576300fed..d3c3a6802 100644 --- a/docs/annexes/diffs-from-previous-editions.md +++ b/docs/annexes/diffs-from-previous-editions.md @@ -2,6 +2,12 @@ # A.1 Differences between V3.0 and V2.3 +## SPDX meaning + +In previous editions of the specification, SPDX meant "Software Package Data Exchange". + +Starting with V3.0, SPDX means "System Package Data Exchange". + ## Structural Differences These are the most significant breaking changes requiring a change in logic to handle a different model or structure for the information. Each structural difference will describe the change, describe an approach to translate from 2.3 to 3.0, and provide a rationale for the change. From 62b1a67c99a9e074fd8ee926b2b1ed88ce694710 Mon Sep 17 00:00:00 2001 From: Marc-Etienne Vargenau Date: Tue, 30 Apr 2024 19:50:14 +0200 Subject: [PATCH 02/26] Update docs/annexes/diffs-from-previous-editions.md Co-authored-by: Gary O'Neall Signed-off-by: Marc-Etienne Vargenau --- docs/annexes/diffs-from-previous-editions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/annexes/diffs-from-previous-editions.md b/docs/annexes/diffs-from-previous-editions.md index d3c3a6802..b14c9d2ba 100644 --- a/docs/annexes/diffs-from-previous-editions.md +++ b/docs/annexes/diffs-from-previous-editions.md @@ -6,7 +6,7 @@ In previous editions of the specification, SPDX meant "Software Package Data Exchange". -Starting with V3.0, SPDX means "System Package Data Exchange". +Starting with V3.0, the scope of SPDX has expanded beyond software and now means "System Package Data Exchange". ## Structural Differences From 86929b1a2786365b283663c9e0ce11bf217daa15 Mon Sep 17 00:00:00 2001 From: Kate Stewart <13152682+kestewart@users.noreply.github.com> Date: Mon, 15 Apr 2024 17:19:49 -0500 Subject: [PATCH 03/26] Update index.md Add missing SPDX-lite contributor Signed-off-by: Marc-Etienne Vargenau --- docs/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/index.md b/docs/index.md index 0bd0ae516..06bc157ef 100644 --- a/docs/index.md +++ b/docs/index.md @@ -39,6 +39,7 @@ Guillaume Rousseau, Hassib Khanafer, Henk Birkholz, Hiroyuki Fukuchi, +Itaru Hosomi, Jack Manbeck, Jaime Garcia, Jeff Licquia, From fc2b1ad486efe9c3e3adfb114c78689c4543ce38 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 21 Apr 2024 03:40:41 -0700 Subject: [PATCH 04/26] Fix typo: SpecVerion, interoperabiility - SpecVerion -> SpecVersion - interoperabiility -> interoperability - remove trailing white spaces at the end of line Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- docs/annexes/diffs-from-previous-editions.md | 36 ++++++++------------ 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/docs/annexes/diffs-from-previous-editions.md b/docs/annexes/diffs-from-previous-editions.md index b14c9d2ba..75260a6a8 100644 --- a/docs/annexes/diffs-from-previous-editions.md +++ b/docs/annexes/diffs-from-previous-editions.md @@ -217,7 +217,6 @@ The completeness property would be constructed based on the following: Relationship migration is being worked out in the relationships spreadsheet. Once completed, the following table will reflect the translation for relationship types from SPDX 2.3 to SPDX 3.0: - | SPDX 2.3 Relationship Type | SPDX 3.0 Relationship Type | Swap to and from? | LifecycleScopeType | |----------------------------|----------------------------|-------------------|--------------------| | AMENDS | amendedBy | Y | | @@ -291,10 +290,9 @@ Changing the snippetFromFile from a property to a relationship [to be filled in] ### SpecVersion - #### Description of Change -The type of SpecVerion is changed from a simple string without constraints to a SemVer string which must follow the [Semantic Versioning format](https://semver.org/). +The type of SpecVersion is changed from a simple string without constraints to a SemVer string which must follow the [Semantic Versioning format](https://semver.org/). This adds a constraint where a patch version is required. Previous usage of the SpecVersiononly included the major and minor version. @@ -336,7 +334,7 @@ example Not used -#### Range / Where Used +#### Range / Where Used LicenseException @@ -350,13 +348,11 @@ This field has not been used. licenseInfoInFiles - #### Tag/Value Name LicenseInfoInFiles - -#### Range / Where Used +#### Range / Where Used Package @@ -374,7 +370,7 @@ filesAnalyzed FilesAnalyzed -#### Range / Where Used +#### Range / Where Used Package @@ -402,7 +398,7 @@ ReleaseDate releaseTime -#### Range / Where Used +#### Range / Where Used Package @@ -424,7 +420,7 @@ BuildDate buildTime -#### Range / Where Used +#### Range / Where Used Package @@ -446,7 +442,7 @@ ValidUntilDate validUntilTime -#### Range / Where Used +#### Range / Where Used Package @@ -468,7 +464,7 @@ ExternalDocumentRef import -#### Range / Where Used +#### Range / Where Used SpdxDocument (Creation Information) @@ -492,7 +488,7 @@ FileChecksum, PackageChecksum verifiedUsing property and Hash class -#### Range / Where Used +#### Range / Where Used Package, File @@ -514,7 +510,7 @@ N/A - parsed from a string following the Checksum: keyword. hashAlgorithm -#### Range / Where Used +#### Range / Where Used Package, File @@ -536,7 +532,7 @@ PackageName, FileName name -#### Range / Where Used +#### Range / Where Used Package, File @@ -582,7 +578,7 @@ PackageHomePage homePage -#### Range / Where Used +#### Range / Where Used #### Rationale @@ -642,7 +638,6 @@ Custom Additions have been added in SPDX 3.0 which operate in a similar manner t ### License Exception - #### SPDX 2.3 Model Name LicenseException @@ -795,7 +790,7 @@ Note that additional purposes can be added using the additionalPurpose property. ## Serialization Formats -SPDX 3.0 implements a JSON-LD format which has consistent class and property names with the model. +SPDX 3.0 implements a JSON-LD format which has consistent class and property names with the model. See the SPDX 3.0 JSON Schema for the format specifics. @@ -803,9 +798,9 @@ The Tag/Value, YAML, RDF/XML and Spreadsheet formats are not supported. Additional serialization formats are being considered for the SPDX 3.1 release. -# A.2 Differences between V2.3 and V2.2.2 +# A.2 Differences between V2.3 and V2.2.2 -V2.3 has added new fields to improve the ability to capture security related information and to improve interoperabiility with other SBOM formats. +V2.3 has added new fields to improve the ability to capture security related information and to improve interoperability with other SBOM formats. Key changes include: @@ -886,7 +881,6 @@ SPDX Lite | Appendix VIII | Annex H/G* | SPDX File Tags | Appendix IX | Annex I/H* | Annex H Differences from Earlier SPDX Versions | N/A | Annex J/I* | Annex I - *_This edition featured inconsistent lettering._ # A.5 Differences from V2.2 and V2.1 From 9f56341ee3bfa305a0ab6e18022b093c3bdc1b5b Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Fri, 3 May 2024 16:52:33 +0700 Subject: [PATCH 05/26] mkdocs: Fix ref not found warnings A rework of #926 to fix unresolvable merge conflicts Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- docs/conformance.md | 10 +++++++--- mkdocs.yml | 4 ---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/conformance.md b/docs/conformance.md index 8c814ca79..2be0c69e1 100644 --- a/docs/conformance.md +++ b/docs/conformance.md @@ -4,8 +4,12 @@ TODO: update for SPDXv3 ## 4.1 SPDX Current and Previous Versions -This edition has the version number 2.3 as part of its title. This is a follow on from [ISO/IEC 5962:2021 -Information technology — SPDX® Specification V2.2.1](https://www.iso.org/standard/81870.html), and includes new fields. Earlier editions were published by the SPDX workgroup via the Linux Foundation. The SPDX Specification was subsequently transposed into the Joint Development Foundation. [Those earlier editions are: 1.0 (August 2011), 1.1 (August 2012), 1.2 (October 2013), 2.0 (May 2015), 2.1 (November 2016), and 2.2 (May 2020).] Differences between this edition and earlier ones are reported in [Annex J](diffs-from-previous-editions.md); see also [[1]](bibliography.md). +This edition has the version number 2.3 as part of its title. This is a follow on from [ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1](https://www.iso.org/standard/81870.html), and includes new fields. + +Earlier editions were published by the SPDX workgroup via the Linux Foundation. The SPDX Specification was subsequently transposed into the Joint Development Foundation. [Those earlier editions are: 1.0 (August 2011), 1.1 (August 2012), 1.2 (October 2013), 2.0 (May 2015), 2.1 (November 2016), and 2.2 (May 2020).] + +Differences between this edition and earlier ones are reported in [Annex J](annexes/diffs-from-previous-editions.md); +see also [[1]](bibliography.md). ## 4.2 Obsolete features @@ -80,4 +84,4 @@ The official copyright notice that shall be used with any non-verbatim reproduct ## 4.6 The SPDX Lite profile -Rather than conforming to this whole specification, an implementation may conform with SPDX Lite only, a profile that defines a subset of the SPDX specification. SPDX Lite aims at the balance between the SPDX standard and actual workflows in some industries. See [Annex G](SPDX-Lite.md) for more information. +Rather than conforming to this whole specification, an implementation may conform with SPDX Lite only, a profile that defines a subset of the SPDX specification. SPDX Lite aims at the balance between the SPDX standard and actual workflows in some industries. See [Annex G](annexes/SPDX-Lite.md) for more information. diff --git a/mkdocs.yml b/mkdocs.yml index 35486ce1d..c94bc0dd4 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -144,7 +144,6 @@ nav: - model/Software/Properties/downloadLocation.md - model/Software/Properties/fileKind.md - model/Software/Properties/homePage.md - - model/Software/Properties/isDirectory.md - model/Software/Properties/lineRange.md - model/Software/Properties/packageUrl.md - model/Software/Properties/packageVersion.md @@ -251,7 +250,6 @@ nav: - Dataset: - 'Description': model/Dataset/Dataset.md - Classes: - - model/Dataset/Classes/Dataset.md - model/Dataset/Classes/DatasetPackage.md - Properties: - model/Dataset/Properties/anonymizationMethodUsed.md @@ -266,7 +264,6 @@ nav: - model/Dataset/Properties/hasSensitivePersonalInformation.md - model/Dataset/Properties/intendedUse.md - model/Dataset/Properties/knownBias.md - - model/Dataset/Properties/sensitivePersonalInformation.md - model/Dataset/Properties/sensor.md - Vocabularies: - model/Dataset/Vocabularies/ConfidentialityLevelType.md @@ -295,7 +292,6 @@ nav: - model/AI/Properties/modelDataPreprocessing.md - model/AI/Properties/modelExplainability.md - model/AI/Properties/safetyRiskAssessment.md - - model/AI/Properties/sensitivePersonalInformation.md - model/AI/Properties/standardCompliance.md - model/AI/Properties/trainingEnergyConsumption.md - model/AI/Properties/typeOfModel.md From d1969455bce66d80d2966589dad83bdb9eeafc27 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Fri, 3 May 2024 17:08:59 +0700 Subject: [PATCH 06/26] Retain original long paragraph Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- docs/conformance.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/conformance.md b/docs/conformance.md index 2be0c69e1..35aa59d6f 100644 --- a/docs/conformance.md +++ b/docs/conformance.md @@ -4,11 +4,7 @@ TODO: update for SPDXv3 ## 4.1 SPDX Current and Previous Versions -This edition has the version number 2.3 as part of its title. This is a follow on from [ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1](https://www.iso.org/standard/81870.html), and includes new fields. - -Earlier editions were published by the SPDX workgroup via the Linux Foundation. The SPDX Specification was subsequently transposed into the Joint Development Foundation. [Those earlier editions are: 1.0 (August 2011), 1.1 (August 2012), 1.2 (October 2013), 2.0 (May 2015), 2.1 (November 2016), and 2.2 (May 2020).] - -Differences between this edition and earlier ones are reported in [Annex J](annexes/diffs-from-previous-editions.md); +This edition has the version number 2.3 as part of its title. This is a follow on from [ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1](https://www.iso.org/standard/81870.html), and includes new fields. Earlier editions were published by the SPDX workgroup via the Linux Foundation. The SPDX Specification was subsequently transposed into the Joint Development Foundation. [Those earlier editions are: 1.0 (August 2011), 1.1 (August 2012), 1.2 (October 2013), 2.0 (May 2015), 2.1 (November 2016), and 2.2 (May 2020).] Differences between this edition and earlier ones are reported in [Annex J](annexes/diffs-from-previous-editions.md); see also [[1]](bibliography.md). ## 4.2 Obsolete features From 39e8151e3def3f74ab49000b3f2c9018b21aff7f Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Fri, 3 May 2024 17:10:31 +0700 Subject: [PATCH 07/26] Retaining original long paragraph Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- docs/conformance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/conformance.md b/docs/conformance.md index 35aa59d6f..59fa193ac 100644 --- a/docs/conformance.md +++ b/docs/conformance.md @@ -4,8 +4,8 @@ TODO: update for SPDXv3 ## 4.1 SPDX Current and Previous Versions -This edition has the version number 2.3 as part of its title. This is a follow on from [ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1](https://www.iso.org/standard/81870.html), and includes new fields. Earlier editions were published by the SPDX workgroup via the Linux Foundation. The SPDX Specification was subsequently transposed into the Joint Development Foundation. [Those earlier editions are: 1.0 (August 2011), 1.1 (August 2012), 1.2 (October 2013), 2.0 (May 2015), 2.1 (November 2016), and 2.2 (May 2020).] Differences between this edition and earlier ones are reported in [Annex J](annexes/diffs-from-previous-editions.md); -see also [[1]](bibliography.md). +This edition has the version number 2.3 as part of its title. This is a follow on from [ISO/IEC 5962:2021 +Information technology — SPDX® Specification V2.2.1](https://www.iso.org/standard/81870.html), and includes new fields. Earlier editions were published by the SPDX workgroup via the Linux Foundation. The SPDX Specification was subsequently transposed into the Joint Development Foundation. [Those earlier editions are: 1.0 (August 2011), 1.1 (August 2012), 1.2 (October 2013), 2.0 (May 2015), 2.1 (November 2016), and 2.2 (May 2020).] Differences between this edition and earlier ones are reported in [Annex J](annexes/diffs-from-previous-editions.md); see also [[1]](bibliography.md). ## 4.2 Obsolete features From dff26ed86bc0473d8f028bd65722843a06eb3c6a Mon Sep 17 00:00:00 2001 From: Joshua Watt Date: Tue, 21 May 2024 12:45:45 -0600 Subject: [PATCH 08/26] Remove ontology directory These are not kept up to date (the actual files are in the GitHub pages), and having them here confuses people Signed-off-by: Joshua Watt Signed-off-by: Marc-Etienne Vargenau --- ontology/context.jsonld | 481 -- ontology/model.plantuml | 510 -- ontology/ontology.rdf.dot | 2940 -------- ontology/ontology.rdf.json-ld | 11421 ----------------------------- ontology/ontology.rdf.pretty-xml | 3506 --------- ontology/ontology.rdf.ttl | 2800 ------- ontology/ontology.rdf.xml | 3805 ---------- 7 files changed, 25463 deletions(-) delete mode 100644 ontology/context.jsonld delete mode 100644 ontology/model.plantuml delete mode 100644 ontology/ontology.rdf.dot delete mode 100644 ontology/ontology.rdf.json-ld delete mode 100644 ontology/ontology.rdf.pretty-xml delete mode 100644 ontology/ontology.rdf.ttl delete mode 100644 ontology/ontology.rdf.xml diff --git a/ontology/context.jsonld b/ontology/context.jsonld deleted file mode 100644 index 470d12470..000000000 --- a/ontology/context.jsonld +++ /dev/null @@ -1,481 +0,0 @@ -{ - "AI/AIPackage": "spdx:AI/AIPackage", - "AI/SafetyRiskAssessmentType": "spdx:AI/SafetyRiskAssessmentType", - "AI/SafetyRiskAssessmentType/high": "spdx:AI/SafetyRiskAssessmentType/high", - "AI/SafetyRiskAssessmentType/low": "spdx:AI/SafetyRiskAssessmentType/low", - "AI/SafetyRiskAssessmentType/medium": "spdx:AI/SafetyRiskAssessmentType/medium", - "AI/SafetyRiskAssessmentType/serious": "spdx:AI/SafetyRiskAssessmentType/serious", - "AI/autonomyType": "spdx:AI/autonomyType", - "AI/domain": "spdx:AI/domain", - "AI/energyConsumption": "spdx:AI/energyConsumption", - "AI/hyperparameter": "spdx:AI/hyperparameter", - "AI/informationAboutApplication": "spdx:AI/informationAboutApplication", - "AI/informationAboutTraining": "spdx:AI/informationAboutTraining", - "AI/limitation": "spdx:AI/limitation", - "AI/metric": "spdx:AI/metric", - "AI/metricDecisionThreshold": "spdx:AI/metricDecisionThreshold", - "AI/modelDataPreprocessing": "spdx:AI/modelDataPreprocessing", - "AI/modelExplainability": "spdx:AI/modelExplainability", - "AI/safetyRiskAssessment": "spdx:AI/safetyRiskAssessment", - "AI/sensitivePersonalInformation": "spdx:AI/sensitivePersonalInformation", - "AI/standardCompliance": "spdx:AI/standardCompliance", - "AI/typeOfModel": "spdx:AI/typeOfModel", - "Build/Build": "spdx:Build/Build", - "Build/buildEndTime": "spdx:Build/buildEndTime", - "Build/buildId": "spdx:Build/buildId", - "Build/buildStartTime": "spdx:Build/buildStartTime", - "Build/buildType": "spdx:Build/buildType", - "Build/configSourceDigest": "spdx:Build/configSourceDigest", - "Build/configSourceEntrypoint": "spdx:Build/configSourceEntrypoint", - "Build/configSourceUri": "spdx:Build/configSourceUri", - "Build/environment": "spdx:Build/environment", - "Build/parameters": "spdx:Build/parameters", - "Core/Agent": "spdx:Core/Agent", - "Core/Annotation": "spdx:Core/Annotation", - "Core/AnnotationType": "spdx:Core/AnnotationType", - "Core/AnnotationType/other": "spdx:Core/AnnotationType/other", - "Core/AnnotationType/review": "spdx:Core/AnnotationType/review", - "Core/Artifact": "spdx:Core/Artifact", - "Core/Bom": "spdx:Core/Bom", - "Core/Bundle": "spdx:Core/Bundle", - "Core/CreationInfo": "spdx:Core/CreationInfo", - "Core/DictionaryEntry": "spdx:Core/DictionaryEntry", - "Core/Element": "spdx:Core/Element", - "Core/ElementCollection": "spdx:Core/ElementCollection", - "Core/ExternalIdentifier": "spdx:Core/ExternalIdentifier", - "Core/ExternalIdentifierType": "spdx:Core/ExternalIdentifierType", - "Core/ExternalIdentifierType/cpe22": "spdx:Core/ExternalIdentifierType/cpe22", - "Core/ExternalIdentifierType/cpe23": "spdx:Core/ExternalIdentifierType/cpe23", - "Core/ExternalIdentifierType/cve": "spdx:Core/ExternalIdentifierType/cve", - "Core/ExternalIdentifierType/email": "spdx:Core/ExternalIdentifierType/email", - "Core/ExternalIdentifierType/gitoid": "spdx:Core/ExternalIdentifierType/gitoid", - "Core/ExternalIdentifierType/other": "spdx:Core/ExternalIdentifierType/other", - "Core/ExternalIdentifierType/packageUrl": "spdx:Core/ExternalIdentifierType/packageUrl", - "Core/ExternalIdentifierType/securityOther": "spdx:Core/ExternalIdentifierType/securityOther", - "Core/ExternalIdentifierType/swhid": "spdx:Core/ExternalIdentifierType/swhid", - "Core/ExternalIdentifierType/swid": "spdx:Core/ExternalIdentifierType/swid", - "Core/ExternalIdentifierType/urlScheme": "spdx:Core/ExternalIdentifierType/urlScheme", - "Core/ExternalMap": "spdx:Core/ExternalMap", - "Core/ExternalRef": "spdx:Core/ExternalRef", - "Core/ExternalRefType": "spdx:Core/ExternalRefType", - "Core/ExternalRefType/altDownloadLocation": "spdx:Core/ExternalRefType/altDownloadLocation", - "Core/ExternalRefType/altWebPage": "spdx:Core/ExternalRefType/altWebPage", - "Core/ExternalRefType/binaryArtifact": "spdx:Core/ExternalRefType/binaryArtifact", - "Core/ExternalRefType/bower": "spdx:Core/ExternalRefType/bower", - "Core/ExternalRefType/buildMeta": "spdx:Core/ExternalRefType/buildMeta", - "Core/ExternalRefType/buildSystem": "spdx:Core/ExternalRefType/buildSystem", - "Core/ExternalRefType/certificationReport": "spdx:Core/ExternalRefType/certificationReport", - "Core/ExternalRefType/chat": "spdx:Core/ExternalRefType/chat", - "Core/ExternalRefType/componentAnalysisReport": "spdx:Core/ExternalRefType/componentAnalysisReport", - "Core/ExternalRefType/documentation": "spdx:Core/ExternalRefType/documentation", - "Core/ExternalRefType/dynamicAnalysisReport": "spdx:Core/ExternalRefType/dynamicAnalysisReport", - "Core/ExternalRefType/eolNotice": "spdx:Core/ExternalRefType/eolNotice", - "Core/ExternalRefType/exportControlAssessment": "spdx:Core/ExternalRefType/exportControlAssessment", - "Core/ExternalRefType/funding": "spdx:Core/ExternalRefType/funding", - "Core/ExternalRefType/issueTracker": "spdx:Core/ExternalRefType/issueTracker", - "Core/ExternalRefType/license": "spdx:Core/ExternalRefType/license", - "Core/ExternalRefType/mailingList": "spdx:Core/ExternalRefType/mailingList", - "Core/ExternalRefType/mavenCentral": "spdx:Core/ExternalRefType/mavenCentral", - "Core/ExternalRefType/metrics": "spdx:Core/ExternalRefType/metrics", - "Core/ExternalRefType/npm": "spdx:Core/ExternalRefType/npm", - "Core/ExternalRefType/nuget": "spdx:Core/ExternalRefType/nuget", - "Core/ExternalRefType/other": "spdx:Core/ExternalRefType/other", - "Core/ExternalRefType/privacyAssessment": "spdx:Core/ExternalRefType/privacyAssessment", - "Core/ExternalRefType/productMetadata": "spdx:Core/ExternalRefType/productMetadata", - "Core/ExternalRefType/purchaseOrder": "spdx:Core/ExternalRefType/purchaseOrder", - "Core/ExternalRefType/qualityAssessmentReport": "spdx:Core/ExternalRefType/qualityAssessmentReport", - "Core/ExternalRefType/releaseHistory": "spdx:Core/ExternalRefType/releaseHistory", - "Core/ExternalRefType/releaseNotes": "spdx:Core/ExternalRefType/releaseNotes", - "Core/ExternalRefType/riskAssessment": "spdx:Core/ExternalRefType/riskAssessment", - "Core/ExternalRefType/runtimeAnalysisReport": "spdx:Core/ExternalRefType/runtimeAnalysisReport", - "Core/ExternalRefType/secureSoftwareAttestation": "spdx:Core/ExternalRefType/secureSoftwareAttestation", - "Core/ExternalRefType/securityAdversaryModel": "spdx:Core/ExternalRefType/securityAdversaryModel", - "Core/ExternalRefType/securityAdvisory": "spdx:Core/ExternalRefType/securityAdvisory", - "Core/ExternalRefType/securityFix": "spdx:Core/ExternalRefType/securityFix", - "Core/ExternalRefType/securityOther": "spdx:Core/ExternalRefType/securityOther", - "Core/ExternalRefType/securityPenTestReport": "spdx:Core/ExternalRefType/securityPenTestReport", - "Core/ExternalRefType/securityPolicy": "spdx:Core/ExternalRefType/securityPolicy", - "Core/ExternalRefType/securityThreatModel": "spdx:Core/ExternalRefType/securityThreatModel", - "Core/ExternalRefType/socialMedia": "spdx:Core/ExternalRefType/socialMedia", - "Core/ExternalRefType/sourceArtifact": "spdx:Core/ExternalRefType/sourceArtifact", - "Core/ExternalRefType/staticAnalysisReport": "spdx:Core/ExternalRefType/staticAnalysisReport", - "Core/ExternalRefType/support": "spdx:Core/ExternalRefType/support", - "Core/ExternalRefType/vcs": "spdx:Core/ExternalRefType/vcs", - "Core/ExternalRefType/vulnerabilityDisclosureReport": "spdx:Core/ExternalRefType/vulnerabilityDisclosureReport", - "Core/ExternalRefType/vulnerabilityExploitabilityAssessment": "spdx:Core/ExternalRefType/vulnerabilityExploitabilityAssessment", - "Core/Hash": "spdx:Core/Hash", - "Core/HashAlgorithm": "spdx:Core/HashAlgorithm", - "Core/HashAlgorithm/blake2b256": "spdx:Core/HashAlgorithm/blake2b256", - "Core/HashAlgorithm/blake2b384": "spdx:Core/HashAlgorithm/blake2b384", - "Core/HashAlgorithm/blake2b512": "spdx:Core/HashAlgorithm/blake2b512", - "Core/HashAlgorithm/blake3": "spdx:Core/HashAlgorithm/blake3", - "Core/HashAlgorithm/crystalsDilithium": "spdx:Core/HashAlgorithm/crystalsDilithium", - "Core/HashAlgorithm/crystalsKyber": "spdx:Core/HashAlgorithm/crystalsKyber", - "Core/HashAlgorithm/falcon": "spdx:Core/HashAlgorithm/falcon", - "Core/HashAlgorithm/md2": "spdx:Core/HashAlgorithm/md2", - "Core/HashAlgorithm/md4": "spdx:Core/HashAlgorithm/md4", - "Core/HashAlgorithm/md5": "spdx:Core/HashAlgorithm/md5", - "Core/HashAlgorithm/md6": "spdx:Core/HashAlgorithm/md6", - "Core/HashAlgorithm/other": "spdx:Core/HashAlgorithm/other", - "Core/HashAlgorithm/sha1": "spdx:Core/HashAlgorithm/sha1", - "Core/HashAlgorithm/sha224": "spdx:Core/HashAlgorithm/sha224", - "Core/HashAlgorithm/sha256": "spdx:Core/HashAlgorithm/sha256", - "Core/HashAlgorithm/sha384": "spdx:Core/HashAlgorithm/sha384", - "Core/HashAlgorithm/sha3_224": "spdx:Core/HashAlgorithm/sha3_224", - "Core/HashAlgorithm/sha3_256": "spdx:Core/HashAlgorithm/sha3_256", - "Core/HashAlgorithm/sha3_384": "spdx:Core/HashAlgorithm/sha3_384", - "Core/HashAlgorithm/sha3_512": "spdx:Core/HashAlgorithm/sha3_512", - "Core/HashAlgorithm/sha512": "spdx:Core/HashAlgorithm/sha512", - "Core/IntegrityMethod": "spdx:Core/IntegrityMethod", - "Core/LifecycleScopeType": "spdx:Core/LifecycleScopeType", - "Core/LifecycleScopeType/build": "spdx:Core/LifecycleScopeType/build", - "Core/LifecycleScopeType/design": "spdx:Core/LifecycleScopeType/design", - "Core/LifecycleScopeType/development": "spdx:Core/LifecycleScopeType/development", - "Core/LifecycleScopeType/other": "spdx:Core/LifecycleScopeType/other", - "Core/LifecycleScopeType/runtime": "spdx:Core/LifecycleScopeType/runtime", - "Core/LifecycleScopeType/test": "spdx:Core/LifecycleScopeType/test", - "Core/LifecycleScopedRelationship": "spdx:Core/LifecycleScopedRelationship", - "Core/NamespaceMap": "spdx:Core/NamespaceMap", - "Core/Organization": "spdx:Core/Organization", - "Core/PackageVerificationCode": "spdx:Core/PackageVerificationCode", - "Core/Person": "spdx:Core/Person", - "Core/PositiveIntegerRange": "spdx:Core/PositiveIntegerRange", - "Core/PresenceType": "spdx:Core/PresenceType", - "Core/PresenceType/no": "spdx:Core/PresenceType/no", - "Core/PresenceType/noAssertion": "spdx:Core/PresenceType/noAssertion", - "Core/PresenceType/yes": "spdx:Core/PresenceType/yes", - "Core/ProfileIdentifierType": "spdx:Core/ProfileIdentifierType", - "Core/ProfileIdentifierType/ai": "spdx:Core/ProfileIdentifierType/ai", - "Core/ProfileIdentifierType/build": "spdx:Core/ProfileIdentifierType/build", - "Core/ProfileIdentifierType/core": "spdx:Core/ProfileIdentifierType/core", - "Core/ProfileIdentifierType/dataset": "spdx:Core/ProfileIdentifierType/dataset", - "Core/ProfileIdentifierType/expandedLicensing": "spdx:Core/ProfileIdentifierType/expandedLicensing", - "Core/ProfileIdentifierType/extension": "spdx:Core/ProfileIdentifierType/extension", - "Core/ProfileIdentifierType/security": "spdx:Core/ProfileIdentifierType/security", - "Core/ProfileIdentifierType/simpleLicensing": "spdx:Core/ProfileIdentifierType/simpleLicensing", - "Core/ProfileIdentifierType/software": "spdx:Core/ProfileIdentifierType/software", - "Core/ProfileIdentifierType/usage": "spdx:Core/ProfileIdentifierType/usage", - "Core/Relationship": "spdx:Core/Relationship", - "Core/RelationshipCompleteness": "spdx:Core/RelationshipCompleteness", - "Core/RelationshipCompleteness/complete": "spdx:Core/RelationshipCompleteness/complete", - "Core/RelationshipCompleteness/incomplete": "spdx:Core/RelationshipCompleteness/incomplete", - "Core/RelationshipCompleteness/noAssertion": "spdx:Core/RelationshipCompleteness/noAssertion", - "Core/RelationshipType": "spdx:Core/RelationshipType", - "Core/RelationshipType/affects": "spdx:Core/RelationshipType/affects", - "Core/RelationshipType/amendedBy": "spdx:Core/RelationshipType/amendedBy", - "Core/RelationshipType/ancestorOf": "spdx:Core/RelationshipType/ancestorOf", - "Core/RelationshipType/availableFrom": "spdx:Core/RelationshipType/availableFrom", - "Core/RelationshipType/configures": "spdx:Core/RelationshipType/configures", - "Core/RelationshipType/contains": "spdx:Core/RelationshipType/contains", - "Core/RelationshipType/coordinatedBy": "spdx:Core/RelationshipType/coordinatedBy", - "Core/RelationshipType/copiedTo": "spdx:Core/RelationshipType/copiedTo", - "Core/RelationshipType/delegatedTo": "spdx:Core/RelationshipType/delegatedTo", - "Core/RelationshipType/dependsOn": "spdx:Core/RelationshipType/dependsOn", - "Core/RelationshipType/descendantOf": "spdx:Core/RelationshipType/descendantOf", - "Core/RelationshipType/describes": "spdx:Core/RelationshipType/describes", - "Core/RelationshipType/doesNotAffect": "spdx:Core/RelationshipType/doesNotAffect", - "Core/RelationshipType/expandsTo": "spdx:Core/RelationshipType/expandsTo", - "Core/RelationshipType/exploitCreatedBy": "spdx:Core/RelationshipType/exploitCreatedBy", - "Core/RelationshipType/fixedBy": "spdx:Core/RelationshipType/fixedBy", - "Core/RelationshipType/fixedIn": "spdx:Core/RelationshipType/fixedIn", - "Core/RelationshipType/foundBy": "spdx:Core/RelationshipType/foundBy", - "Core/RelationshipType/generates": "spdx:Core/RelationshipType/generates", - "Core/RelationshipType/hasAddedFile": "spdx:Core/RelationshipType/hasAddedFile", - "Core/RelationshipType/hasAssessmentFor": "spdx:Core/RelationshipType/hasAssessmentFor", - "Core/RelationshipType/hasAssociatedVulnerability": "spdx:Core/RelationshipType/hasAssociatedVulnerability", - "Core/RelationshipType/hasConcludedLicense": "spdx:Core/RelationshipType/hasConcludedLicense", - "Core/RelationshipType/hasDataFile": "spdx:Core/RelationshipType/hasDataFile", - "Core/RelationshipType/hasDeclaredLicense": "spdx:Core/RelationshipType/hasDeclaredLicense", - "Core/RelationshipType/hasDeletedFile": "spdx:Core/RelationshipType/hasDeletedFile", - "Core/RelationshipType/hasDependencyManifest": "spdx:Core/RelationshipType/hasDependencyManifest", - "Core/RelationshipType/hasDistributionArtifact": "spdx:Core/RelationshipType/hasDistributionArtifact", - "Core/RelationshipType/hasDocumentation": "spdx:Core/RelationshipType/hasDocumentation", - "Core/RelationshipType/hasDynamicLink": "spdx:Core/RelationshipType/hasDynamicLink", - "Core/RelationshipType/hasEvidence": "spdx:Core/RelationshipType/hasEvidence", - "Core/RelationshipType/hasExample": "spdx:Core/RelationshipType/hasExample", - "Core/RelationshipType/hasHost": "spdx:Core/RelationshipType/hasHost", - "Core/RelationshipType/hasInputs": "spdx:Core/RelationshipType/hasInputs", - "Core/RelationshipType/hasMetadata": "spdx:Core/RelationshipType/hasMetadata", - "Core/RelationshipType/hasOptionalComponent": "spdx:Core/RelationshipType/hasOptionalComponent", - "Core/RelationshipType/hasOptionalDependency": "spdx:Core/RelationshipType/hasOptionalDependency", - "Core/RelationshipType/hasOutputs": "spdx:Core/RelationshipType/hasOutputs", - "Core/RelationshipType/hasPrerequsite": "spdx:Core/RelationshipType/hasPrerequsite", - "Core/RelationshipType/hasProvidedDependency": "spdx:Core/RelationshipType/hasProvidedDependency", - "Core/RelationshipType/hasRequirement": "spdx:Core/RelationshipType/hasRequirement", - "Core/RelationshipType/hasSpecification": "spdx:Core/RelationshipType/hasSpecification", - "Core/RelationshipType/hasStaticLink": "spdx:Core/RelationshipType/hasStaticLink", - "Core/RelationshipType/hasTest": "spdx:Core/RelationshipType/hasTest", - "Core/RelationshipType/hasTestCase": "spdx:Core/RelationshipType/hasTestCase", - "Core/RelationshipType/hasVariant": "spdx:Core/RelationshipType/hasVariant", - "Core/RelationshipType/invokedBy": "spdx:Core/RelationshipType/invokedBy", - "Core/RelationshipType/modifiedBy": "spdx:Core/RelationshipType/modifiedBy", - "Core/RelationshipType/other": "spdx:Core/RelationshipType/other", - "Core/RelationshipType/packagedBy": "spdx:Core/RelationshipType/packagedBy", - "Core/RelationshipType/patchedBy": "spdx:Core/RelationshipType/patchedBy", - "Core/RelationshipType/publishedBy": "spdx:Core/RelationshipType/publishedBy", - "Core/RelationshipType/reportedBy": "spdx:Core/RelationshipType/reportedBy", - "Core/RelationshipType/republishedBy": "spdx:Core/RelationshipType/republishedBy", - "Core/RelationshipType/serializedInArtifact": "spdx:Core/RelationshipType/serializedInArtifact", - "Core/RelationshipType/testedOn": "spdx:Core/RelationshipType/testedOn", - "Core/RelationshipType/trainedOn": "spdx:Core/RelationshipType/trainedOn", - "Core/RelationshipType/underInvestigationFor": "spdx:Core/RelationshipType/underInvestigationFor", - "Core/RelationshipType/usesTool": "spdx:Core/RelationshipType/usesTool", - "Core/SoftwareAgent": "spdx:Core/SoftwareAgent", - "Core/SpdxDocument": "spdx:Core/SpdxDocument", - "Core/SupportType": "spdx:Core/SupportType", - "Core/SupportType/development": "spdx:Core/SupportType/development", - "Core/SupportType/endOfSupport": "spdx:Core/SupportType/endOfSupport", - "Core/SupportType/limitedSupport": "spdx:Core/SupportType/limitedSupport", - "Core/SupportType/noAssertion": "spdx:Core/SupportType/noAssertion", - "Core/SupportType/noSupport": "spdx:Core/SupportType/noSupport", - "Core/SupportType/support": "spdx:Core/SupportType/support", - "Core/Tool": "spdx:Core/Tool", - "Core/algorithm": "spdx:Core/algorithm", - "Core/annotationType": "spdx:Core/annotationType", - "Core/beginIntegerRange": "spdx:Core/beginIntegerRange", - "Core/builtTime": "spdx:Core/builtTime", - "Core/comment": "spdx:Core/comment", - "Core/completeness": "spdx:Core/completeness", - "Core/contentType": "spdx:Core/contentType", - "Core/context": "spdx:Core/context", - "Core/created": "spdx:Core/created", - "Core/createdBy": "spdx:Core/createdBy", - "Core/createdUsing": "spdx:Core/createdUsing", - "Core/creationInfo": "spdx:Core/creationInfo", - "Core/dataLicense": "spdx:Core/dataLicense", - "Core/definingArtifact": "spdx:Core/definingArtifact", - "Core/description": "spdx:Core/description", - "Core/element": "spdx:Core/element", - "Core/endIntegerRange": "spdx:Core/endIntegerRange", - "Core/endTime": "spdx:Core/endTime", - "Core/extension": "spdx:Core/extension", - "Core/externalIdentifier": "spdx:Core/externalIdentifier", - "Core/externalIdentifierType": "spdx:Core/externalIdentifierType", - "Core/externalRef": "spdx:Core/externalRef", - "Core/externalRefType": "spdx:Core/externalRefType", - "Core/externalSpdxId": "spdx:Core/externalSpdxId", - "Core/from": "spdx:Core/from", - "Core/hashValue": "spdx:Core/hashValue", - "Core/identifier": "spdx:Core/identifier", - "Core/identifierLocator": "spdx:Core/identifierLocator", - "Core/imports": "spdx:Core/imports", - "Core/issuingAuthority": "spdx:Core/issuingAuthority", - "Core/key": "spdx:Core/key", - "Core/locationHint": "spdx:Core/locationHint", - "Core/locator": "spdx:Core/locator", - "Core/name": "spdx:Core/name", - "Core/namespace": "spdx:Core/namespace", - "Core/namespaceMap": "spdx:Core/namespaceMap", - "Core/originatedBy": "spdx:Core/originatedBy", - "Core/packageVerificationCodeExcludedFile": "spdx:Core/packageVerificationCodeExcludedFile", - "Core/prefix": "spdx:Core/prefix", - "Core/profileConformance": "spdx:Core/profileConformance", - "Core/relationshipType": "spdx:Core/relationshipType", - "Core/releaseTime": "spdx:Core/releaseTime", - "Core/rootElement": "spdx:Core/rootElement", - "Core/scope": "spdx:Core/scope", - "Core/spdxId": "spdx:Core/spdxId", - "Core/specVersion": "spdx:Core/specVersion", - "Core/standardName": "spdx:Core/standardName", - "Core/startTime": "spdx:Core/startTime", - "Core/statement": "spdx:Core/statement", - "Core/subject": "spdx:Core/subject", - "Core/summary": "spdx:Core/summary", - "Core/suppliedBy": "spdx:Core/suppliedBy", - "Core/supportLevel": "spdx:Core/supportLevel", - "Core/to": "spdx:Core/to", - "Core/validUntilTime": "spdx:Core/validUntilTime", - "Core/value": "spdx:Core/value", - "Core/verifiedUsing": "spdx:Core/verifiedUsing", - "Dataset/ConfidentialityLevelType": "spdx:Dataset/ConfidentialityLevelType", - "Dataset/ConfidentialityLevelType/amber": "spdx:Dataset/ConfidentialityLevelType/amber", - "Dataset/ConfidentialityLevelType/clear": "spdx:Dataset/ConfidentialityLevelType/clear", - "Dataset/ConfidentialityLevelType/green": "spdx:Dataset/ConfidentialityLevelType/green", - "Dataset/ConfidentialityLevelType/red": "spdx:Dataset/ConfidentialityLevelType/red", - "Dataset/Dataset": "spdx:Dataset/Dataset", - "Dataset/DatasetAvailabilityType": "spdx:Dataset/DatasetAvailabilityType", - "Dataset/DatasetAvailabilityType/clickthrough": "spdx:Dataset/DatasetAvailabilityType/clickthrough", - "Dataset/DatasetAvailabilityType/directDownload": "spdx:Dataset/DatasetAvailabilityType/directDownload", - "Dataset/DatasetAvailabilityType/query": "spdx:Dataset/DatasetAvailabilityType/query", - "Dataset/DatasetAvailabilityType/registration": "spdx:Dataset/DatasetAvailabilityType/registration", - "Dataset/DatasetAvailabilityType/scrapingScript": "spdx:Dataset/DatasetAvailabilityType/scrapingScript", - "Dataset/DatasetType": "spdx:Dataset/DatasetType", - "Dataset/DatasetType/audio": "spdx:Dataset/DatasetType/audio", - "Dataset/DatasetType/categorical": "spdx:Dataset/DatasetType/categorical", - "Dataset/DatasetType/graph": "spdx:Dataset/DatasetType/graph", - "Dataset/DatasetType/image": "spdx:Dataset/DatasetType/image", - "Dataset/DatasetType/noAssertion": "spdx:Dataset/DatasetType/noAssertion", - "Dataset/DatasetType/numeric": "spdx:Dataset/DatasetType/numeric", - "Dataset/DatasetType/other": "spdx:Dataset/DatasetType/other", - "Dataset/DatasetType/sensor": "spdx:Dataset/DatasetType/sensor", - "Dataset/DatasetType/structured": "spdx:Dataset/DatasetType/structured", - "Dataset/DatasetType/syntactic": "spdx:Dataset/DatasetType/syntactic", - "Dataset/DatasetType/text": "spdx:Dataset/DatasetType/text", - "Dataset/DatasetType/timeseries": "spdx:Dataset/DatasetType/timeseries", - "Dataset/DatasetType/timestamp": "spdx:Dataset/DatasetType/timestamp", - "Dataset/DatasetType/video": "spdx:Dataset/DatasetType/video", - "Dataset/anonymizationMethodUsed": "spdx:Dataset/anonymizationMethodUsed", - "Dataset/confidentialityLevel": "spdx:Dataset/confidentialityLevel", - "Dataset/dataCollectionProcess": "spdx:Dataset/dataCollectionProcess", - "Dataset/dataPreprocessing": "spdx:Dataset/dataPreprocessing", - "Dataset/datasetAvailability": "spdx:Dataset/datasetAvailability", - "Dataset/datasetNoise": "spdx:Dataset/datasetNoise", - "Dataset/datasetSize": "spdx:Dataset/datasetSize", - "Dataset/datasetType": "spdx:Dataset/datasetType", - "Dataset/datasetUpdateMechanism": "spdx:Dataset/datasetUpdateMechanism", - "Dataset/intendedUse": "spdx:Dataset/intendedUse", - "Dataset/knownBias": "spdx:Dataset/knownBias", - "Dataset/sensitivePersonalInformation": "spdx:Dataset/sensitivePersonalInformation", - "Dataset/sensor": "spdx:Dataset/sensor", - "ExpandedLicensing/ConjunctiveLicenseSet": "spdx:ExpandedLicensing/ConjunctiveLicenseSet", - "ExpandedLicensing/CustomLicense": "spdx:ExpandedLicensing/CustomLicense", - "ExpandedLicensing/CustomLicenseAddition": "spdx:ExpandedLicensing/CustomLicenseAddition", - "ExpandedLicensing/DisjunctiveLicenseSet": "spdx:ExpandedLicensing/DisjunctiveLicenseSet", - "ExpandedLicensing/ExtendableLicense": "spdx:ExpandedLicensing/ExtendableLicense", - "ExpandedLicensing/IndividualLicensingInfo": "spdx:ExpandedLicensing/IndividualLicensingInfo", - "ExpandedLicensing/License": "spdx:ExpandedLicensing/License", - "ExpandedLicensing/LicenseAddition": "spdx:ExpandedLicensing/LicenseAddition", - "ExpandedLicensing/ListedLicense": "spdx:ExpandedLicensing/ListedLicense", - "ExpandedLicensing/ListedLicenseException": "spdx:ExpandedLicensing/ListedLicenseException", - "ExpandedLicensing/NoAssertionLicense": "spdx:ExpandedLicensing/NoAssertionLicense", - "ExpandedLicensing/NoneLicense": "spdx:ExpandedLicensing/NoneLicense", - "ExpandedLicensing/OrLaterOperator": "spdx:ExpandedLicensing/OrLaterOperator", - "ExpandedLicensing/WithAdditionOperator": "spdx:ExpandedLicensing/WithAdditionOperator", - "ExpandedLicensing/additionText": "spdx:ExpandedLicensing/additionText", - "ExpandedLicensing/deprecatedVersion": "spdx:ExpandedLicensing/deprecatedVersion", - "ExpandedLicensing/isDeprecatedAdditionId": "spdx:ExpandedLicensing/isDeprecatedAdditionId", - "ExpandedLicensing/isDeprecatedLicenseId": "spdx:ExpandedLicensing/isDeprecatedLicenseId", - "ExpandedLicensing/isFsfLibre": "spdx:ExpandedLicensing/isFsfLibre", - "ExpandedLicensing/isOsiApproved": "spdx:ExpandedLicensing/isOsiApproved", - "ExpandedLicensing/licenseXml": "spdx:ExpandedLicensing/licenseXml", - "ExpandedLicensing/listVersionAdded": "spdx:ExpandedLicensing/listVersionAdded", - "ExpandedLicensing/member": "spdx:ExpandedLicensing/member", - "ExpandedLicensing/obsoletedBy": "spdx:ExpandedLicensing/obsoletedBy", - "ExpandedLicensing/seeAlso": "spdx:ExpandedLicensing/seeAlso", - "ExpandedLicensing/standardAdditionTemplate": "spdx:ExpandedLicensing/standardAdditionTemplate", - "ExpandedLicensing/standardLicenseHeader": "spdx:ExpandedLicensing/standardLicenseHeader", - "ExpandedLicensing/standardLicenseTemplate": "spdx:ExpandedLicensing/standardLicenseTemplate", - "ExpandedLicensing/subjectAddition": "spdx:ExpandedLicensing/subjectAddition", - "ExpandedLicensing/subjectExtendableLicense": "spdx:ExpandedLicensing/subjectExtendableLicense", - "ExpandedLicensing/subjectLicense": "spdx:ExpandedLicensing/subjectLicense", - "Extension/Extension": "spdx:Extension/Extension", - "Security/CvssSeverityType": "spdx:Security/CvssSeverityType", - "Security/CvssSeverityType/critical": "spdx:Security/CvssSeverityType/critical", - "Security/CvssSeverityType/high": "spdx:Security/CvssSeverityType/high", - "Security/CvssSeverityType/low": "spdx:Security/CvssSeverityType/low", - "Security/CvssSeverityType/medium": "spdx:Security/CvssSeverityType/medium", - "Security/CvssSeverityType/none": "spdx:Security/CvssSeverityType/none", - "Security/CvssV2VulnAssessmentRelationship": "spdx:Security/CvssV2VulnAssessmentRelationship", - "Security/CvssV3VulnAssessmentRelationship": "spdx:Security/CvssV3VulnAssessmentRelationship", - "Security/CvssV4VulnAssessmentRelationship": "spdx:Security/CvssV4VulnAssessmentRelationship", - "Security/EpssVulnAssessmentRelationship": "spdx:Security/EpssVulnAssessmentRelationship", - "Security/ExploitCatalogType": "spdx:Security/ExploitCatalogType", - "Security/ExploitCatalogType/kev": "spdx:Security/ExploitCatalogType/kev", - "Security/ExploitCatalogType/other": "spdx:Security/ExploitCatalogType/other", - "Security/ExploitCatalogVulnAssessmentRelationship": "spdx:Security/ExploitCatalogVulnAssessmentRelationship", - "Security/SsvcDecisionType": "spdx:Security/SsvcDecisionType", - "Security/SsvcDecisionType/act": "spdx:Security/SsvcDecisionType/act", - "Security/SsvcDecisionType/attend": "spdx:Security/SsvcDecisionType/attend", - "Security/SsvcDecisionType/track": "spdx:Security/SsvcDecisionType/track", - "Security/SsvcDecisionType/trackStar": "spdx:Security/SsvcDecisionType/trackStar", - "Security/SsvcVulnAssessmentRelationship": "spdx:Security/SsvcVulnAssessmentRelationship", - "Security/VexAffectedVulnAssessmentRelationship": "spdx:Security/VexAffectedVulnAssessmentRelationship", - "Security/VexFixedVulnAssessmentRelationship": "spdx:Security/VexFixedVulnAssessmentRelationship", - "Security/VexJustificationType": "spdx:Security/VexJustificationType", - "Security/VexJustificationType/componentNotPresent": "spdx:Security/VexJustificationType/componentNotPresent", - "Security/VexJustificationType/inlineMitigationsAlreadyExist": "spdx:Security/VexJustificationType/inlineMitigationsAlreadyExist", - "Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary": "spdx:Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", - "Security/VexJustificationType/vulnerableCodeNotInExecutePath": "spdx:Security/VexJustificationType/vulnerableCodeNotInExecutePath", - "Security/VexJustificationType/vulnerableCodeNotPresent": "spdx:Security/VexJustificationType/vulnerableCodeNotPresent", - "Security/VexNotAffectedVulnAssessmentRelationship": "spdx:Security/VexNotAffectedVulnAssessmentRelationship", - "Security/VexUnderInvestigationVulnAssessmentRelationship": "spdx:Security/VexUnderInvestigationVulnAssessmentRelationship", - "Security/VexVulnAssessmentRelationship": "spdx:Security/VexVulnAssessmentRelationship", - "Security/VulnAssessmentRelationship": "spdx:Security/VulnAssessmentRelationship", - "Security/Vulnerability": "spdx:Security/Vulnerability", - "Security/actionStatement": "spdx:Security/actionStatement", - "Security/actionStatementTime": "spdx:Security/actionStatementTime", - "Security/assessedElement": "spdx:Security/assessedElement", - "Security/catalogType": "spdx:Security/catalogType", - "Security/decisionType": "spdx:Security/decisionType", - "Security/exploited": "spdx:Security/exploited", - "Security/impactStatement": "spdx:Security/impactStatement", - "Security/impactStatementTime": "spdx:Security/impactStatementTime", - "Security/justificationType": "spdx:Security/justificationType", - "Security/locator": "spdx:Security/locator", - "Security/modifiedTime": "spdx:Security/modifiedTime", - "Security/percentile": "spdx:Security/percentile", - "Security/probability": "spdx:Security/probability", - "Security/publishedTime": "spdx:Security/publishedTime", - "Security/score": "spdx:Security/score", - "Security/severity": "spdx:Security/severity", - "Security/statusNotes": "spdx:Security/statusNotes", - "Security/vectorString": "spdx:Security/vectorString", - "Security/vexVersion": "spdx:Security/vexVersion", - "Security/withdrawnTime": "spdx:Security/withdrawnTime", - "SimpleLicensing/AnyLicenseInfo": "spdx:SimpleLicensing/AnyLicenseInfo", - "SimpleLicensing/LicenseExpression": "spdx:SimpleLicensing/LicenseExpression", - "SimpleLicensing/SimpleLicensingText": "spdx:SimpleLicensing/SimpleLicensingText", - "SimpleLicensing/customIdToUri": "spdx:SimpleLicensing/customIdToUri", - "SimpleLicensing/licenseExpression": "spdx:SimpleLicensing/licenseExpression", - "SimpleLicensing/licenseListVersion": "spdx:SimpleLicensing/licenseListVersion", - "SimpleLicensing/licenseText": "spdx:SimpleLicensing/licenseText", - "Software/File": "spdx:Software/File", - "Software/Package": "spdx:Software/Package", - "Software/Sbom": "spdx:Software/Sbom", - "Software/SbomType": "spdx:Software/SbomType", - "Software/SbomType/analyzed": "spdx:Software/SbomType/analyzed", - "Software/SbomType/build": "spdx:Software/SbomType/build", - "Software/SbomType/deployed": "spdx:Software/SbomType/deployed", - "Software/SbomType/design": "spdx:Software/SbomType/design", - "Software/SbomType/runtime": "spdx:Software/SbomType/runtime", - "Software/SbomType/source": "spdx:Software/SbomType/source", - "Software/Snippet": "spdx:Software/Snippet", - "Software/SoftwareArtifact": "spdx:Software/SoftwareArtifact", - "Software/SoftwarePurpose": "spdx:Software/SoftwarePurpose", - "Software/SoftwarePurpose/application": "spdx:Software/SoftwarePurpose/application", - "Software/SoftwarePurpose/archive": "spdx:Software/SoftwarePurpose/archive", - "Software/SoftwarePurpose/bom": "spdx:Software/SoftwarePurpose/bom", - "Software/SoftwarePurpose/configuration": "spdx:Software/SoftwarePurpose/configuration", - "Software/SoftwarePurpose/container": "spdx:Software/SoftwarePurpose/container", - "Software/SoftwarePurpose/data": "spdx:Software/SoftwarePurpose/data", - "Software/SoftwarePurpose/device": "spdx:Software/SoftwarePurpose/device", - "Software/SoftwarePurpose/deviceDriver": "spdx:Software/SoftwarePurpose/deviceDriver", - "Software/SoftwarePurpose/diskImage": "spdx:Software/SoftwarePurpose/diskImage", - "Software/SoftwarePurpose/documentation": "spdx:Software/SoftwarePurpose/documentation", - "Software/SoftwarePurpose/evidence": "spdx:Software/SoftwarePurpose/evidence", - "Software/SoftwarePurpose/executable": "spdx:Software/SoftwarePurpose/executable", - "Software/SoftwarePurpose/file": "spdx:Software/SoftwarePurpose/file", - "Software/SoftwarePurpose/filesystemImage": "spdx:Software/SoftwarePurpose/filesystemImage", - "Software/SoftwarePurpose/firmware": "spdx:Software/SoftwarePurpose/firmware", - "Software/SoftwarePurpose/framework": "spdx:Software/SoftwarePurpose/framework", - "Software/SoftwarePurpose/install": "spdx:Software/SoftwarePurpose/install", - "Software/SoftwarePurpose/library": "spdx:Software/SoftwarePurpose/library", - "Software/SoftwarePurpose/manifest": "spdx:Software/SoftwarePurpose/manifest", - "Software/SoftwarePurpose/model": "spdx:Software/SoftwarePurpose/model", - "Software/SoftwarePurpose/module": "spdx:Software/SoftwarePurpose/module", - "Software/SoftwarePurpose/operatingSystem": "spdx:Software/SoftwarePurpose/operatingSystem", - "Software/SoftwarePurpose/other": "spdx:Software/SoftwarePurpose/other", - "Software/SoftwarePurpose/patch": "spdx:Software/SoftwarePurpose/patch", - "Software/SoftwarePurpose/platform": "spdx:Software/SoftwarePurpose/platform", - "Software/SoftwarePurpose/requirement": "spdx:Software/SoftwarePurpose/requirement", - "Software/SoftwarePurpose/source": "spdx:Software/SoftwarePurpose/source", - "Software/SoftwarePurpose/specification": "spdx:Software/SoftwarePurpose/specification", - "Software/SoftwarePurpose/test": "spdx:Software/SoftwarePurpose/test", - "Software/additionalPurpose": "spdx:Software/additionalPurpose", - "Software/attributionText": "spdx:Software/attributionText", - "Software/byteRange": "spdx:Software/byteRange", - "Software/contentType": "spdx:Software/contentType", - "Software/copyrightText": "spdx:Software/copyrightText", - "Software/downloadLocation": "spdx:Software/downloadLocation", - "Software/gitoid": "spdx:Software/gitoid", - "Software/homePage": "spdx:Software/homePage", - "Software/isDirectory": "spdx:Software/isDirectory", - "Software/lineRange": "spdx:Software/lineRange", - "Software/packageUrl": "spdx:Software/packageUrl", - "Software/packageVersion": "spdx:Software/packageVersion", - "Software/primaryPurpose": "spdx:Software/primaryPurpose", - "Software/sbomType": "spdx:Software/sbomType", - "Software/snippetFromFile": "spdx:Software/snippetFromFile", - "Software/sourceInfo": "spdx:Software/sourceInfo", - "spdx": "https://rdf.spdx.org/v3/" -} \ No newline at end of file diff --git a/ontology/model.plantuml b/ontology/model.plantuml deleted file mode 100644 index cf71ee166..000000000 --- a/ontology/model.plantuml +++ /dev/null @@ -1,510 +0,0 @@ - -@startuml -'Automatically generated by spec-parser v2.0.0 on 2024-02-22T18:36:13.991420+00:00 - -title SPDXv3 model -scale 4000*4000 -hide methods -skinparam packageStyle folder - -package Build { -} -package Licensing { -} -package Software { -} -package ExpandedLicensing { -} -package Lite { -} -package Core { -} -package SimpleLicensing { -} -package Dataset { -} -package AI { -} -package Security { -} -package Extension { -} -class Build.Build { - buildEndTime 0:1 - buildId 0:1 - buildStartTime 0:1 - buildType 1:1 - configSourceDigest 0:* - configSourceEntrypoint 0:* - configSourceUri 0:* - environment 0:* - parameters 0:* -} -class Software.Snippet { - byteRange 0:1 - lineRange 0:1 - snippetFromFile 1:1 -} -class Software.Package { - downloadLocation 0:1 - homePage 0:1 - packageUrl 0:1 - packageVersion 0:1 - sourceInfo 0:1 -} -abstract Software.SoftwareArtifact { - additionalPurpose 0:* - attributionText 0:* - copyrightText 0:1 - gitoid 0:2 - primaryPurpose 0:1 -} -class Software.File { - contentType 0:1 - isDirectory 0:1 -} -class Software.Sbom { - sbomType 0:* -} -class ExpandedLicensing.DisjunctiveLicenseSet { - member 2:* -} -abstract ExpandedLicensing.License { - /SimpleLicensing/licenseText 1:1 - isDeprecatedLicenseId 0:1 - isFsfLibre 0:1 - isOsiApproved 0:1 - licenseXml 0:1 - obsoletedBy 0:1 - seeAlso 0:* - standardLicenseHeader 0:1 - standardLicenseTemplate 0:1 -} -class ExpandedLicensing.ConjunctiveLicenseSet { - member 2:* -} -class ExpandedLicensing.CustomLicenseAddition { -} -class ExpandedLicensing.OrLaterOperator { - subjectLicense 1:1 -} -abstract ExpandedLicensing.ExtendableLicense { -} -class ExpandedLicensing.WithAdditionOperator { - subjectAddition 1:1 - subjectExtendableLicense 1:1 -} -class ExpandedLicensing.IndividualLicensingInfo { -} -class ExpandedLicensing.ListedLicenseException { - deprecatedVersion 0:1 - listVersionAdded 0:1 -} -class ExpandedLicensing.CustomLicense { -} -class ExpandedLicensing.ListedLicense { - deprecatedVersion 0:1 - listVersionAdded 0:1 -} -abstract ExpandedLicensing.LicenseAddition { - additionText 1:1 - isDeprecatedAdditionId 0:1 - licenseXml 0:1 - obsoletedBy 0:1 - seeAlso 0:* - standardAdditionTemplate 0:1 -} -class Core.CreationInfo { - comment 0:1 - created 1:1 - createdBy 1:* - createdUsing 0:* - specVersion 1:1 -} -abstract Core.Element { - comment 0:1 - creationInfo 1:1 - description 0:1 - extension 0:* - externalIdentifier 0:* - externalRef 0:* - name 0:1 - spdxId 1:1 - summary 0:1 - verifiedUsing 0:* -} -class Core.ExternalRef { - comment 0:1 - contentType 0:1 - externalRefType 0:1 - locator 0:* -} -class Core.Bom { -} -abstract Core.IntegrityMethod { - comment 0:1 -} -class Core.PositiveIntegerRange { - beginIntegerRange 1:1 - endIntegerRange 1:1 -} -class Core.NamespaceMap { - namespace 1:1 - prefix 1:1 -} -abstract Core.Artifact { - builtTime 0:1 - originatedBy 0:* - releaseTime 0:1 - standardName 0:* - suppliedBy 0:1 - supportLevel 0:* - validUntilTime 0:1 -} -class Core.Organization { -} -class Core.Tool { -} -abstract Core.ElementCollection { - element 0:* - profileConformance 0:* - rootElement 0:* -} -class Core.ExternalMap { - definingArtifact 0:1 - externalSpdxId 1:1 - locationHint 0:1 - verifiedUsing 0:* -} -class Core.Hash { - algorithm 1:1 - hashValue 1:1 -} -class Core.Annotation { - annotationType 1:1 - contentType 0:1 - statement 0:1 - subject 1:1 -} -class Core.DictionaryEntry { - key 1:1 - value 0:1 -} -class Core.Person { -} -class Core.Agent { -} -class Core.ExternalIdentifier { - comment 0:1 - externalIdentifierType 1:1 - identifier 1:1 - identifierLocator 0:* - issuingAuthority 0:1 -} -class Core.SpdxDocument { - dataLicense 0:1 - imports 0:* - namespaceMap 0:* -} -class Core.Relationship { - completeness 0:1 - endTime 0:1 - from 1:1 - relationshipType 1:1 - startTime 0:1 - to 0:* -} -class Core.SoftwareAgent { -} -class Core.LifecycleScopedRelationship { - scope 0:1 -} -class Core.Bundle { - context 0:1 -} -class Core.PackageVerificationCode { - hashValue 1:1 - packageVerificationCodeExcludedFile 0:* -} -class SimpleLicensing.LicenseExpression { - customIdToUri 0:* - licenseExpression 1:1 - licenseListVersion 0:1 -} -abstract SimpleLicensing.AnyLicenseInfo { -} -class SimpleLicensing.SimpleLicensingText { - licenseText 1:1 -} -class Dataset.Dataset { - anonymizationMethodUsed 0:* - confidentialityLevel 0:1 - dataCollectionProcess 0:1 - dataPreprocessing 0:* - datasetAvailability 0:1 - datasetNoise 0:1 - datasetSize 0:1 - datasetType 1:* - datasetUpdateMechanism 0:1 - intendedUse 0:1 - knownBias 0:* - sensitivePersonalInformation 0:1 - sensor 0:* -} -class AI.AIPackage { - autonomyType 0:1 - domain 0:* - energyConsumption 0:1 - hyperparameter 0:* - informationAboutApplication 0:1 - informationAboutTraining 0:1 - limitation 0:1 - metric 0:* - metricDecisionThreshold 0:* - modelDataPreprocessing 0:* - modelExplainability 0:* - safetyRiskAssessment 0:1 - sensitivePersonalInformation 0:1 - standardCompliance 0:* - typeOfModel 0:* -} -class Security.CvssV2VulnAssessmentRelationship { - score 1:1 - vectorString 1:1 -} -class Security.VexAffectedVulnAssessmentRelationship { - actionStatement 0:1 - actionStatementTime 0:* -} -class Security.SsvcVulnAssessmentRelationship { - decisionType 1:1 -} -class Security.Vulnerability { - modifiedTime 0:1 - publishedTime 0:1 - withdrawnTime 0:1 -} -class Security.EpssVulnAssessmentRelationship { - percentile 1:1 - probability 1:1 - publishedTime 1:1 -} -abstract Security.VulnAssessmentRelationship { - /Core/suppliedBy 0:1 - assessedElement 0:1 - modifiedTime 0:1 - publishedTime 0:1 - withdrawnTime 0:1 -} -class Security.VexFixedVulnAssessmentRelationship { -} -class Security.ExploitCatalogVulnAssessmentRelationship { - catalogType 1:1 - exploited 1:1 - locator 1:1 -} -class Security.VexUnderInvestigationVulnAssessmentRelationship { -} -class Security.CvssV4VulnAssessmentRelationship { - score 1:1 - severity 1:1 - vectorString 1:1 -} -class Security.VexNotAffectedVulnAssessmentRelationship { - impactStatement 0:1 - impactStatementTime 0:1 - justificationType 0:1 -} -abstract Security.VexVulnAssessmentRelationship { - statusNotes 0:1 - vexVersion 0:1 -} -class Security.CvssV3VulnAssessmentRelationship { - score 1:1 - severity 1:1 - vectorString 1:1 -} -abstract Extension.Extension { -} -enum Software.SoftwarePurpose { -} -enum Software.SbomType { -} -enum Core.HashAlgorithm { -} -enum Core.ProfileIdentifierType { -} -enum Core.ExternalIdentifierType { -} -enum Core.AnnotationType { -} -enum Core.RelationshipType { -} -enum Core.RelationshipCompleteness { -} -enum Core.PresenceType { -} -enum Core.SupportType { -} -enum Core.ExternalRefType { -} -enum Core.LifecycleScopeType { -} -enum Dataset.ConfidentialityLevelType { -} -enum Dataset.DatasetType { -} -enum Dataset.DatasetAvailabilityType { -} -enum AI.SafetyRiskAssessmentType { -} -enum Security.SsvcDecisionType { -} -enum Security.ExploitCatalogType { -} -enum Security.VexJustificationType { -} -enum Security.CvssSeverityType { -} -class Core.SemVer { -} -class Core.MediaType { -} -class Core.DateTime { -} -Build.Build --|> Element -Software.Snippet --|> SoftwareArtifact -Software.Package --|> SoftwareArtifact -Software.SoftwareArtifact --|> Artifact -Software.File --|> SoftwareArtifact -Software.Sbom --|> Bom -ExpandedLicensing.DisjunctiveLicenseSet --|> AnyLicenseInfo -ExpandedLicensing.License --|> ExtendableLicense -ExpandedLicensing.ConjunctiveLicenseSet --|> AnyLicenseInfo -ExpandedLicensing.CustomLicenseAddition --|> LicenseAddition -ExpandedLicensing.OrLaterOperator --|> ExtendableLicense -ExpandedLicensing.ExtendableLicense --|> AnyLicenseInfo -ExpandedLicensing.WithAdditionOperator --|> AnyLicenseInfo -ExpandedLicensing.IndividualLicensingInfo --|> AnyLicenseInfo -ExpandedLicensing.ListedLicenseException --|> LicenseAddition -ExpandedLicensing.CustomLicense --|> License -ExpandedLicensing.ListedLicense --|> License -ExpandedLicensing.LicenseAddition --|> Element -Core.Bom --|> Bundle -Core.Artifact --|> Element -Core.Organization --|> Agent -Core.Tool --|> Element -Core.ElementCollection --|> Element -Core.Hash --|> IntegrityMethod -Core.Annotation --|> Element -Core.Person --|> Agent -Core.Agent --|> Element -Core.SpdxDocument --|> ElementCollection -Core.Relationship --|> Element -Core.SoftwareAgent --|> Agent -Core.LifecycleScopedRelationship --|> Relationship -Core.Bundle --|> ElementCollection -Core.PackageVerificationCode --|> IntegrityMethod -SimpleLicensing.LicenseExpression --|> AnyLicenseInfo -SimpleLicensing.AnyLicenseInfo --|> Element -SimpleLicensing.SimpleLicensingText --|> Element -Dataset.Dataset --|> Package -AI.AIPackage --|> Package -Security.CvssV2VulnAssessmentRelationship --|> VulnAssessmentRelationship -Security.VexAffectedVulnAssessmentRelationship --|> VexVulnAssessmentRelationship -Security.SsvcVulnAssessmentRelationship --|> VulnAssessmentRelationship -Security.Vulnerability --|> Artifact -Security.EpssVulnAssessmentRelationship --|> VulnAssessmentRelationship -Security.VulnAssessmentRelationship --|> Relationship -Security.VexFixedVulnAssessmentRelationship --|> VexVulnAssessmentRelationship -Security.ExploitCatalogVulnAssessmentRelationship --|> VulnAssessmentRelationship -Security.VexUnderInvestigationVulnAssessmentRelationship --|> VexVulnAssessmentRelationship -Security.CvssV4VulnAssessmentRelationship --|> VulnAssessmentRelationship -Security.VexNotAffectedVulnAssessmentRelationship --|> VexVulnAssessmentRelationship -Security.VexVulnAssessmentRelationship --|> VulnAssessmentRelationship -Security.CvssV3VulnAssessmentRelationship --|> VulnAssessmentRelationship -Build.Build::buildEndTime --> DateTime -Build.Build::buildStartTime --> DateTime -Build.Build::configSourceDigest --> Hash -Build.Build::environment --> DictionaryEntry -Build.Build::parameters --> DictionaryEntry -Software.Snippet::byteRange --> PositiveIntegerRange -Software.Snippet::lineRange --> PositiveIntegerRange -Software.Snippet::snippetFromFile --> File -Software.SoftwareArtifact::additionalPurpose --> SoftwarePurpose -Software.SoftwareArtifact::primaryPurpose --> SoftwarePurpose -Software.File::contentType --> MediaType -Software.Sbom::sbomType --> SbomType -ExpandedLicensing.DisjunctiveLicenseSet::member --> AnyLicenseInfo -ExpandedLicensing.ConjunctiveLicenseSet::member --> AnyLicenseInfo -ExpandedLicensing.OrLaterOperator::subjectLicense --> License -ExpandedLicensing.WithAdditionOperator::subjectAddition --> LicenseAddition -ExpandedLicensing.WithAdditionOperator::subjectExtendableLicense --> ExtendableLicense -Core.CreationInfo::created --> DateTime -Core.CreationInfo::createdBy --> Agent -Core.CreationInfo::createdUsing --> Tool -Core.CreationInfo::specVersion --> SemVer -Core.Element::creationInfo --> CreationInfo -Core.Element::extension --> Extension -Core.Element::externalIdentifier --> ExternalIdentifier -Core.Element::externalRef --> ExternalRef -Core.Element::verifiedUsing --> IntegrityMethod -Core.ExternalRef::contentType --> MediaType -Core.ExternalRef::externalRefType --> ExternalRefType -Core.Artifact::builtTime --> DateTime -Core.Artifact::originatedBy --> Agent -Core.Artifact::releaseTime --> DateTime -Core.Artifact::suppliedBy --> Agent -Core.Artifact::supportLevel --> SupportType -Core.Artifact::validUntilTime --> DateTime -Core.ElementCollection::element --> Element -Core.ElementCollection::profileConformance --> ProfileIdentifierType -Core.ElementCollection::rootElement --> Element -Core.ExternalMap::definingArtifact --> Artifact -Core.ExternalMap::verifiedUsing --> IntegrityMethod -Core.Hash::algorithm --> HashAlgorithm -Core.Annotation::annotationType --> AnnotationType -Core.Annotation::contentType --> MediaType -Core.Annotation::subject --> Element -Core.ExternalIdentifier::externalIdentifierType --> ExternalIdentifierType -Core.SpdxDocument::dataLicense --> AnyLicenseInfo -Core.SpdxDocument::imports --> ExternalMap -Core.SpdxDocument::namespaceMap --> NamespaceMap -Core.Relationship::completeness --> RelationshipCompleteness -Core.Relationship::endTime --> DateTime -Core.Relationship::from --> Element -Core.Relationship::relationshipType --> RelationshipType -Core.Relationship::startTime --> DateTime -Core.Relationship::to --> Element -Core.LifecycleScopedRelationship::scope --> LifecycleScopeType -SimpleLicensing.LicenseExpression::customIdToUri --> DictionaryEntry -SimpleLicensing.LicenseExpression::licenseListVersion --> SemVer -Dataset.Dataset::confidentialityLevel --> ConfidentialityLevelType -Dataset.Dataset::datasetAvailability --> DatasetAvailabilityType -Dataset.Dataset::datasetType --> DatasetType -Dataset.Dataset::sensitivePersonalInformation --> PresenceType -Dataset.Dataset::sensor --> DictionaryEntry -AI.AIPackage::autonomyType --> PresenceType -AI.AIPackage::hyperparameter --> DictionaryEntry -AI.AIPackage::metric --> DictionaryEntry -AI.AIPackage::metricDecisionThreshold --> DictionaryEntry -AI.AIPackage::safetyRiskAssessment --> SafetyRiskAssessmentType -AI.AIPackage::sensitivePersonalInformation --> PresenceType -Security.VexAffectedVulnAssessmentRelationship::actionStatementTime --> DateTime -Security.SsvcVulnAssessmentRelationship::decisionType --> SsvcDecisionType -Security.Vulnerability::modifiedTime --> DateTime -Security.Vulnerability::publishedTime --> DateTime -Security.Vulnerability::withdrawnTime --> DateTime -Security.EpssVulnAssessmentRelationship::publishedTime --> DateTime -Security.VulnAssessmentRelationship::/Core/suppliedBy --> Agent -Security.VulnAssessmentRelationship::assessedElement --> Element -Security.VulnAssessmentRelationship::modifiedTime --> DateTime -Security.VulnAssessmentRelationship::publishedTime --> DateTime -Security.VulnAssessmentRelationship::withdrawnTime --> DateTime -Security.ExploitCatalogVulnAssessmentRelationship::catalogType --> ExploitCatalogType -Security.CvssV4VulnAssessmentRelationship::severity --> CvssSeverityType -Security.VexNotAffectedVulnAssessmentRelationship::impactStatementTime --> DateTime -Security.VexNotAffectedVulnAssessmentRelationship::justificationType --> VexJustificationType -Security.CvssV3VulnAssessmentRelationship::severity --> CvssSeverityType - -@enduml diff --git a/ontology/ontology.rdf.dot b/ontology/ontology.rdf.dot deleted file mode 100644 index b7dab935c..000000000 --- a/ontology/ontology.rdf.dot +++ /dev/null @@ -1,2940 +0,0 @@ -digraph { - node [ fontname="DejaVu Sans" ] ; - node0 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node2 -> node3 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node6 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node2 -> node11 [ color=BLACK, label=< sh:property > ] ; - node12 -> node13 [ color=BLACK, label=< sh:path > ] ; - node15 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node17 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node20 -> node21 [ color=BLACK, label=< sh:property > ] ; - node23 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node26 [ color=BLACK, label=< sh:property > ] ; - node27 -> node28 [ color=BLACK, label=< rdf:type > ] ; - node29 -> node30 [ color=BLACK, label=< sh:property > ] ; - node31 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node34 [ color=BLACK, label=< sh:property > ] ; - node35 -> node36 [ color=BLACK, label=< sh:path > ] ; - node37 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node39 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node42 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node43 -> node44 [ color=BLACK, label=< rdfs:range > ] ; - node46 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node49 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node51 [ color=BLACK, label=< sh:property > ] ; - node52 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node53 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node56 -> node57 [ color=BLACK, label=< sh:property > ] ; - node58 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node61 -> node62 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node63 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node68 -> node69 [ color=BLACK, label=< sh:path > ] ; - node70 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node73 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node74 -> node75 [ color=BLACK, label=< sh:path > ] ; - node78 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node76 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node81 [ color=BLACK, label=< sh:property > ] ; - node82 -> node83 [ color=BLACK, label=< sh:property > ] ; - node10 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node85 -> node28 [ color=BLACK, label=< rdf:type > ] ; - node86 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node88 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node89 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node91 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node93 -> node94 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node95 [ color=BLACK, label=< sh:property > ] ; - node98 -> node99 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node100 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node101 -> node102 [ color=BLACK, label=< rdf:type > ] ; - node104 -> node105 [ color=BLACK, label=< sh:property > ] ; - node106 -> node107 [ color=BLACK, label=< sh:path > ] ; - node108 -> node109 [ color=BLACK, label=< rdfs:range > ] ; - node112 -> node113 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node69 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node115 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node116 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node118 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node120 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node123 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node124 -> node125 [ color=BLACK, label=< sh:path > ] ; - node126 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node127 -> node128 [ color=BLACK, label=< sh:path > ] ; - node130 -> node131 [ color=BLACK, label=< sh:path > ] ; - node132 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node134 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node136 -> node137 [ color=BLACK, label=< sh:property > ] ; - node138 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node140 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node141 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node144 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node148 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node149 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node150 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node153 -> node154 [ color=BLACK, label=< sh:path > ] ; - node79 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node155 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node16 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node112 -> node156 [ color=BLACK, label=< sh:property > ] ; - node157 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node158 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node159 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node160 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node163 [ color=BLACK, label=< sh:property > ] ; - node164 -> node165 [ color=BLACK, label=< rdfs:range > ] ; - node29 -> node167 [ color=BLACK, label=< sh:property > ] ; - node168 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node2 -> node170 [ color=BLACK, label=< sh:property > ] ; - node171 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node138 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node173 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node174 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node176 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node177 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node179 -> node180 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node181 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node182 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node183 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node184 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node151 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node49 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node186 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node187 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node53 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node188 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node189 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node190 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node191 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node193 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node195 -> node180 [ color=BLACK, label=< rdfs:range > ] ; - node196 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node8 -> node198 [ color=BLACK, label=< rdfs:range > ] ; - node200 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node175 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node201 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node202 -> node190 [ color=BLACK, label=< sh:path > ] ; - node13 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node203 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node204 -> node0 [ color=BLACK, label=< sh:path > ] ; - node207 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node171 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node208 [ color=BLACK, label=< sh:property > ] ; - node209 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node135 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node210 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node211 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node212 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node214 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node215 -> node216 [ color=BLACK, label=< rdfs:range > ] ; - node217 -> node216 [ color=BLACK, label=< rdfs:range > ] ; - node218 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node222 -> node198 [ color=BLACK, label=< rdf:type > ] ; - node223 -> node43 [ color=BLACK, label=< sh:path > ] ; - node225 -> node226 [ color=BLACK, label=< sh:property > ] ; - node50 -> node228 [ color=BLACK, label=< sh:property > ] ; - node231 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node234 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node235 -> node236 [ color=BLACK, label=< sh:path > ] ; - node113 -> node202 [ color=BLACK, label=< sh:property > ] ; - node114 -> node237 [ color=BLACK, label=< rdfs:range > ] ; - node238 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node239 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node240 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node96 -> node241 [ color=BLACK, label=< sh:path > ] ; - node180 -> node243 [ color=BLACK, label=< sh:property > ] ; - node245 -> node246 [ color=BLACK, label=< sh:property > ] ; - node247 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node8 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node239 -> node112 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node57 -> node158 [ color=BLACK, label=< sh:path > ] ; - node22 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node122 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node82 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node254 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node67 -> node255 [ color=BLACK, label=< sh:property > ] ; - node69 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node256 -> node257 [ color=BLACK, label=< sh:path > ] ; - node258 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node259 -> node90 [ color=BLACK, label=< rdfs:range > ] ; - node262 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node204 [ color=BLACK, label=< sh:property > ] ; - node181 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node264 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node149 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node126 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node267 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node268 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node270 [ color=BLACK, label=< sh:property > ] ; - node271 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node272 -> node273 [ color=BLACK, label=< rdf:type > ] ; - node274 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node276 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node29 -> node280 [ color=BLACK, label=< sh:property > ] ; - node281 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node282 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node283 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node285 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node286 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node287 -> node82 [ color=BLACK, label=< rdfs:range > ] ; - node247 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node290 -> node20 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node291 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node292 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node189 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node293 -> node159 [ color=BLACK, label=< sh:path > ] ; - node19 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node294 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node295 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node296 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node297 -> node298 [ color=BLACK, label=< rdfs:range > ] ; - node241 -> node299 [ color=BLACK, label=< rdfs:range > ] ; - node300 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node264 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node301 -> node28 [ color=BLACK, label=< rdf:type > ] ; - node278 -> node94 [ color=BLACK, label=< rdf:type > ] ; - node229 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node165 -> node302 [ color=BLACK, label=< sh:property > ] ; - node304 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node305 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node306 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node307 -> node123 [ color=BLACK, label=< sh:path > ] ; - node310 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node104 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node231 -> node313 [ color=BLACK, label=< sh:property > ] ; - node314 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node159 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node315 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node56 -> node256 [ color=BLACK, label=< sh:property > ] ; - node316 -> node317 [ color=BLACK, label=< sh:path > ] ; - node318 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node61 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node29 -> node146 [ color=BLACK, label=< sh:property > ] ; - node66 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node319 [ color=BLACK, label=< sh:property > ] ; - node239 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node47 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node321 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node322 -> node8 [ color=BLACK, label=< sh:path > ] ; - node323 -> node324 [ color=BLACK, label=< sh:path > ] ; - node203 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node180 -> node325 [ color=BLACK, label=< sh:property > ] ; - node213 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node327 -> node215 [ color=BLACK, label=< sh:path > ] ; - node328 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node108 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node329 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node117 -> node330 [ color=BLACK, label=< sh:path > ] ; - node289 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node332 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node216 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node333 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node177 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node337 -> node286 [ color=BLACK, label=< sh:path > ] ; - node146 -> node338 [ color=BLACK, label=< sh:path > ] ; - node262 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node84 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node340 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node341 -> node254 [ color=BLACK, label=< sh:path > ] ; - node343 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node344 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node77 [ color=BLACK, label=< sh:property > ] ; - node125 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node36 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node345 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node346 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node347 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node348 -> node294 [ color=BLACK, label=< sh:path > ] ; - node349 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node350 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node351 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node6 -> node112 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node50 -> node316 [ color=BLACK, label=< sh:property > ] ; - node141 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node48 -> node44 [ color=BLACK, label=< rdf:type > ] ; - node354 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node92 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node296 -> node62 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node358 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node164 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node359 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node360 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node287 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node361 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node362 [ color=BLACK, label=< sh:property > ] ; - node363 -> node364 [ color=BLACK, label=< sh:property > ] ; - node365 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node296 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node136 -> node366 [ color=BLACK, label=< sh:property > ] ; - node367 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node180 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node9 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node369 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node220 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node320 -> node370 [ color=BLACK, label=< sh:path > ] ; - node25 -> node371 [ color=BLACK, label=< sh:property > ] ; - node372 -> node88 [ color=BLACK, label=< sh:path > ] ; - node373 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node374 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node247 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node280 -> node356 [ color=BLACK, label=< sh:path > ] ; - node376 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node277 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node378 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node182 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node379 -> node198 [ color=BLACK, label=< rdf:type > ] ; - node184 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node104 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node380 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node154 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node70 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node265 -> node382 [ color=BLACK, label=< owl:sameAs > ] ; - node383 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node97 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node112 -> node385 [ color=BLACK, label=< sh:property > ] ; - node264 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node386 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node112 -> node12 [ color=BLACK, label=< sh:property > ] ; - node389 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node269 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node175 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node392 [ color=BLACK, label=< sh:property > ] ; - node393 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node394 -> node338 [ color=BLACK, label=< sh:path > ] ; - node165 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node397 -> node398 [ color=BLACK, label=< sh:path > ] ; - node399 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node402 [ color=BLACK, label=< sh:property > ] ; - node338 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node189 -> node403 [ color=BLACK, label=< sh:property > ] ; - node354 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node90 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node136 -> node405 [ color=BLACK, label=< sh:property > ] ; - node374 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node406 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node407 -> node408 [ color=BLACK, label=< rdf:type > ] ; - node224 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node412 -> node318 [ color=BLACK, label=< sh:path > ] ; - node413 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node318 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node339 -> node415 [ color=BLACK, label=< sh:path > ] ; - node330 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node6 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node417 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node231 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node419 -> node299 [ color=BLACK, label=< rdfs:range > ] ; - node238 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node420 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node421 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node231 -> node424 [ color=BLACK, label=< sh:property > ] ; - node425 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node426 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node427 [ color=BLACK, label=< sh:property > ] ; - node115 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node428 -> node249 [ color=BLACK, label=< sh:path > ] ; - node225 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node429 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node273 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node317 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node430 [ color=BLACK, label=< sh:property > ] ; - node98 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node420 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node128 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node338 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node127 [ color=BLACK, label=< sh:property > ] ; - node433 -> node383 [ color=BLACK, label=< sh:path > ] ; - node406 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node434 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node435 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node436 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node437 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node438 -> node62 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node439 -> node297 [ color=BLACK, label=< sh:path > ] ; - node213 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node29 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node442 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node87 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node104 -> node82 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node445 -> node28 [ color=BLACK, label=< rdf:type > ] ; - node446 -> node447 [ color=BLACK, label=< sh:path > ] ; - node448 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node438 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node93 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node356 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node450 [ color=BLACK, label=< sh:property > ] ; - node196 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node45 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node189 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node377 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node390 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node452 -> node176 [ color=BLACK, label=< sh:path > ] ; - node381 -> node55 [ color=BLACK, label=< sh:path > ] ; - node453 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node424 -> node264 [ color=BLACK, label=< sh:path > ] ; - node257 -> node346 [ color=BLACK, label=< rdfs:range > ] ; - node363 -> node139 [ color=BLACK, label=< sh:property > ] ; - node166 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node186 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node261 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node151 -> node351 [ color=BLACK, label=< rdf:type > ] ; - node207 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node457 [ color=BLACK, label=< sh:property > ] ; - node458 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node334 -> node183 [ color=BLACK, label=< rdf:type > ] ; - node459 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node215 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node462 -> node216 [ color=BLACK, label=< rdfs:range > ] ; - node82 -> node463 [ color=BLACK, label=< sh:property > ] ; - node294 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node465 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node359 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node119 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node16 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node209 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node239 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node17 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node373 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node456 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node235 [ color=BLACK, label=< sh:property > ] ; - node189 -> node401 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node468 -> node435 [ color=BLACK, label=< sh:path > ] ; - node88 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node469 -> node275 [ color=BLACK, label=< sh:property > ] ; - node159 -> node238 [ color=BLACK, label=< rdfs:range > ] ; - node470 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node471 -> node472 [ color=BLACK, label=< sh:path > ] ; - node473 -> node154 [ color=BLACK, label=< sh:path > ] ; - node385 -> node171 [ color=BLACK, label=< sh:path > ] ; - node318 -> node207 [ color=BLACK, label=< rdfs:range > ] ; - node64 -> node474 [ color=BLACK, label=< sh:path > ] ; - node98 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node99 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node477 -> node478 [ color=BLACK, label=< sh:path > ] ; - node262 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node228 -> node4 [ color=BLACK, label=< sh:path > ] ; - node398 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node479 -> node298 [ color=BLACK, label=< rdfs:range > ] ; - node319 -> node46 [ color=BLACK, label=< sh:path > ] ; - node427 -> node259 [ color=BLACK, label=< sh:path > ] ; - node448 -> node198 [ color=BLACK, label=< rdf:type > ] ; - node63 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node101 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node481 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node97 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node351 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node29 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node483 [ color=BLACK, label=< sh:property > ] ; - node485 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node82 -> node486 [ color=BLACK, label=< sh:property > ] ; - node489 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node11 -> node36 [ color=BLACK, label=< sh:path > ] ; - node490 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node491 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node492 [ color=BLACK, label=< sh:property > ] ; - node3 -> node493 [ color=BLACK, label=< sh:property > ] ; - node136 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node131 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node478 -> node216 [ color=BLACK, label=< rdfs:range > ] ; - node476 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node447 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node495 -> node161 [ color=BLACK, label=< rdfs:range > ] ; - node152 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node88 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node308 -> node182 [ color=BLACK, label=< rdf:type > ] ; - node161 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node338 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node267 -> node351 [ color=BLACK, label=< rdf:type > ] ; - node48 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node484 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node129 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node497 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node333 -> node299 [ color=BLACK, label=< rdfs:range > ] ; - node296 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node184 -> node238 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node118 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node500 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node501 -> node348 [ color=BLACK, label=< sh:property > ] ; - node371 -> node502 [ color=BLACK, label=< sh:path > ] ; - node113 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node391 -> node338 [ color=BLACK, label=< sh:path > ] ; - node25 -> node322 [ color=BLACK, label=< sh:property > ] ; - node104 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node211 -> node504 [ color=BLACK, label=< sh:property > ] ; - node505 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node506 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node469 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node507 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node169 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node79 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node306 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node107 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node56 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node103 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node483 -> node271 [ color=BLACK, label=< sh:path > ] ; - node158 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node144 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node160 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node450 -> node199 [ color=BLACK, label=< sh:path > ] ; - node409 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node396 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node511 -> node247 [ color=BLACK, label=< sh:path > ] ; - node168 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node513 -> node94 [ color=BLACK, label=< rdf:type > ] ; - node343 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node216 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node90 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node514 -> node329 [ color=BLACK, label=< sh:path > ] ; - node138 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node174 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node444 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node515 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node460 -> node112 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node415 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node517 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node375 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node501 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node82 -> node518 [ color=BLACK, label=< sh:property > ] ; - node188 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node522 -> node183 [ color=BLACK, label=< rdf:type > ] ; - node360 -> node112 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node193 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node278 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node523 -> node524 [ color=BLACK, label=< sh:path > ] ; - node263 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node525 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node0 -> node16 [ color=BLACK, label=< rdfs:range > ] ; - node5 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node254 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node171 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node353 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node54 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node422 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node465 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node180 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node532 -> node374 [ color=BLACK, label=< sh:path > ] ; - node61 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node279 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node6 -> node307 [ color=BLACK, label=< sh:property > ] ; - node474 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node533 -> node188 [ color=BLACK, label=< sh:path > ] ; - node317 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node438 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node469 -> node62 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node352 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node286 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node535 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node536 -> node102 [ color=BLACK, label=< rdf:type > ] ; - node227 -> node32 [ color=BLACK, label=< rdfs:range > ] ; - node262 -> node537 [ color=BLACK, label=< sh:property > ] ; - node538 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node469 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node224 -> node216 [ color=BLACK, label=< rdfs:range > ] ; - node312 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node541 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node521 -> node534 [ color=BLACK, label=< rdf:type > ] ; - node501 -> node99 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node250 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node408 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node258 -> node211 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node499 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node508 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node543 -> node544 [ color=BLACK, label=< sh:path > ] ; - node274 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node326 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node490 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node303 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node92 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node32 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node467 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node545 -> node110 [ color=BLACK, label=< sh:property > ] ; - node546 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node325 -> node199 [ color=BLACK, label=< sh:path > ] ; - node507 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node2 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node547 -> node224 [ color=BLACK, label=< sh:path > ] ; - node409 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node355 -> node20 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node472 -> node99 [ color=BLACK, label=< rdfs:range > ] ; - node549 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node286 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node550 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node355 -> node551 [ color=BLACK, label=< sh:property > ] ; - node107 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node399 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node360 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node501 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node163 -> node132 [ color=BLACK, label=< sh:path > ] ; - node240 -> node552 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node313 -> node554 [ color=BLACK, label=< sh:path > ] ; - node50 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node555 -> node195 [ color=BLACK, label=< sh:path > ] ; - node67 -> node412 [ color=BLACK, label=< sh:property > ] ; - node304 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node108 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node349 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node98 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node487 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node180 -> node556 [ color=BLACK, label=< sh:property > ] ; - node6 -> node339 [ color=BLACK, label=< sh:property > ] ; - node557 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node70 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node514 [ color=BLACK, label=< sh:property > ] ; - node29 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node290 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node552 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node559 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node255 -> node373 [ color=BLACK, label=< sh:path > ] ; - node109 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node372 [ color=BLACK, label=< sh:property > ] ; - node356 -> node92 [ color=BLACK, label=< rdfs:range > ] ; - node562 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node446 [ color=BLACK, label=< sh:property > ] ; - node563 -> node97 [ color=BLACK, label=< sh:path > ] ; - node329 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node466 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node565 -> node114 [ color=BLACK, label=< sh:path > ] ; - node219 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node566 -> node359 [ color=BLACK, label=< sh:path > ] ; - node413 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node63 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node177 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node164 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node287 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node568 [ color=BLACK, label=< sh:property > ] ; - node343 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node125 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node36 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node569 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node263 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node463 -> node159 [ color=BLACK, label=< sh:path > ] ; - node570 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node572 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node519 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node390 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node573 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node509 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node482 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node273 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node180 -> node574 [ color=BLACK, label=< sh:property > ] ; - node2 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node512 -> node29 [ color=BLACK, label=< rdfs:range > ] ; - node140 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node3 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node462 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node402 -> node193 [ color=BLACK, label=< sh:path > ] ; - node265 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node72 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node62 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node575 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node119 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node576 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node58 -> node102 [ color=BLACK, label=< rdf:type > ] ; - node67 -> node401 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node70 -> node35 [ color=BLACK, label=< sh:property > ] ; - node113 -> node577 [ color=BLACK, label=< sh:property > ] ; - node578 -> node579 [ color=BLACK, label=< sh:path > ] ; - node474 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node383 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node80 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node231 -> node581 [ color=BLACK, label=< sh:property > ] ; - node33 -> node94 [ color=BLACK, label=< rdf:type > ] ; - node78 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node236 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node136 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node216 -> node582 [ color=BLACK, label=< sh:property > ] ; - node583 -> node28 [ color=BLACK, label=< rdf:type > ] ; - node584 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node218 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node311 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node217 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node502 -> node273 [ color=BLACK, label=< rdfs:range > ] ; - node200 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node143 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node457 -> node148 [ color=BLACK, label=< sh:path > ] ; - node113 -> node464 [ color=BLACK, label=< sh:property > ] ; - node59 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node75 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node586 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node99 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node4 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node515 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node538 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node588 [ color=BLACK, label=< sh:property > ] ; - node98 -> node516 [ color=BLACK, label=< sh:property > ] ; - node150 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node589 -> node120 [ color=BLACK, label=< sh:path > ] ; - node590 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node310 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node224 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node591 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node388 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node587 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node544 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node557 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node326 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node190 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node545 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node370 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node592 -> node338 [ color=BLACK, label=< sh:path > ] ; - node546 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node324 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node38 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node137 -> node118 [ color=BLACK, label=< sh:path > ] ; - node330 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node211 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node207 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node326 -> node558 [ color=BLACK, label=< rdfs:range > ] ; - node548 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node289 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node363 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node360 -> node498 [ color=BLACK, label=< sh:property > ] ; - node355 -> node594 [ color=BLACK, label=< sh:property > ] ; - node387 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node332 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node386 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node395 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node17 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node165 -> node391 [ color=BLACK, label=< sh:property > ] ; - node579 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node580 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node421 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node221 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node484 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node488 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node397 [ color=BLACK, label=< sh:property > ] ; - node420 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node113 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node419 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node418 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node426 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node245 -> node471 [ color=BLACK, label=< sh:property > ] ; - node82 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node598 -> node408 [ color=BLACK, label=< rdf:type > ] ; - node599 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node356 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node500 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node460 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node469 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node336 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node178 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node384 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node571 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node324 -> node56 [ color=BLACK, label=< rdfs:range > ] ; - node27 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node528 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node410 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node563 [ color=BLACK, label=< sh:property > ] ; - node406 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node496 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node357 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node582 -> node490 [ color=BLACK, label=< sh:path > ] ; - node601 -> node404 [ color=BLACK, label=< sh:path > ] ; - node415 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node408 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node369 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node540 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node32 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node103 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node161 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node441 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node66 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node604 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node196 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node141 -> node605 [ color=BLACK, label=< sh:property > ] ; - node380 -> node273 [ color=BLACK, label=< rdf:type > ] ; - node501 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node606 [ color=BLACK, label=< sh:property > ] ; - node52 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node215 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node192 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node192 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node136 -> node607 [ color=BLACK, label=< sh:property > ] ; - node126 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node82 -> node608 [ color=BLACK, label=< sh:property > ] ; - node85 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node609 -> node38 [ color=BLACK, label=< rdfs:range > ] ; - node602 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node444 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node334 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node546 -> node102 [ color=BLACK, label=< rdfs:range > ] ; - node73 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node154 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node67 -> node610 [ color=BLACK, label=< sh:property > ] ; - node363 -> node62 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node482 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node112 -> node293 [ color=BLACK, label=< sh:property > ] ; - node221 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node611 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node199 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node75 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node31 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node612 -> node78 [ color=BLACK, label=< sh:path > ] ; - node363 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node606 -> node508 [ color=BLACK, label=< sh:path > ] ; - node172 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node4 -> node408 [ color=BLACK, label=< rdfs:range > ] ; - node162 -> node227 [ color=BLACK, label=< sh:path > ] ; - node311 -> node183 [ color=BLACK, label=< rdf:type > ] ; - node42 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node407 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node613 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node480 -> node614 [ color=BLACK, label=< sh:path > ] ; - node398 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node44 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node165 -> node615 [ color=BLACK, label=< sh:property > ] ; - node359 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node616 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node552 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node617 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node552 -> node258 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node284 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node618 -> node59 [ color=BLACK, label=< sh:path > ] ; - node619 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node249 -> node183 [ color=BLACK, label=< rdfs:range > ] ; - node429 -> node273 [ color=BLACK, label=< rdf:type > ] ; - node76 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node248 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node4 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node459 -> node161 [ color=BLACK, label=< rdf:type > ] ; - node367 -> node620 [ color=BLACK, label=< rdfs:range > ] ; - node216 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node270 -> node595 [ color=BLACK, label=< sh:path > ] ; - node59 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node447 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node621 -> node622 [ color=BLACK, label=< rdf:type > ] ; - node213 -> node28 [ color=BLACK, label=< rdfs:range > ] ; - node86 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node240 -> node623 [ color=BLACK, label=< sh:property > ] ; - node624 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node624 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node625 -> node109 [ color=BLACK, label=< rdfs:range > ] ; - node508 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node608 -> node619 [ color=BLACK, label=< sh:path > ] ; - node274 -> node94 [ color=BLACK, label=< rdfs:range > ] ; - node305 -> node90 [ color=BLACK, label=< rdfs:range > ] ; - node260 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node97 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node481 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node532 [ color=BLACK, label=< sh:property > ] ; - node203 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node295 -> node102 [ color=BLACK, label=< rdf:type > ] ; - node324 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node370 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node2 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node263 -> node238 [ color=BLACK, label=< rdfs:range > ] ; - node131 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node531 -> node338 [ color=BLACK, label=< sh:path > ] ; - node141 -> node20 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node104 -> node628 [ color=BLACK, label=< sh:property > ] ; - node62 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node630 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node308 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node15 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node534 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node36 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node497 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node207 -> node68 [ color=BLACK, label=< sh:property > ] ; - node180 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node632 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node632 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node595 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node633 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node166 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node602 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node231 -> node455 [ color=BLACK, label=< sh:property > ] ; - node475 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node634 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node498 -> node479 [ color=BLACK, label=< sh:path > ] ; - node454 -> node635 [ color=BLACK, label=< owl:sameAs > ] ; - node636 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node368 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node414 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node113 -> node162 [ color=BLACK, label=< sh:property > ] ; - node494 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node637 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node120 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node271 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node638 -> node287 [ color=BLACK, label=< sh:path > ] ; - node639 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node275 -> node570 [ color=BLACK, label=< sh:path > ] ; - node246 -> node328 [ color=BLACK, label=< sh:path > ] ; - node109 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node481 -> node207 [ color=BLACK, label=< rdfs:range > ] ; - node363 -> node106 [ color=BLACK, label=< sh:property > ] ; - node640 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node404 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node144 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node38 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node435 -> node620 [ color=BLACK, label=< rdfs:range > ] ; - node617 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node302 -> node609 [ color=BLACK, label=< sh:path > ] ; - node548 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node642 -> node512 [ color=BLACK, label=< sh:path > ] ; - node148 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node640 -> node112 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node249 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node6 -> node643 [ color=BLACK, label=< sh:property > ] ; - node644 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node522 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node201 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node211 -> node645 [ color=BLACK, label=< sh:property > ] ; - node14 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node383 -> node109 [ color=BLACK, label=< rdfs:range > ] ; - node230 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node238 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node466 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node623 -> node100 [ color=BLACK, label=< sh:path > ] ; - node231 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node642 [ color=BLACK, label=< sh:property > ] ; - node210 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node603 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node100 -> node351 [ color=BLACK, label=< rdfs:range > ] ; - node55 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node647 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node41 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node82 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node276 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node561 -> node238 [ color=BLACK, label=< rdfs:range > ] ; - node479 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node139 -> node497 [ color=BLACK, label=< sh:path > ] ; - node573 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node509 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node512 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node613 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node536 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node39 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node621 -> node621 [ color=BLACK, label=< owl:versionIRI > ] ; - node353 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node309 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node458 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node405 -> node304 [ color=BLACK, label=< sh:path > ] ; - node465 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node648 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node290 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node461 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node252 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node537 -> node425 [ color=BLACK, label=< sh:path > ] ; - node245 -> node578 [ color=BLACK, label=< sh:property > ] ; - node639 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node253 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node297 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node501 -> node650 [ color=BLACK, label=< sh:property > ] ; - node98 -> node651 [ color=BLACK, label=< sh:property > ] ; - node352 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node576 -> node351 [ color=BLACK, label=< rdf:type > ] ; - node242 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node29 -> node543 [ color=BLACK, label=< sh:property > ] ; - node653 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node194 -> node408 [ color=BLACK, label=< rdf:type > ] ; - node529 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node381 [ color=BLACK, label=< sh:property > ] ; - node425 -> node245 [ color=BLACK, label=< rdfs:range > ] ; - node505 -> node273 [ color=BLACK, label=< rdf:type > ] ; - node364 -> node462 [ color=BLACK, label=< sh:path > ] ; - node581 -> node435 [ color=BLACK, label=< sh:path > ] ; - node156 -> node603 [ color=BLACK, label=< sh:path > ] ; - node596 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node30 -> node350 [ color=BLACK, label=< sh:path > ] ; - node464 -> node378 [ color=BLACK, label=< sh:path > ] ; - node634 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node545 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node640 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node579 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node252 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node587 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node376 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node615 -> node39 [ color=BLACK, label=< sh:path > ] ; - node508 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node530 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node114 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node510 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node490 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node363 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node539 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node112 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node28 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node628 -> node120 [ color=BLACK, label=< sh:path > ] ; - node104 -> node655 [ color=BLACK, label=< sh:property > ] ; - node549 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node119 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node44 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node478 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node345 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node595 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node593 -> node120 [ color=BLACK, label=< sh:path > ] ; - node387 -> node351 [ color=BLACK, label=< rdf:type > ] ; - node47 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node148 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node129 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node315 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node45 -> node501 [ color=BLACK, label=< rdfs:range > ] ; - node329 -> node299 [ color=BLACK, label=< rdfs:range > ] ; - node288 -> node625 [ color=BLACK, label=< sh:path > ] ; - node580 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node377 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node629 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node625 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node41 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node99 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node257 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node650 -> node482 [ color=BLACK, label=< sh:path > ] ; - node451 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node413 -> node3 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node355 -> node631 [ color=BLACK, label=< sh:property > ] ; - node627 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node81 -> node217 [ color=BLACK, label=< sh:path > ] ; - node570 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node309 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node365 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node169 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node56 -> node503 [ color=BLACK, label=< sh:property > ] ; - node136 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node657 -> node591 [ color=BLACK, label=< sh:path > ] ; - node360 -> node439 [ color=BLACK, label=< sh:property > ] ; - node654 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node404 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node249 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node327 [ color=BLACK, label=< sh:property > ] ; - node545 -> node113 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node10 -> node534 [ color=BLACK, label=< rdf:type > ] ; - node614 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node410 -> node351 [ color=BLACK, label=< rdf:type > ] ; - node95 -> node411 [ color=BLACK, label=< sh:path > ] ; - node535 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node630 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node331 -> node370 [ color=BLACK, label=< sh:path > ] ; - node147 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node659 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node449 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node462 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node540 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node618 [ color=BLACK, label=< sh:property > ] ; - node122 -> node65 [ color=BLACK, label=< sh:property > ] ; - node660 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node396 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node411 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node603 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node170 -> node524 [ color=BLACK, label=< sh:path > ] ; - node297 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node176 -> node119 [ color=BLACK, label=< rdfs:range > ] ; - node569 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node236 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node185 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node432 -> node649 [ color=BLACK, label=< sh:property > ] ; - node113 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node389 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node656 -> node183 [ color=BLACK, label=< rdf:type > ] ; - node361 -> node351 [ color=BLACK, label=< rdf:type > ] ; - node504 -> node646 [ color=BLACK, label=< sh:path > ] ; - node217 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node245 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node321 -> node44 [ color=BLACK, label=< rdf:type > ] ; - node112 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node423 -> node102 [ color=BLACK, label=< rdf:type > ] ; - node37 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node84 -> node534 [ color=BLACK, label=< rdfs:range > ] ; - node105 -> node13 [ color=BLACK, label=< sh:path > ] ; - node497 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node591 -> node661 [ color=BLACK, label=< rdfs:range > ] ; - node451 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node544 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node56 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node558 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node173 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node253 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node208 -> node465 [ color=BLACK, label=< sh:path > ] ; - node232 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node551 -> node386 [ color=BLACK, label=< sh:path > ] ; - node252 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node584 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node493 -> node419 [ color=BLACK, label=< sh:path > ] ; - node232 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node60 -> node161 [ color=BLACK, label=< rdf:type > ] ; - node107 -> node662 [ color=BLACK, label=< rdfs:range > ] ; - node236 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node54 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node403 -> node367 [ color=BLACK, label=< sh:path > ] ; - node158 -> node662 [ color=BLACK, label=< rdfs:range > ] ; - node165 -> node468 [ color=BLACK, label=< sh:property > ] ; - node113 -> node288 [ color=BLACK, label=< sh:property > ] ; - node25 -> node663 [ color=BLACK, label=< sh:property > ] ; - node279 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node56 -> node251 [ color=BLACK, label=< sh:property > ] ; - node83 -> node561 [ color=BLACK, label=< sh:path > ] ; - node3 -> node473 [ color=BLACK, label=< sh:property > ] ; - node179 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node609 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node538 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node388 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node454 -> node61 [ color=BLACK, label=< rdfs:range > ] ; - node231 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node590 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node134 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node222 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node591 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node445 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node69 -> node237 [ color=BLACK, label=< rdfs:range > ] ; - node362 -> node507 [ color=BLACK, label=< sh:path > ] ; - node225 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node544 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node492 -> node164 [ color=BLACK, label=< sh:path > ] ; - node244 -> node238 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node241 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node136 -> node664 [ color=BLACK, label=< sh:property > ] ; - node360 -> node593 [ color=BLACK, label=< sh:property > ] ; - node437 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node541 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node417 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node34 -> node203 [ color=BLACK, label=< sh:path > ] ; - node262 -> node64 [ color=BLACK, label=< sh:property > ] ; - node641 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node521 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node440 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node116 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node67 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node328 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node358 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node627 -> node92 [ color=BLACK, label=< rdf:type > ] ; - node416 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node330 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node20 -> node533 [ color=BLACK, label=< sh:property > ] ; - node110 -> node213 [ color=BLACK, label=< sh:path > ] ; - node180 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node212 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node21 -> node420 [ color=BLACK, label=< sh:path > ] ; - node219 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node259 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node386 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node214 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node455 -> node326 [ color=BLACK, label=< sh:path > ] ; - node400 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node530 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node527 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node553 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node652 -> node182 [ color=BLACK, label=< rdf:type > ] ; - node520 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node195 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node572 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node350 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node472 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node519 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node0 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node634 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node419 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node245 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node257 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node87 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node122 -> node335 [ color=BLACK, label=< sh:property > ] ; - node526 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node477 [ color=BLACK, label=< sh:property > ] ; - node524 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node603 -> node109 [ color=BLACK, label=< rdfs:range > ] ; - node475 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node502 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node283 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node46 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node649 -> node570 [ color=BLACK, label=< sh:path > ] ; - node245 -> node638 [ color=BLACK, label=< sh:property > ] ; - node266 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node188 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node658 -> node3 [ color=BLACK, label=< rdfs:range > ] ; - node43 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node665 -> node138 [ color=BLACK, label=< sh:path > ] ; - node640 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node415 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node666 -> node108 [ color=BLACK, label=< sh:path > ] ; - node60 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node70 -> node180 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node453 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node205 -> node658 [ color=BLACK, label=< sh:path > ] ; - node658 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node592 [ color=BLACK, label=< sh:property > ] ; - node28 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node78 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node470 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node265 -> node61 [ color=BLACK, label=< rdfs:range > ] ; - node243 -> node203 [ color=BLACK, label=< sh:path > ] ; - node559 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node117 [ color=BLACK, label=< sh:property > ] ; - node25 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node534 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node244 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node524 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node19 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node659 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node89 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node474 -> node62 [ color=BLACK, label=< rdfs:range > ] ; - node647 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node640 -> node320 [ color=BLACK, label=< sh:property > ] ; - node262 -> node452 [ color=BLACK, label=< sh:property > ] ; - node432 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node611 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node567 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node434 -> node44 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node597 [ color=BLACK, label=< sh:property > ] ; - node154 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node145 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node300 -> node534 [ color=BLACK, label=< rdf:type > ] ; - node67 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node430 -> node177 [ color=BLACK, label=< sh:path > ] ; - node199 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node562 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node507 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node234 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node335 -> node84 [ color=BLACK, label=< sh:path > ] ; - node102 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node667 -> node333 [ color=BLACK, label=< sh:path > ] ; - node346 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node140 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node526 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node616 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node160 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node634 -> node153 [ color=BLACK, label=< sh:property > ] ; - node100 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node94 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node668 -> node126 [ color=BLACK, label=< sh:path > ] ; - node266 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node366 -> node659 [ color=BLACK, label=< sh:path > ] ; - node136 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node518 -> node144 [ color=BLACK, label=< sh:path > ] ; - node585 -> node94 [ color=BLACK, label=< rdf:type > ] ; - node594 -> node546 [ color=BLACK, label=< sh:path > ] ; - node216 -> node601 [ color=BLACK, label=< sh:property > ] ; - node174 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node646 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node619 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node568 -> node393 [ color=BLACK, label=< sh:path > ] ; - node598 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node431 [ color=BLACK, label=< sh:property > ] ; - node609 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node157 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node59 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node449 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node491 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node272 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node198 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node530 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node607 -> node196 [ color=BLACK, label=< sh:path > ] ; - node571 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node653 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node193 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node20 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node570 -> node62 [ color=BLACK, label=< rdfs:range > ] ; - node185 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node260 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node485 -> node28 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node96 [ color=BLACK, label=< sh:property > ] ; - node20 -> node112 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node292 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node596 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node109 -> node612 [ color=BLACK, label=< sh:property > ] ; - node190 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node187 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node112 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node145 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node370 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node253 -> node135 [ color=BLACK, label=< rdfs:range > ] ; - node560 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node353 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node379 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node136 -> node401 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node51 -> node660 [ color=BLACK, label=< sh:path > ] ; - node604 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node56 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node432 -> node62 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node13 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node56 -> node394 [ color=BLACK, label=< sh:property > ] ; - node441 -> node534 [ color=BLACK, label=< rdf:type > ] ; - node143 -> node198 [ color=BLACK, label=< rdf:type > ] ; - node165 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node355 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node136 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node195 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node657 [ color=BLACK, label=< sh:property > ] ; - node610 -> node481 [ color=BLACK, label=< sh:path > ] ; - node432 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node472 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node9 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node542 -> node590 [ color=BLACK, label=< sh:path > ] ; - node670 -> node613 [ color=BLACK, label=< sh:path > ] ; - node342 -> node370 [ color=BLACK, label=< sh:path > ] ; - node401 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node180 -> node511 [ color=BLACK, label=< sh:property > ] ; - node25 -> node668 [ color=BLACK, label=< sh:property > ] ; - node636 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node26 -> node63 [ color=BLACK, label=< sh:path > ] ; - node6 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node647 -> node438 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node179 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node502 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node172 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node660 -> node216 [ color=BLACK, label=< rdfs:range > ] ; - node8 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node524 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node443 -> node174 [ color=BLACK, label=< sh:path > ] ; - node489 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node515 -> node20 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node120 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node671 -> node558 [ color=BLACK, label=< rdf:type > ] ; - node43 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node75 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node599 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node251 -> node406 [ color=BLACK, label=< sh:path > ] ; - node384 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node141 -> node337 [ color=BLACK, label=< sh:property > ] ; - node517 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node460 -> node130 [ color=BLACK, label=< sh:property > ] ; - node375 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node663 -> node47 [ color=BLACK, label=< sh:path > ] ; - node545 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node658 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node132 -> node408 [ color=BLACK, label=< rdfs:range > ] ; - node488 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node549 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node644 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node268 -> node182 [ color=BLACK, label=< rdf:type > ] ; - node554 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node271 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node393 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node560 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node14 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node3 -> node438 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node111 -> node629 [ color=BLACK, label=< sh:path > ] ; - node109 -> node672 [ color=BLACK, label=< sh:property > ] ; - node239 -> node428 [ color=BLACK, label=< sh:property > ] ; - node5 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node512 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node20 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node312 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node281 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node282 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node528 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node113 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node50 -> node547 [ color=BLACK, label=< sh:property > ] ; - node285 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node304 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node277 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node183 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node65 -> node131 [ color=BLACK, label=< sh:path > ] ; - node55 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node513 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node645 -> node253 [ color=BLACK, label=< sh:path > ] ; - node245 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node291 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node294 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node495 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node431 -> node349 [ color=BLACK, label=< sh:path > ] ; - node499 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node460 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node180 -> node667 [ color=BLACK, label=< sh:property > ] ; - node479 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node220 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node467 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node631 -> node549 [ color=BLACK, label=< sh:path > ] ; - node550 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node229 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node613 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node355 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node39 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node211 -> node666 [ color=BLACK, label=< sh:property > ] ; - node262 -> node211 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node436 -> node534 [ color=BLACK, label=< rdf:type > ] ; - node577 -> node17 [ color=BLACK, label=< sh:path > ] ; - node135 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node646 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node629 -> node299 [ color=BLACK, label=< rdfs:range > ] ; - node600 -> node131 [ color=BLACK, label=< sh:path > ] ; - node189 -> node111 [ color=BLACK, label=< sh:property > ] ; - node258 -> node669 [ color=BLACK, label=< sh:property > ] ; - node314 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node72 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node206 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node303 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node328 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node414 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node225 -> node626 [ color=BLACK, label=< sh:property > ] ; - node637 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node305 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node248 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node564 -> node84 [ color=BLACK, label=< sh:path > ] ; - node333 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node478 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node191 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node567 -> node16 [ color=BLACK, label=< rdf:type > ] ; - node82 -> node665 [ color=BLACK, label=< sh:property > ] ; - node84 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node119 -> node443 [ color=BLACK, label=< sh:property > ] ; - node122 -> node342 [ color=BLACK, label=< sh:property > ] ; - node67 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node284 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node23 -> node558 [ color=BLACK, label=< rdf:type > ] ; - node579 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node454 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node575 -> node94 [ color=BLACK, label=< rdf:type > ] ; - node168 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node114 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node368 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node422 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node349 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node102 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node350 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node651 -> node538 [ color=BLACK, label=< sh:path > ] ; - node625 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node227 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node347 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node641 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node561 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node574 -> node343 [ color=BLACK, label=< sh:path > ] ; - node440 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node558 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node449 -> node238 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node588 -> node305 [ color=BLACK, label=< sh:path > ] ; - node626 -> node150 [ color=BLACK, label=< sh:path > ] ; - node225 -> node124 [ color=BLACK, label=< sh:property > ] ; - node655 -> node171 [ color=BLACK, label=< sh:path > ] ; - node398 -> node340 [ color=BLACK, label=< rdfs:range > ] ; - node640 -> node600 [ color=BLACK, label=< sh:property > ] ; - node595 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node82 -> node542 [ color=BLACK, label=< sh:property > ] ; - node400 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node47 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node211 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node664 -> node168 [ color=BLACK, label=< sh:path > ] ; - node167 -> node426 [ color=BLACK, label=< sh:path > ] ; - node46 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node392 -> node45 [ color=BLACK, label=< sh:path > ] ; - node520 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node367 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node590 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node207 -> node565 [ color=BLACK, label=< sh:property > ] ; - node198 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node629 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node230 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node206 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node460 -> node564 [ color=BLACK, label=< sh:property > ] ; - node250 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node240 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node660 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node486 -> node274 [ color=BLACK, label=< sh:path > ] ; - node583 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node82 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node460 -> node331 [ color=BLACK, label=< sh:property > ] ; - node476 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node411 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node648 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node113 -> node433 [ color=BLACK, label=< sh:property > ] ; - node122 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node633 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node503 -> node263 [ color=BLACK, label=< sh:path > ] ; - node654 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node554 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node62 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node258 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node482 -> node175 [ color=BLACK, label=< rdfs:range > ] ; - node122 -> node112 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node404 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node155 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node447 -> node216 [ color=BLACK, label=< rdfs:range > ] ; - node123 -> node299 [ color=BLACK, label=< rdfs:range > ] ; - node77 -> node530 [ color=BLACK, label=< sh:path > ] ; - node194 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node152 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node199 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node109 -> node323 [ color=BLACK, label=< sh:property > ] ; - node112 -> node589 [ color=BLACK, label=< sh:property > ] ; - node614 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node261 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node393 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node269 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node301 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node659 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node487 -> node44 [ color=BLACK, label=< rdf:type > ] ; - node656 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node423 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node374 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node432 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node597 -> node252 [ color=BLACK, label=< sh:path > ] ; - node378 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node426 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node646 -> node109 [ color=BLACK, label=< rdfs:range > ] ; - node494 -> node198 [ color=BLACK, label=< rdf:type > ] ; - node556 -> node236 [ color=BLACK, label=< sh:path > ] ; - node242 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node495 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node671 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node80 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node340 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node634 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node118 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node254 -> node438 [ color=BLACK, label=< rdfs:range > ] ; - node510 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node296 -> node555 [ color=BLACK, label=< sh:property > ] ; - node456 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node13 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node539 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node506 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node373 -> node189 [ color=BLACK, label=< rdfs:range > ] ; - node99 -> node531 [ color=BLACK, label=< sh:property > ] ; - node643 -> node495 [ color=BLACK, label=< sh:path > ] ; - node132 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node516 -> node294 [ color=BLACK, label=< sh:path > ] ; - node317 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node70 -> node523 [ color=BLACK, label=< sh:property > ] ; - node395 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node233 -> node135 [ color=BLACK, label=< rdf:type > ] ; - node233 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node128 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node211 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node131 -> node298 [ color=BLACK, label=< rdfs:range > ] ; - node435 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node669 -> node160 [ color=BLACK, label=< sh:path > ] ; - node226 -> node140 [ color=BLACK, label=< sh:path > ] ; - node461 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node128 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node91 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node425 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node525 -> node175 [ color=BLACK, label=< rdf:type > ] ; - node442 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node123 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node240 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node50 -> node223 [ color=BLACK, label=< sh:property > ] ; - node20 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node259 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node296 -> node341 [ color=BLACK, label=< sh:property > ] ; - node244 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node33 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node480 [ color=BLACK, label=< sh:property > ] ; - node344 -> node32 [ color=BLACK, label=< rdf:type > ] ; - node647 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node22 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node82 -> node109 [ color=BLACK, label=< rdfs:subClassOf > ] ; - node122 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node378 -> node182 [ color=BLACK, label=< rdfs:range > ] ; - node50 -> node566 [ color=BLACK, label=< sh:property > ] ; - node176 -> node18 [ color=BLACK, label=< rdf:type > ] ; - node241 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node258 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node460 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node416 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node25 -> node670 [ color=BLACK, label=< sh:property > ] ; - node150 -> node1 [ color=BLACK, label=< rdf:type > ] ; - node227 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node561 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node529 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node418 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node147 -> node38 [ color=BLACK, label=< rdf:type > ] ; - node346 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node527 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node165 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node355 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node119 -> node74 [ color=BLACK, label=< sh:property > ] ; - node141 -> node71 [ color=BLACK, label=< rdf:type > ] ; - node553 -> node90 [ color=BLACK, label=< rdf:type > ] ; - node605 -> node353 [ color=BLACK, label=< sh:path > ] ; - node178 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node411 -> node408 [ color=BLACK, label=< rdfs:range > ] ; - node336 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node94 -> node142 [ color=BLACK, label=< rdf:type > ] ; - node619 -> node121 [ color=BLACK, label=< rdfs:range > ] ; - node55 -> node40 [ color=BLACK, label=< rdfs:range > ] ; - node125 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node652 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node45 -> node133 [ color=BLACK, label=< rdf:type > ] ; - node614 -> node197 [ color=BLACK, label=< rdfs:range > ] ; - node585 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node672 -> node472 [ color=BLACK, label=< sh:path > ] ; - node586 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node401 -> node7 [ color=BLACK, label=< rdf:type > ] ; - node554 -> node109 [ color=BLACK, label=< rdfs:range > ] ; - node647 -> node205 [ color=BLACK, label=< sh:property > ] ; - node496 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node357 -> node24 [ color=BLACK, label=< rdf:type > ] ; - node360 -> node71 [ color=BLACK, label=< rdf:type > ] ; -# https://rdf.spdx.org/v3/Dataset/datasetType node0 -node0 [ shape=none, color=black label=<
datasetType
https://rdf.spdx.org/v3/Dataset/datasetType
rdfs:comment"Describes the type of the given dataset."@en
> ] -# http://www.w3.org/2002/07/owl#DatatypeProperty node1 -node1 [ shape=none, color=black label=<
DatatypeProperty
http://www.w3.org/2002/07/owl#DatatypeProperty
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense node2 -node2 [ shape=none, color=black label=<
ListedLicense
https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense
rdfs:comment"A license that is listed on the SPDX License List."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/License node3 -node3 [ shape=none, color=black label=<
License
https://rdf.spdx.org/v3/ExpandedLicensing/License
rdfs:comment"Abstract class for the portion of an AnyLicenseInfo representing a license."@en
> ] -# https://rdf.spdx.org/v3/AI/autonomyType node4 -node4 [ shape=none, color=black label=<
autonomyType
https://rdf.spdx.org/v3/AI/autonomyType
rdfs:comment"States if a human is involved in the decisions of the AI software."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasTestCase node5 -node5 [ shape=none, color=black label=<
hasTestCase
https://rdf.spdx.org/v3/Core/RelationshipType/hasTestCase
rdfs:comment"Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)"@en
> ] -# https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship node6 -node6 [ shape=none, color=black label=<
ExploitCatalogVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship
rdfs:comment"Provides an exploit assessment of a vulnerability."@en
> ] -# http://www.w3.org/2002/07/owl#Class node7 -node7 [ shape=none, color=black label=<
Class
http://www.w3.org/2002/07/owl#Class
> ] -# https://rdf.spdx.org/v3/Dataset/datasetAvailability node8 -node8 [ shape=none, color=black label=<
datasetAvailability
https://rdf.spdx.org/v3/Dataset/datasetAvailability
rdfs:comment"The field describes the availability of a dataset."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityExploitabilityAssessment node9 -node9 [ shape=none, color=black label=<
vulnerabilityExploitabilityAssessment
https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityExploitabilityAssessment
rdfs:comment"A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)."@en
> ] -# https://rdf.spdx.org/v3/Security/CvssSeverityType/none node10 -node10 [ shape=none, color=black label=<
none
https://rdf.spdx.org/v3/Security/CvssSeverityType/none
rdfs:comment"When a CVSS score is 0"@en
> ] -# Ne55b147bf55c40048f9a694ad507799a node11 -node11 [ shape=none, color=black label=<
Ne55b147bf55c40048f9a694ad507799a
Ne55b147bf55c40048f9a694ad507799a
sh:maxCount"1"^^xsd:integer
> ] -# Nee501485e82c4f94a9b9f32a1e52c388 node12 -node12 [ shape=none, color=black label=<
Nee501485e82c4f94a9b9f32a1e52c388
Nee501485e82c4f94a9b9f32a1e52c388
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/withdrawnTime node13 -node13 [ shape=none, color=black label=<
withdrawnTime
https://rdf.spdx.org/v3/Security/withdrawnTime
rdfs:comment"Specified the time and date when a vulnerability was withdrawn."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/bom node14 -node14 [ shape=none, color=black label=<
bom
https://rdf.spdx.org/v3/Software/SoftwarePurpose/bom
rdfs:comment"Element is a bill of materials"@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/video node15 -node15 [ shape=none, color=black label=<
video
https://rdf.spdx.org/v3/Dataset/DatasetType/video
rdfs:comment"data is video based, such as a collection of movie clips featuring Tom Hanks."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType node16 -node16 [ shape=none, color=black label=<
DatasetType
https://rdf.spdx.org/v3/Dataset/DatasetType
rdfs:comment"Enumeration of dataset types."@en
> ] -# https://rdf.spdx.org/v3/Core/startTime node17 -node17 [ shape=none, color=black label=<
startTime
https://rdf.spdx.org/v3/Core/startTime
rdfs:comment"Specifies the time from which an element is applicable / valid."@en
> ] -# http://www.w3.org/1999/02/22-rdf-syntax-ns#Property node18 -node18 [ shape=none, color=black label=<
Property
http://www.w3.org/1999/02/22-rdf-syntax-ns#Property
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/nuget node19 -node19 [ shape=none, color=black label=<
nuget
https://rdf.spdx.org/v3/Core/ExternalRefType/nuget
rdfs:comment"A reference to a nuget package."@en
> ] -# https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship node20 -node20 [ shape=none, color=black label=<
VexVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship
rdfs:comment"Asbtract ancestor class for all VEX relationships"@en
> ] -# Ne20e154cd47d469c8b80bc65de191a00 node21 -node21 [ shape=none, color=black label=<
Ne20e154cd47d469c8b80bc65de191a00
Ne20e154cd47d469c8b80bc65de191a00
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/categorical node22 -node22 [ shape=none, color=black label=<
categorical
https://rdf.spdx.org/v3/Dataset/DatasetType/categorical
rdfs:comment"data that is classified into a discrete number of categories, such as the eye color of a population of people."@en
> ] -# https://rdf.spdx.org/v3/Core/AnnotationType/other node23 -node23 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Core/AnnotationType/other
rdfs:comment"Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element)."@en
> ] -# http://www.w3.org/2002/07/owl#NamedIndividual node24 -node24 [ shape=none, color=black label=<
NamedIndividual
http://www.w3.org/2002/07/owl#NamedIndividual
> ] -# https://rdf.spdx.org/v3/Dataset/Dataset node25 -node25 [ shape=none, color=black label=<
Dataset
https://rdf.spdx.org/v3/Dataset/Dataset
rdfs:comment"Provides information about the fields in the Dataset profile."@en
> ] -# Naba01f69581948368e4f1aef56ac8a73 node26 -node26 [ shape=none, color=black label=<
Naba01f69581948368e4f1aef56ac8a73
Naba01f69581948368e4f1aef56ac8a73
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopeType/other node27 -node27 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Core/LifecycleScopeType/other
rdfs:comment"A relationship has other specific context information necessary to capture that the above set of enumerations does not handle."@en
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopeType node28 -node28 [ shape=none, color=black label=<
LifecycleScopeType
https://rdf.spdx.org/v3/Core/LifecycleScopeType
rdfs:comment"Provide an enumerated set of software lifecycle phases that can provide context to relationships."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifier node29 -node29 [ shape=none, color=black label=<
ExternalIdentifier
https://rdf.spdx.org/v3/Core/ExternalIdentifier
rdfs:comment"A reference to a resource outside the scope of SPDX-3.0 content that uniquely identifies an Element."@en
> ] -# N924a79e0135e487ba6355ab2d1857fc8 node30 -node30 [ shape=none, color=black label=<
N924a79e0135e487ba6355ab2d1857fc8
N924a79e0135e487ba6355ab2d1857fc8
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasHost node31 -node31 [ shape=none, color=black label=<
hasHost
https://rdf.spdx.org/v3/Core/RelationshipType/hasHost
rdfs:comment"The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. The host that the build runs on)"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType node32 -node32 [ shape=none, color=black label=<
RelationshipType
https://rdf.spdx.org/v3/Core/RelationshipType
rdfs:comment"Information about the relationship between two Elements."@en
> ] -# https://rdf.spdx.org/v3/Core/SupportType/endOfSupport node33 -node33 [ shape=none, color=black label=<
endOfSupport
https://rdf.spdx.org/v3/Core/SupportType/endOfSupport
rdfs:comment"there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact."@en
> ] -# N8a058b49966b4a81b80e9c599306f5cd node34 -node34 [ shape=none, color=black label=<
N8a058b49966b4a81b80e9c599306f5cd
N8a058b49966b4a81b80e9c599306f5cd
sh:maxCount"1"^^xsd:integer
> ] -# Nbe9c069d158548428dd961225d5b6bcb node35 -node35 [ shape=none, color=black label=<
Nbe9c069d158548428dd961225d5b6bcb
Nbe9c069d158548428dd961225d5b6bcb
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded node36 -node36 [ shape=none, color=black label=<
listVersionAdded
https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded
rdfs:comment"Specifies the SPDX License List version in which this ListedLicense or -ListedLicenseException identifier was first added."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/binaryArtifact node37 -node37 [ shape=none, color=black label=<
binaryArtifact
https://rdf.spdx.org/v3/Core/ExternalRefType/binaryArtifact
rdfs:comment"A reference to binary artifacts related to a package."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType node38 -node38 [ shape=none, color=black label=<
ExternalRefType
https://rdf.spdx.org/v3/Core/ExternalRefType
rdfs:comment"Specifies the type of an external reference."@en
> ] -# https://rdf.spdx.org/v3/Core/locator node39 -node39 [ shape=none, color=black label=<
locator
https://rdf.spdx.org/v3/Core/locator
rdfs:comment"Provides the location of an external reference."@en
> ] -# http://www.w3.org/2001/XMLSchema#string node40 -node40 [ shape=none, color=black label=<
string
http://www.w3.org/2001/XMLSchema#string
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/packageUrl node41 -node41 [ shape=none, color=black label=<
packageUrl
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/packageUrl
rdfs:comment"https://github.com/package-url/purl-spec"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/configures node42 -node42 [ shape=none, color=black label=<
configures
https://rdf.spdx.org/v3/Core/RelationshipType/configures
rdfs:comment"The `from` Element is a configuration applied to each `to` Element during a LifecycleScopeType period"@en
> ] -# https://rdf.spdx.org/v3/AI/safetyRiskAssessment node43 -node43 [ shape=none, color=black label=<
safetyRiskAssessment
https://rdf.spdx.org/v3/AI/safetyRiskAssessment
rdfs:comment"Categorizes safety risk impact of AI software."@en
> ] -# https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType node44 -node44 [ shape=none, color=black label=<
SafetyRiskAssessmentType
https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType
rdfs:comment"Categories of safety risk impact of the application."@en
> ] -# https://rdf.spdx.org/v3/Build/configSourceDigest node45 -node45 [ shape=none, color=black label=<
configSourceDigest
https://rdf.spdx.org/v3/Build/configSourceDigest
rdfs:comment"Property that describes the digest of the build configuration file used to invoke a build."@en
> ] -# https://rdf.spdx.org/v3/Build/buildType node46 -node46 [ shape=none, color=black label=<
buildType
https://rdf.spdx.org/v3/Build/buildType
rdfs:comment"A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on."@en
> ] -# https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed node47 -node47 [ shape=none, color=black label=<
anonymizationMethodUsed
https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed
rdfs:comment"Describes the anonymization methods used."@en
> ] -# https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/low node48 -node48 [ shape=none, color=black label=<
low
https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/low
rdfs:comment"Low/no risk is posed by the AI software."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/urlScheme node49 -node49 [ shape=none, color=black label=<
urlScheme
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/urlScheme
rdfs:comment"the scheme used in order to locate a resource https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml"@en
> ] -# https://rdf.spdx.org/v3/AI/AIPackage node50 -node50 [ shape=none, color=black label=<
AIPackage
https://rdf.spdx.org/v3/AI/AIPackage
rdfs:comment"Provides information about the fields in the AI package profile."@en
> ] -# N56f5626641d3476999cc48b60024870a node51 -node51 [ shape=none, color=black label=<
N56f5626641d3476999cc48b60024870a
N56f5626641d3476999cc48b60024870a
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasProvidedDependency node52 -node52 [ shape=none, color=black label=<
hasProvidedDependency
https://rdf.spdx.org/v3/Core/RelationshipType/hasProvidedDependency
rdfs:comment"The `from` Element has a dependency on each `to` Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cve node53 -node53 [ shape=none, color=black label=<
cve
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cve
rdfs:comment"An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification as defined by https://csrc.nist.gov/glossary/term/cve_id."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/mailingList node54 -node54 [ shape=none, color=black label=<
mailingList
https://rdf.spdx.org/v3/Core/ExternalRefType/mailingList
rdfs:comment"A reference to the mailing list used by the maintainer for a package."@en
> ] -# https://rdf.spdx.org/v3/AI/limitation node55 -node55 [ shape=none, color=black label=<
limitation
https://rdf.spdx.org/v3/AI/limitation
rdfs:comment"Captures a limitation of the AI software."@en
> ] -# https://rdf.spdx.org/v3/Core/CreationInfo node56 -node56 [ shape=none, color=black label=<
CreationInfo
https://rdf.spdx.org/v3/Core/CreationInfo
rdfs:comment"Provides information about the creation of the Element."@en
> ] -# Nd8f7fe2ea1074444b91975c6dbc6cf7b node57 -node57 [ shape=none, color=black label=<
Nd8f7fe2ea1074444b91975c6dbc6cf7b
Nd8f7fe2ea1074444b91975c6dbc6cf7b
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotInExecutePath node58 -node58 [ shape=none, color=black label=<
vulnerableCodeNotInExecutePath
https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotInExecutePath
rdfs:comment"The affected code is not reachable through the execution of the code, including non-anticipated states of the product."@en
> ] -# https://rdf.spdx.org/v3/AI/modelExplainability node59 -node59 [ shape=none, color=black label=<
modelExplainability
https://rdf.spdx.org/v3/AI/modelExplainability
rdfs:comment"Describes methods that can be used to explain the model."@en
> ] -# https://rdf.spdx.org/v3/Security/ExploitCatalogType/kev node60 -node60 [ shape=none, color=black label=<
kev
https://rdf.spdx.org/v3/Security/ExploitCatalogType/kev
rdfs:comment"CISA's Known Exploited Vulnerability (KEV) Catalog"@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo node61 -node61 [ shape=none, color=black label=<
IndividualLicensingInfo
https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo
rdfs:comment"A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile."@en
> ] -# https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo node62 -node62 [ shape=none, color=black label=<
AnyLicenseInfo
https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo
rdfs:comment"Abstract class representing a license combination consisting of one or more -licenses (optionally including additional text), which may be combined -according to the SPDX license expression syntax."@en
> ] -# https://rdf.spdx.org/v3/Dataset/dataCollectionProcess node63 -node63 [ shape=none, color=black label=<
dataCollectionProcess
https://rdf.spdx.org/v3/Dataset/dataCollectionProcess
rdfs:comment"Describes how the dataset was collected."@en
> ] -# N2f13545c1dc84a06992b376dd13840a8 node64 -node64 [ shape=none, color=black label=<
N2f13545c1dc84a06992b376dd13840a8
N2f13545c1dc84a06992b376dd13840a8
sh:maxCount"1"^^xsd:integer
> ] -# N6466bcc2da5c46e4bf3d5dbbb558f701 node65 -node65 [ shape=none, color=black label=<
N6466bcc2da5c46e4bf3d5dbbb558f701
N6466bcc2da5c46e4bf3d5dbbb558f701
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/riskAssessment node66 -node66 [ shape=none, color=black label=<
riskAssessment
https://rdf.spdx.org/v3/Core/ExternalRefType/riskAssessment
rdfs:comment"A reference to a risk assessment for a package."@en
> ] -# https://rdf.spdx.org/v3/Software/Snippet node67 -node67 [ shape=none, color=black label=<
Snippet
https://rdf.spdx.org/v3/Software/Snippet
rdfs:comment"Describes a certain part of a file."@en
> ] -# Nfeaaccd96cec46799adc66a23fa18a33 node68 -node68 [ shape=none, color=black label=<
Nfeaaccd96cec46799adc66a23fa18a33
Nfeaaccd96cec46799adc66a23fa18a33
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/beginIntegerRange node69 -node69 [ shape=none, color=black label=<
beginIntegerRange
https://rdf.spdx.org/v3/Core/beginIntegerRange
rdfs:comment"Defines the beginning of a range."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException node70 -node70 [ shape=none, color=black label=<
ListedLicenseException
https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException
rdfs:comment"A license exception that is listed on the SPDX Exceptions list."@en
> ] -# http://www.w3.org/ns/shacl#NodeShape node71 -node71 [ shape=none, color=black label=<
NodeShape
http://www.w3.org/ns/shacl#NodeShape
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/syntactic node72 -node72 [ shape=none, color=black label=<
syntactic
https://rdf.spdx.org/v3/Dataset/DatasetType/syntactic
rdfs:comment"data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasDistributionArtifact node73 -node73 [ shape=none, color=black label=<
hasDistributionArtifact
https://rdf.spdx.org/v3/Core/RelationshipType/hasDistributionArtifact
rdfs:comment"The `from` Element is distributed as an artifact in each Element `to`, (e.g. an RPM or archive file)"@en
> ] -# Nde9e9deafdca41b2a4b2850c494cc04b node74 -node74 [ shape=none, color=black label=<
Nde9e9deafdca41b2a4b2850c494cc04b
Nde9e9deafdca41b2a4b2850c494cc04b
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/namespace node75 -node75 [ shape=none, color=black label=<
namespace
https://rdf.spdx.org/v3/Core/namespace
rdfs:comment"Provides an unambiguous mechanism for conveying a URI fragment portion of an ElementID."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasAssessmentFor node76 -node76 [ shape=none, color=black label=<
hasAssessmentFor
https://rdf.spdx.org/v3/Core/RelationshipType/hasAssessmentFor
rdfs:comment"(Security) Relates a `from` Vulnerability and each `to` Element(s) with a security assessment. To be used with `VulnAssessmentRelationship` types"@en
> ] -# Na6f4c095663042bf987e880a96b8b148 node77 -node77 [ shape=none, color=black label=<
Na6f4c095663042bf987e880a96b8b148
Na6f4c095663042bf987e880a96b8b148
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/summary node78 -node78 [ shape=none, color=black label=<
summary
https://rdf.spdx.org/v3/Core/summary
rdfs:comment"A short description of an Element."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/module node79 -node79 [ shape=none, color=black label=<
module
https://rdf.spdx.org/v3/Software/SoftwarePurpose/module
rdfs:comment"the Element is a module of a piece of software"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasPrerequsite node80 -node80 [ shape=none, color=black label=<
hasPrerequsite
https://rdf.spdx.org/v3/Core/RelationshipType/hasPrerequsite
rdfs:comment"The `from` Element has a prerequsite on each `to` Element, during a LifecycleScopeType period"@en
> ] -# Nf26fc8a9288649098e4a03706255c0ad node81 -node81 [ shape=none, color=black label=<
Nf26fc8a9288649098e4a03706255c0ad
Nf26fc8a9288649098e4a03706255c0ad
> ] -# https://rdf.spdx.org/v3/Core/Artifact node82 -node82 [ shape=none, color=black label=<
Artifact
https://rdf.spdx.org/v3/Core/Artifact
rdfs:comment"A distinct article or unit within the digital domain."@en
> ] -# N3b8cc710a8434c9e8adc50df7e9726f6 node83 -node83 [ shape=none, color=black label=<
N3b8cc710a8434c9e8adc50df7e9726f6
N3b8cc710a8434c9e8adc50df7e9726f6
> ] -# https://rdf.spdx.org/v3/Security/severity node84 -node84 [ shape=none, color=black label=<
severity
https://rdf.spdx.org/v3/Security/severity
rdfs:comment"Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software."@en
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopeType/build node85 -node85 [ shape=none, color=black label=<
build
https://rdf.spdx.org/v3/Core/LifecycleScopeType/build
rdfs:comment"A relationship has specific context implications during an element's build phase, during development."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/modifiedBy node86 -node86 [ shape=none, color=black label=<
modifiedBy
https://rdf.spdx.org/v3/Core/RelationshipType/modifiedBy
rdfs:comment"The `from` Element is modified by each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/packagedBy node87 -node87 [ shape=none, color=black label=<
packagedBy
https://rdf.spdx.org/v3/Core/RelationshipType/packagedBy
rdfs:comment"Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)"@en
> ] -# https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism node88 -node88 [ shape=none, color=black label=<
datasetUpdateMechanism
https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism
rdfs:comment"Describes a mechanism to update the dataset."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/file node89 -node89 [ shape=none, color=black label=<
file
https://rdf.spdx.org/v3/Software/SoftwarePurpose/file
rdfs:comment"the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc)"@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose node90 -node90 [ shape=none, color=black label=<
SoftwarePurpose
https://rdf.spdx.org/v3/Software/SoftwarePurpose
rdfs:comment"Provides information about the primary purpose of an Element."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/email node91 -node91 [ shape=none, color=black label=<
email
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/email
rdfs:comment"https://datatracker.ietf.org/doc/html/rfc3696#section-3"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType node92 -node92 [ shape=none, color=black label=<
ExternalIdentifierType
https://rdf.spdx.org/v3/Core/ExternalIdentifierType
rdfs:comment"Specifies the type of an external identifier."@en
> ] -# https://rdf.spdx.org/v3/Core/SupportType/noSupport node93 -node93 [ shape=none, color=black label=<
noSupport
https://rdf.spdx.org/v3/Core/SupportType/noSupport
rdfs:comment"there is no support for the artifact from the supplier, consumer assumes any support obligations."@en
> ] -# https://rdf.spdx.org/v3/Core/SupportType node94 -node94 [ shape=none, color=black label=<
SupportType
https://rdf.spdx.org/v3/Core/SupportType
rdfs:comment"Indicates the type of support that is associated with an artifact."@en
> ] -# N546e0866bb1e401aa2295a6f62d7b38b node95 -node95 [ shape=none, color=black label=<
N546e0866bb1e401aa2295a6f62d7b38b
N546e0866bb1e401aa2295a6f62d7b38b
sh:maxCount"1"^^xsd:integer
> ] -# Ne4927c745de548bfa70b9a18fe10a083 node96 -node96 [ shape=none, color=black label=<
Ne4927c745de548bfa70b9a18fe10a083
Ne4927c745de548bfa70b9a18fe10a083
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/AI/modelDataPreprocessing node97 -node97 [ shape=none, color=black label=<
modelDataPreprocessing
https://rdf.spdx.org/v3/AI/modelDataPreprocessing
rdfs:comment"Describes all the preprocessing steps applied to the training data before the model training."@en
> ] -# https://rdf.spdx.org/v3/Core/PackageVerificationCode node98 -node98 [ shape=none, color=black label=<
PackageVerificationCode
https://rdf.spdx.org/v3/Core/PackageVerificationCode
rdfs:comment"An SPDX version 2.X compatible verification method for software packages."@en
> ] -# https://rdf.spdx.org/v3/Core/IntegrityMethod node99 -node99 [ shape=none, color=black label=<
IntegrityMethod
https://rdf.spdx.org/v3/Core/IntegrityMethod
rdfs:comment"Provides an independently reproducible mechanism that permits verification of a specific Element."@en
> ] -# https://rdf.spdx.org/v3/Software/sbomType node100 -node100 [ shape=none, color=black label=<
sbomType
https://rdf.spdx.org/v3/Software/sbomType
rdfs:comment"Provides information about the type of an SBOM."@en
> ] -# https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary node101 -node101 [ shape=none, color=black label=<
vulnerableCodeCannotBeControlledByAdversary
https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary
rdfs:comment"The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack."@en
> ] -# https://rdf.spdx.org/v3/Security/VexJustificationType node102 -node102 [ shape=none, color=black label=<
VexJustificationType
https://rdf.spdx.org/v3/Security/VexJustificationType
rdfs:comment"Specifies the VEX justification type."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/testedOn node103 -node103 [ shape=none, color=black label=<
testedOn
https://rdf.spdx.org/v3/Core/RelationshipType/testedOn
rdfs:comment"(AI, Dataset) The `from` Element has been tested on the `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Security/Vulnerability node104 -node104 [ shape=none, color=black label=<
Vulnerability
https://rdf.spdx.org/v3/Security/Vulnerability
rdfs:comment"Specifies a vulnerability and its associated information."@en
> ] -# N7dda24cd7f5f4503b6b4f93fc7ab97c9 node105 -node105 [ shape=none, color=black label=<
N7dda24cd7f5f4503b6b4f93fc7ab97c9
N7dda24cd7f5f4503b6b4f93fc7ab97c9
sh:maxCount"1"^^xsd:integer
> ] -# Nab5427b1573b465aa214b4d6a09e7fc9 node106 -node106 [ shape=none, color=black label=<
Nab5427b1573b465aa214b4d6a09e7fc9
Nab5427b1573b465aa214b4d6a09e7fc9
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion node107 -node107 [ shape=none, color=black label=<
licenseListVersion
https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion
rdfs:comment"The version of the SPDX License List used in the license expression."@en
> ] -# https://rdf.spdx.org/v3/Core/rootElement node108 -node108 [ shape=none, color=black label=<
rootElement
https://rdf.spdx.org/v3/Core/rootElement
rdfs:comment"This property is used to denote the root Element(s) of a tree of elements contained in an SBOM."@en
> ] -# https://rdf.spdx.org/v3/Core/Element node109 -node109 [ shape=none, color=black label=<
Element
https://rdf.spdx.org/v3/Core/Element
rdfs:comment"Base domain class from which all other SPDX-3.0 domain classes derive."@en
> ] -# N5507f7a4e87148b7b679ae2bf02fe75d node110 -node110 [ shape=none, color=black label=<
N5507f7a4e87148b7b679ae2bf02fe75d
N5507f7a4e87148b7b679ae2bf02fe75d
sh:maxCount"1"^^xsd:integer
> ] -# N2a046462db954bdeb439fda29ad26226 node111 -node111 [ shape=none, color=black label=<
N2a046462db954bdeb439fda29ad26226
N2a046462db954bdeb439fda29ad26226
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship node112 -node112 [ shape=none, color=black label=<
VulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship
rdfs:comment"Abstract ancestor class for all vulnerability assessments"@en
> ] -# https://rdf.spdx.org/v3/Core/Relationship node113 -node113 [ shape=none, color=black label=<
Relationship
https://rdf.spdx.org/v3/Core/Relationship
rdfs:comment"Describes a relationship between one or more elements."@en
> ] -# https://rdf.spdx.org/v3/Core/endIntegerRange node114 -node114 [ shape=none, color=black label=<
endIntegerRange
https://rdf.spdx.org/v3/Core/endIntegerRange
rdfs:comment"Defines the end of a range."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasDeclaredLicense node115 -node115 [ shape=none, color=black label=<
hasDeclaredLicense
https://rdf.spdx.org/v3/Core/RelationshipType/hasDeclaredLicense
rdfs:comment"The `from` Software Artifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/securityThreatModel node116 -node116 [ shape=none, color=black label=<
securityThreatModel
https://rdf.spdx.org/v3/Core/ExternalRefType/securityThreatModel
rdfs:comment"A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package."@en
> ] -# N569d91e585284334ab2d33a1cc8ef421 node117 -node117 [ shape=none, color=black label=<
N569d91e585284334ab2d33a1cc8ef421
N569d91e585284334ab2d33a1cc8ef421
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/sourceInfo node118 -node118 [ shape=none, color=black label=<
sourceInfo
https://rdf.spdx.org/v3/Software/sourceInfo
rdfs:comment"Records any relevant background information or additional comments -about the origin of the package."@en
> ] -# https://rdf.spdx.org/v3/Core/NamespaceMap node119 -node119 [ shape=none, color=black label=<
NamespaceMap
https://rdf.spdx.org/v3/Core/NamespaceMap
rdfs:comment"A mapping between prefixes and namespace partial URIs."@en
> ] -# https://rdf.spdx.org/v3/Security/publishedTime node120 -node120 [ shape=none, color=black label=<
publishedTime
https://rdf.spdx.org/v3/Security/publishedTime
rdfs:comment"Specifies the time when a vulnerability was published."@en
> ] -# https://rdf.spdx.org/v3/Core/DateTime node121 -node121 [ shape=none, color=black label=<
DateTime
https://rdf.spdx.org/v3/Core/DateTime
> ] -# https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship node122 -node122 [ shape=none, color=black label=<
CvssV4VulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship
rdfs:comment"Provides a CVSS version 4 assessment for a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Security/exploited node123 -node123 [ shape=none, color=black label=<
exploited
https://rdf.spdx.org/v3/Security/exploited
rdfs:comment"Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog."@en
> ] -# Ncecd765cc12947ef984e0b22fb617e95 node124 -node124 [ shape=none, color=black label=<
Ncecd765cc12947ef984e0b22fb617e95
Ncecd765cc12947ef984e0b22fb617e95
> ] -# https://rdf.spdx.org/v3/Build/configSourceUri node125 -node125 [ shape=none, color=black label=<
configSourceUri
https://rdf.spdx.org/v3/Build/configSourceUri
rdfs:comment"Property that describes the URI of the build configuration source file."@en
> ] -# https://rdf.spdx.org/v3/Dataset/dataPreprocessing node126 -node126 [ shape=none, color=black label=<
dataPreprocessing
https://rdf.spdx.org/v3/Dataset/dataPreprocessing
rdfs:comment"Describes the preprocessing steps that were applied to the raw data to create the given dataset."@en
> ] -# Nb860712c98974258aa0af55e9cc73735 node127 -node127 [ shape=none, color=black label=<
Nb860712c98974258aa0af55e9cc73735
Nb860712c98974258aa0af55e9cc73735
> ] -# https://rdf.spdx.org/v3/Build/configSourceEntrypoint node128 -node128 [ shape=none, color=black label=<
configSourceEntrypoint
https://rdf.spdx.org/v3/Build/configSourceEntrypoint
rdfs:comment"Property describes the invocation entrypoint of a build."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/socialMedia node129 -node129 [ shape=none, color=black label=<
socialMedia
https://rdf.spdx.org/v3/Core/ExternalRefType/socialMedia
rdfs:comment"A reference to a social media channel for a package."@en
> ] -# Ndb364c9b48f847108340d33cc43999c0 node130 -node130 [ shape=none, color=black label=<
Ndb364c9b48f847108340d33cc43999c0
Ndb364c9b48f847108340d33cc43999c0
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/score node131 -node131 [ shape=none, color=black label=<
score
https://rdf.spdx.org/v3/Security/score
rdfs:comment"Provides a numerical (0-10) representation of the severity of a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation node132 -node132 [ shape=none, color=black label=<
sensitivePersonalInformation
https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation
rdfs:comment"Describes if any sensitive personal information is present in the dataset."@en
> ] -# http://www.w3.org/2002/07/owl#ObjectProperty node133 -node133 [ shape=none, color=black label=<
ObjectProperty
http://www.w3.org/2002/07/owl#ObjectProperty
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/security node134 -node134 [ shape=none, color=black label=<
security
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/security
rdfs:comment"the element follows the Security profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType node135 -node135 [ shape=none, color=black label=<
ProfileIdentifierType
https://rdf.spdx.org/v3/Core/ProfileIdentifierType
rdfs:comment"Enumeration of the valid profiles."@en
> ] -# https://rdf.spdx.org/v3/Software/Package node136 -node136 [ shape=none, color=black label=<
Package
https://rdf.spdx.org/v3/Software/Package
rdfs:comment"Refers to any unit of content that can be associated with a distribution of software."@en
> ] -# N4a083e5bccea4aa6bb0cdcd345e8c5af node137 -node137 [ shape=none, color=black label=<
N4a083e5bccea4aa6bb0cdcd345e8c5af
N4a083e5bccea4aa6bb0cdcd345e8c5af
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/releaseTime node138 -node138 [ shape=none, color=black label=<
releaseTime
https://rdf.spdx.org/v3/Core/releaseTime
rdfs:comment"Specifies the time an artifact was released."@en
> ] -# N7da586f2b18b48baa89694e762b5acfc node139 -node139 [ shape=none, color=black label=<
N7da586f2b18b48baa89694e762b5acfc
N7da586f2b18b48baa89694e762b5acfc
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Build/buildEndTime node140 -node140 [ shape=none, color=black label=<
buildEndTime
https://rdf.spdx.org/v3/Build/buildEndTime
rdfs:comment"Property that describes the time at which a build stops."@en
> ] -# https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship node141 -node141 [ shape=none, color=black label=<
VexAffectedVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship
rdfs:comment"Connects a vulnerability and an element designating the element as a product -affected by the vulnerability."@en
> ] -# http://www.w3.org/2000/01/rdf-schema#Class node142 -node142 [ shape=none, color=black label=<
Class
http://www.w3.org/2000/01/rdf-schema#Class
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/clickthrough node143 -node143 [ shape=none, color=black label=<
clickthrough
https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/clickthrough
rdfs:comment"the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage."@en
> ] -# https://rdf.spdx.org/v3/Core/standardName node144 -node144 [ shape=none, color=black label=<
standardName
https://rdf.spdx.org/v3/Core/standardName
rdfs:comment"The name of a relevant standard that may apply to an artifact."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b384 node145 -node145 [ shape=none, color=black label=<
blake2b384
https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b384
rdfs:comment"blake2b algorithm with a digest size of 384 https://datatracker.ietf.org/doc/html/rfc7693#section-4"@en
> ] -# Nb8e63de39189471b87730e0c122dd304 node146 -node146 [ shape=none, color=black label=<
Nb8e63de39189471b87730e0c122dd304
Nb8e63de39189471b87730e0c122dd304
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/securityFix node147 -node147 [ shape=none, color=black label=<
securityFix
https://rdf.spdx.org/v3/Core/ExternalRefType/securityFix
rdfs:comment"A reference to the patch or source code that fixes a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/AI/typeOfModel node148 -node148 [ shape=none, color=black label=<
typeOfModel
https://rdf.spdx.org/v3/AI/typeOfModel
rdfs:comment"Records the type of the model used in the AI software."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/securityOther node149 -node149 [ shape=none, color=black label=<
securityOther
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/securityOther
rdfs:comment"Used when there is a security related identifier of unspecified type."@en
> ] -# https://rdf.spdx.org/v3/Build/buildId node150 -node150 [ shape=none, color=black label=<
buildId
https://rdf.spdx.org/v3/Build/buildId
rdfs:comment"A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it."@en
> ] -# https://rdf.spdx.org/v3/Software/SbomType/deployed node151 -node151 [ shape=none, color=black label=<
deployed
https://rdf.spdx.org/v3/Software/SbomType/deployed
rdfs:comment"SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/support node152 -node152 [ shape=none, color=black label=<
support
https://rdf.spdx.org/v3/Core/ExternalRefType/support
rdfs:comment"A reference to the software support channel or other support information for a package."@en
> ] -# N7dcb94c9a8294ac3877c287a7ff56582 node153 -node153 [ shape=none, color=black label=<
N7dcb94c9a8294ac3877c287a7ff56582
N7dcb94c9a8294ac3877c287a7ff56582
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/SimpleLicensing/licenseText node154 -node154 [ shape=none, color=black label=<
licenseText
https://rdf.spdx.org/v3/SimpleLicensing/licenseText
rdfs:comment"Identifies the full text of a License or Addition."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/structured node155 -node155 [ shape=none, color=black label=<
structured
https://rdf.spdx.org/v3/Dataset/DatasetType/structured
rdfs:comment"data is stored in tabular format or retrieved from a relational database."@en
> ] -# N20ecbe01adba4a7690add1ef8d9f7c56 node156 -node156 [ shape=none, color=black label=<
N20ecbe01adba4a7690add1ef8d9f7c56
N20ecbe01adba4a7690add1ef8d9f7c56
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/evidence node157 -node157 [ shape=none, color=black label=<
evidence
https://rdf.spdx.org/v3/Software/SoftwarePurpose/evidence
rdfs:comment"the Element is the evidence that a specification or requirement has been fulfilled"@en
> ] -# https://rdf.spdx.org/v3/Core/specVersion node158 -node158 [ shape=none, color=black label=<
specVersion
https://rdf.spdx.org/v3/Core/specVersion
rdfs:comment"Provides a reference number that can be used to understand how to parse and interpret an Element."@en
> ] -# https://rdf.spdx.org/v3/Core/suppliedBy node159 -node159 [ shape=none, color=black label=<
suppliedBy
https://rdf.spdx.org/v3/Core/suppliedBy
rdfs:comment"Identifies who or what supplied the artifact or VulnAssessmentRelationship referenced by the Element."@en
> ] -# https://rdf.spdx.org/v3/Core/context node160 -node160 [ shape=none, color=black label=<
context
https://rdf.spdx.org/v3/Core/context
rdfs:comment"Gives information about the circumstances or unifying properties -that Elements of the bundle have been assembled under."@en
> ] -# https://rdf.spdx.org/v3/Security/ExploitCatalogType node161 -node161 [ shape=none, color=black label=<
ExploitCatalogType
https://rdf.spdx.org/v3/Security/ExploitCatalogType
rdfs:comment"Specifies the exploit catalog type."@en
> ] -# N191ff65d3bb94539a0caf79cb7b80f58 node162 -node162 [ shape=none, color=black label=<
N191ff65d3bb94539a0caf79cb7b80f58
N191ff65d3bb94539a0caf79cb7b80f58
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# Nde8829dc37624a1bb575a7aaf476206f node163 -node163 [ shape=none, color=black label=<
Nde8829dc37624a1bb575a7aaf476206f
Nde8829dc37624a1bb575a7aaf476206f
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/externalRef node164 -node164 [ shape=none, color=black label=<
externalRef
https://rdf.spdx.org/v3/Core/externalRef
rdfs:comment"Points to a resource outside the scope of the SPDX-3.0 content -that provides additional characteristics of an Element."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRef node165 -node165 [ shape=none, color=black label=<
ExternalRef
https://rdf.spdx.org/v3/Core/ExternalRef
rdfs:comment"A reference to a resource outside the scope of SPDX-3.0 content."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/componentAnalysisReport node166 -node166 [ shape=none, color=black label=<
componentAnalysisReport
https://rdf.spdx.org/v3/Core/ExternalRefType/componentAnalysisReport
rdfs:comment"A reference to a Software Composition Analysis (SCA) report."@en
> ] -# Nab74974f7e2a4bb1a9aca9a00d8a75f1 node167 -node167 [ shape=none, color=black label=<
Nab74974f7e2a4bb1a9aca9a00d8a75f1
Nab74974f7e2a4bb1a9aca9a00d8a75f1
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/downloadLocation node168 -node168 [ shape=none, color=black label=<
downloadLocation
https://rdf.spdx.org/v3/Software/downloadLocation
rdfs:comment"Identifies the download Uniform Resource Identifier for the package at the time that the document was created."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/staticAnalysisReport node169 -node169 [ shape=none, color=black label=<
staticAnalysisReport
https://rdf.spdx.org/v3/Core/ExternalRefType/staticAnalysisReport
rdfs:comment"A reference to a static analysis report for a package."@en
> ] -# N6c21c1a7369b4a919831be838768c2b6 node170 -node170 [ shape=none, color=black label=<
N6c21c1a7369b4a919831be838768c2b6
N6c21c1a7369b4a919831be838768c2b6
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/modifiedTime node171 -node171 [ shape=none, color=black label=<
modifiedTime
https://rdf.spdx.org/v3/Security/modifiedTime
rdfs:comment"Specifies a time when a vulnerability assessment was modified"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdversaryModel node172 -node172 [ shape=none, color=black label=<
securityAdversaryModel
https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdversaryModel
rdfs:comment"A reference to the security adversary model for a package."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_384 node173 -node173 [ shape=none, color=black label=<
sha3_384
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_384
rdfs:comment"sha3 with a digest length of 384 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en
> ] -# https://rdf.spdx.org/v3/Core/prefix node174 -node174 [ shape=none, color=black label=<
prefix
https://rdf.spdx.org/v3/Core/prefix
rdfs:comment"A substitute for a URI."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm node175 -node175 [ shape=none, color=black label=<
HashAlgorithm
https://rdf.spdx.org/v3/Core/HashAlgorithm
rdfs:comment"A mathematical algorithm that maps data of arbitrary size to a bit string."@en
> ] -# https://rdf.spdx.org/v3/Core/namespaceMap node176 -node176 [ shape=none, color=black label=<
namespaceMap
https://rdf.spdx.org/v3/Core/namespaceMap
rdfs:comment"Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance."@en
> ] -# https://rdf.spdx.org/v3/Core/description node177 -node177 [ shape=none, color=black label=<
description
https://rdf.spdx.org/v3/Core/description
rdfs:comment"Provides a detailed description of the Element."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/ancestorOf node178 -node178 [ shape=none, color=black label=<
ancestorOf
https://rdf.spdx.org/v3/Core/RelationshipType/ancestorOf
rdfs:comment"The `from` Element is an ancestor of each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition node179 -node179 [ shape=none, color=black label=<
CustomLicenseAddition
https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition
rdfs:comment"A license addition that is not listed on the SPDX Exceptions List."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition node180 -node180 [ shape=none, color=black label=<
LicenseAddition
https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition
rdfs:comment"Abstract class for additional text intended to be added to a License, but -which is not itself a standalone License."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsKyber node181 -node181 [ shape=none, color=black label=<
crystalsKyber
https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsKyber
rdfs:comment"https://pq-crystals.org/kyber/index.shtml"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipCompleteness node182 -node182 [ shape=none, color=black label=<
RelationshipCompleteness
https://rdf.spdx.org/v3/Core/RelationshipCompleteness
rdfs:comment"Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness."@en
> ] -# https://rdf.spdx.org/v3/Security/SsvcDecisionType node183 -node183 [ shape=none, color=black label=<
SsvcDecisionType
https://rdf.spdx.org/v3/Security/SsvcDecisionType
rdfs:comment"Specifies the SSVC decision type."@en
> ] -# https://rdf.spdx.org/v3/Core/Person node184 -node184 [ shape=none, color=black label=<
Person
https://rdf.spdx.org/v3/Core/Person
rdfs:comment"An individual human being."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/sensor node185 -node185 [ shape=none, color=black label=<
sensor
https://rdf.spdx.org/v3/Dataset/DatasetType/sensor
rdfs:comment"data is recorded from a physical sensor, such as a thermometer reading or biometric device."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasVariant node186 -node186 [ shape=none, color=black label=<
hasVariant
https://rdf.spdx.org/v3/Core/RelationshipType/hasVariant
rdfs:comment"Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)"@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/firmware node187 -node187 [ shape=none, color=black label=<
firmware
https://rdf.spdx.org/v3/Software/SoftwarePurpose/firmware
rdfs:comment"the Element provides low level control over a device's hardware"@en
> ] -# https://rdf.spdx.org/v3/Security/vexVersion node188 -node188 [ shape=none, color=black label=<
vexVersion
https://rdf.spdx.org/v3/Security/vexVersion
rdfs:comment"Specifies the version of the VEX document."@en
> ] -# https://rdf.spdx.org/v3/Software/File node189 -node189 [ shape=none, color=black label=<
File
https://rdf.spdx.org/v3/Software/File
rdfs:comment"Refers to any object that stores content on a computer."@en
> ] -# https://rdf.spdx.org/v3/Core/endTime node190 -node190 [ shape=none, color=black label=<
endTime
https://rdf.spdx.org/v3/Core/endTime
rdfs:comment"Specifies the time from which an element is no longer applicable / valid."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasDataFile node191 -node191 [ shape=none, color=black label=<
hasDataFile
https://rdf.spdx.org/v3/Core/RelationshipType/hasDataFile
rdfs:comment"The `from` Element treats each `to` Element as a data file"@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/simpleLicensing node192 -node192 [ shape=none, color=black label=<
simpleLicensing
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/simpleLicensing
rdfs:comment"the element follows the simple Licensing profile specification"@en
> ] -# https://rdf.spdx.org/v3/Software/copyrightText node193 -node193 [ shape=none, color=black label=<
copyrightText
https://rdf.spdx.org/v3/Software/copyrightText
rdfs:comment"Identifies the text of one or more copyright notices for a software Package, -File or Snippet, if any."@en
> ] -# https://rdf.spdx.org/v3/Core/PresenceType/yes node194 -node194 [ shape=none, color=black label=<
yes
https://rdf.spdx.org/v3/Core/PresenceType/yes
rdfs:comment"Indicates presence of the field."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition node195 -node195 [ shape=none, color=black label=<
subjectAddition
https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition
rdfs:comment"A LicenseAddition participating in a 'with addition' model."@en
> ] -# https://rdf.spdx.org/v3/Software/packageUrl node196 -node196 [ shape=none, color=black label=<
packageUrl
https://rdf.spdx.org/v3/Software/packageUrl
rdfs:comment"Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package."@en
> ] -# http://www.w3.org/2001/XMLSchema#anyURI node197 -node197 [ shape=none, color=black label=<
anyURI
http://www.w3.org/2001/XMLSchema#anyURI
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType node198 -node198 [ shape=none, color=black label=<
DatasetAvailabilityType
https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType
rdfs:comment"Availability of dataset"@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso node199 -node199 [ shape=none, color=black label=<
seeAlso
https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso
rdfs:comment"Contains a URL where the License or LicenseAddition can be found in use."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/other node200 -node200 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Core/HashAlgorithm/other
rdfs:comment"any hashing algorithm that does not exist in this list of entries"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasRequirement node201 -node201 [ shape=none, color=black label=<
hasRequirement
https://rdf.spdx.org/v3/Core/RelationshipType/hasRequirement
rdfs:comment"The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period"@en
> ] -# N405bfeaace5248f0b3100565ecfc1348 node202 -node202 [ shape=none, color=black label=<
N405bfeaace5248f0b3100565ecfc1348
N405bfeaace5248f0b3100565ecfc1348
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml node203 -node203 [ shape=none, color=black label=<
licenseXml
https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml
rdfs:comment"Identifies all the text and metadata associated with a license in the license XML format."@en
> ] -# Nb3ebec013faa418d962aac516ac769a5 node204 -node204 [ shape=none, color=black label=<
Nb3ebec013faa418d962aac516ac769a5
Nb3ebec013faa418d962aac516ac769a5
sh:minCount"1"^^xsd:integer
> ] -# Nad1d4443dde6453fb97cf03d5f392827 node205 -node205 [ shape=none, color=black label=<
Nad1d4443dde6453fb97cf03d5f392827
Nad1d4443dde6453fb97cf03d5f392827
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/md6 node206 -node206 [ shape=none, color=black label=<
md6
https://rdf.spdx.org/v3/Core/HashAlgorithm/md6
rdfs:comment"https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf"@en
> ] -# https://rdf.spdx.org/v3/Core/PositiveIntegerRange node207 -node207 [ shape=none, color=black label=<
PositiveIntegerRange
https://rdf.spdx.org/v3/Core/PositiveIntegerRange
rdfs:comment"A tuple of two positive integers that define a range."@en
> ] -# N335f0b90407e48569deabd6bde531854 node208 -node208 [ shape=none, color=black label=<
N335f0b90407e48569deabd6bde531854
N335f0b90407e48569deabd6bde531854
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasAddedFile node209 -node209 [ shape=none, color=black label=<
hasAddedFile
https://rdf.spdx.org/v3/Core/RelationshipType/hasAddedFile
rdfs:comment"Every `to` Element is is a file added to the `from` Element (`from` hasAddedFile `to`)"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasStaticLink node210 -node210 [ shape=none, color=black label=<
hasStaticLink
https://rdf.spdx.org/v3/Core/RelationshipType/hasStaticLink
rdfs:comment"The `from` Element statically links in each `to` Element, during a LifecycleScopeType period"@en
> ] -# https://rdf.spdx.org/v3/Core/ElementCollection node211 -node211 [ shape=none, color=black label=<
ElementCollection
https://rdf.spdx.org/v3/Core/ElementCollection
rdfs:comment"A collection of Elements, not necessarily with unifying context."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/securityPolicy node212 -node212 [ shape=none, color=black label=<
securityPolicy
https://rdf.spdx.org/v3/Core/ExternalRefType/securityPolicy
rdfs:comment"A reference to instructions for reporting newly discovered security vulnerabilities for a package."@en
> ] -# https://rdf.spdx.org/v3/Core/scope node213 -node213 [ shape=none, color=black label=<
scope
https://rdf.spdx.org/v3/Core/scope
rdfs:comment"Capture the scope of information about a specific relationship between elements."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/issueTracker node214 -node214 [ shape=none, color=black label=<
issueTracker
https://rdf.spdx.org/v3/Core/ExternalRefType/issueTracker
rdfs:comment"A reference to the issue tracker for a package."@en
> ] -# https://rdf.spdx.org/v3/Build/parameters node215 -node215 [ shape=none, color=black label=<
parameters
https://rdf.spdx.org/v3/Build/parameters
rdfs:comment"Property describing the parameters used in an instance of a build."@en
> ] -# https://rdf.spdx.org/v3/Core/DictionaryEntry node216 -node216 [ shape=none, color=black label=<
DictionaryEntry
https://rdf.spdx.org/v3/Core/DictionaryEntry
rdfs:comment"A key with an associated value."@en
> ] -# https://rdf.spdx.org/v3/AI/hyperparameter node217 -node217 [ shape=none, color=black label=<
hyperparameter
https://rdf.spdx.org/v3/AI/hyperparameter
rdfs:comment"Records a hyperparameter used to build the AI model contained in the AI package."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/license node218 -node218 [ shape=none, color=black label=<
license
https://rdf.spdx.org/v3/Core/ExternalRefType/license
rdfs:comment"A reference to additional license information related to an artifact."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/altDownloadLocation node219 -node219 [ shape=none, color=black label=<
altDownloadLocation
https://rdf.spdx.org/v3/Core/ExternalRefType/altDownloadLocation
rdfs:comment"A reference to an alternative download location."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/certificationReport node220 -node220 [ shape=none, color=black label=<
certificationReport
https://rdf.spdx.org/v3/Core/ExternalRefType/certificationReport
rdfs:comment"A reference to a certification report for a package from an accredited/independent body."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_512 node221 -node221 [ shape=none, color=black label=<
sha3_512
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_512
rdfs:comment"sha3 with a digest length of 512 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/directDownload node222 -node222 [ shape=none, color=black label=<
directDownload
https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/directDownload
rdfs:comment"the dataset is publicly available and can be downloaded directly."@en
> ] -# Nad719ce2d9384054a1f3e7da3acc7f72 node223 -node223 [ shape=none, color=black label=<
Nad719ce2d9384054a1f3e7da3acc7f72
Nad719ce2d9384054a1f3e7da3acc7f72
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/AI/metricDecisionThreshold node224 -node224 [ shape=none, color=black label=<
metricDecisionThreshold
https://rdf.spdx.org/v3/AI/metricDecisionThreshold
rdfs:comment"Captures the threshold that was used for computation of a metric described in the metric field."@en
> ] -# https://rdf.spdx.org/v3/Build/Build node225 -node225 [ shape=none, color=black label=<
Build
https://rdf.spdx.org/v3/Build/Build
rdfs:comment"Class that describes a build instance of software/artifacts."@en
> ] -# N68e0d6fb609e4e458d59f41de92f1322 node226 -node226 [ shape=none, color=black label=<
N68e0d6fb609e4e458d59f41de92f1322
N68e0d6fb609e4e458d59f41de92f1322
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/relationshipType node227 -node227 [ shape=none, color=black label=<
relationshipType
https://rdf.spdx.org/v3/Core/relationshipType
rdfs:comment"Information about the relationship between two Elements."@en
> ] -# Nd630d31d55784785b0d23eec0a9b3742 node228 -node228 [ shape=none, color=black label=<
Nd630d31d55784785b0d23eec0a9b3742
Nd630d31d55784785b0d23eec0a9b3742
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/deviceDriver node229 -node229 [ shape=none, color=black label=<
deviceDriver
https://rdf.spdx.org/v3/Software/SoftwarePurpose/deviceDriver
rdfs:comment"Element represents software that controls hardware devices"@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/dataset node230 -node230 [ shape=none, color=black label=<
dataset
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/dataset
rdfs:comment"the element follows the Dataset profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/Annotation node231 -node231 [ shape=none, color=black label=<
Annotation
https://rdf.spdx.org/v3/Core/Annotation
rdfs:comment"An assertion made in relation to one or more elements."@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/build node232 -node232 [ shape=none, color=black label=<
build
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/build
rdfs:comment"the element follows the Build profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/ai node233 -node233 [ shape=none, color=black label=<
ai
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/ai
rdfs:comment"the element follows the AI profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/productMetadata node234 -node234 [ shape=none, color=black label=<
productMetadata
https://rdf.spdx.org/v3/Core/ExternalRefType/productMetadata
rdfs:comment"A reference to additional product metadata such as reference within organization's product catalog."@en
> ] -# N01ddeabd8c9e48b49c1037cd0c51a382 node235 -node235 [ shape=none, color=black label=<
N01ddeabd8c9e48b49c1037cd0c51a382
N01ddeabd8c9e48b49c1037cd0c51a382
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy node236 -node236 [ shape=none, color=black label=<
obsoletedBy
https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy
rdfs:comment"Specifies the licenseId that is preferred to be used in place of a deprecated -License or LicenseAddition."@en
> ] -# http://www.w3.org/2001/XMLSchema#positiveInteger node237 -node237 [ shape=none, color=black label=<
positiveInteger
http://www.w3.org/2001/XMLSchema#positiveInteger
> ] -# https://rdf.spdx.org/v3/Core/Agent node238 -node238 [ shape=none, color=black label=<
Agent
https://rdf.spdx.org/v3/Core/Agent
rdfs:comment"Agent represents anything with the potential to act on a system."@en
> ] -# https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship node239 -node239 [ shape=none, color=black label=<
SsvcVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship
rdfs:comment"Provides an SSVC assessment for a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Software/Sbom node240 -node240 [ shape=none, color=black label=<
Sbom
https://rdf.spdx.org/v3/Software/Sbom
rdfs:comment"A collection of SPDX Elements describing a single package."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId node241 -node241 [ shape=none, color=black label=<
isDeprecatedLicenseId
https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId
rdfs:comment"Specifies whether a license or additional text identifier has been marked as -deprecated."@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/core node242 -node242 [ shape=none, color=black label=<
core
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/core
rdfs:comment"the element follows the Core profile specification"@en
> ] -# Nd2d3b8c6b76242c087fdc3f20bc0030a node243 -node243 [ shape=none, color=black label=<
Nd2d3b8c6b76242c087fdc3f20bc0030a
Nd2d3b8c6b76242c087fdc3f20bc0030a
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/Organization node244 -node244 [ shape=none, color=black label=<
Organization
https://rdf.spdx.org/v3/Core/Organization
rdfs:comment"A group of people who work together in an organized way for a shared purpose."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalMap node245 -node245 [ shape=none, color=black label=<
ExternalMap
https://rdf.spdx.org/v3/Core/ExternalMap
rdfs:comment"A map of Element identifiers that are used within a Document but defined external to that Document."@en
> ] -# Nea4f9256a8d04d8da5e521a41046af01 node246 -node246 [ shape=none, color=black label=<
Nea4f9256a8d04d8da5e521a41046af01
Nea4f9256a8d04d8da5e521a41046af01
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate node247 -node247 [ shape=none, color=black label=<
standardAdditionTemplate
https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate
rdfs:comment"Identifies the full text of a LicenseAddition, in SPDX templating format."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/chat node248 -node248 [ shape=none, color=black label=<
chat
https://rdf.spdx.org/v3/Core/ExternalRefType/chat
rdfs:comment"A reference to the instant messaging system used by the maintainer for a package."@en
> ] -# https://rdf.spdx.org/v3/Security/decisionType node249 -node249 [ shape=none, color=black label=<
decisionType
https://rdf.spdx.org/v3/Security/decisionType
rdfs:comment"Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf)"@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/timeseries node250 -node250 [ shape=none, color=black label=<
timeseries
https://rdf.spdx.org/v3/Dataset/DatasetType/timeseries
rdfs:comment"data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day."@en
> ] -# N54e84abcdd0c49baa5881973534a5317 node251 -node251 [ shape=none, color=black label=<
N54e84abcdd0c49baa5881973534a5317
N54e84abcdd0c49baa5881973534a5317
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader node252 -node252 [ shape=none, color=black label=<
standardLicenseHeader
https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader
rdfs:comment"Provides a License author's preferred text to indicate that a file is covered -by the License."@en
> ] -# https://rdf.spdx.org/v3/Core/profileConformance node253 -node253 [ shape=none, color=black label=<
profileConformance
https://rdf.spdx.org/v3/Core/profileConformance
rdfs:comment"Describes one a profile which the creator of this ElementCollection intends to conform to."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense node254 -node254 [ shape=none, color=black label=<
subjectExtendableLicense
https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense
rdfs:comment"A License participating in a 'with addition' model."@en
> ] -# Nb9b02a97b93b44d980ba644a140ff854 node255 -node255 [ shape=none, color=black label=<
Nb9b02a97b93b44d980ba644a140ff854
Nb9b02a97b93b44d980ba644a140ff854
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# N41cd9c52d93e48e4a7c4486d198b3391 node256 -node256 [ shape=none, color=black label=<
N41cd9c52d93e48e4a7c4486d198b3391
N41cd9c52d93e48e4a7c4486d198b3391
> ] -# https://rdf.spdx.org/v3/Core/createdUsing node257 -node257 [ shape=none, color=black label=<
createdUsing
https://rdf.spdx.org/v3/Core/createdUsing
rdfs:comment"Identifies the tooling that was used during the creation of the Element."@en
> ] -# https://rdf.spdx.org/v3/Core/Bundle node258 -node258 [ shape=none, color=black label=<
Bundle
https://rdf.spdx.org/v3/Core/Bundle
rdfs:comment"A collection of Elements that have a shared context."@en
> ] -# https://rdf.spdx.org/v3/Software/additionalPurpose node259 -node259 [ shape=none, color=black label=<
additionalPurpose
https://rdf.spdx.org/v3/Software/additionalPurpose
rdfs:comment"Provides additional purpose information of the software artifact."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/requirement node260 -node260 [ shape=none, color=black label=<
requirement
https://rdf.spdx.org/v3/Software/SoftwarePurpose/requirement
rdfs:comment"the Element provides a requirement needed as input for another Element"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/releaseHistory node261 -node261 [ shape=none, color=black label=<
releaseHistory
https://rdf.spdx.org/v3/Core/ExternalRefType/releaseHistory
rdfs:comment"A reference to a published list of releases for a package."@en
> ] -# https://rdf.spdx.org/v3/Core/SpdxDocument node262 -node262 [ shape=none, color=black label=<
SpdxDocument
https://rdf.spdx.org/v3/Core/SpdxDocument
rdfs:comment"A collection of SPDX Elements that could potentially be serialized."@en
> ] -# https://rdf.spdx.org/v3/Core/createdBy node263 -node263 [ shape=none, color=black label=<
createdBy
https://rdf.spdx.org/v3/Core/createdBy
rdfs:comment"Identifies who or what created the Element."@en
> ] -# https://rdf.spdx.org/v3/Core/statement node264 -node264 [ shape=none, color=black label=<
statement
https://rdf.spdx.org/v3/Core/statement
rdfs:comment"Commentary on an assertion that an annotator has made."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/NoAssertionLicense node265 -node265 [ shape=none, color=black label=<
NoAssertionLicense
https://rdf.spdx.org/v3/ExpandedLicensing/NoAssertionLicense
rdfs:comment"An Individual Value for License when no assertion can be made about its actual value."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha384 node266 -node266 [ shape=none, color=black label=<
sha384
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha384
rdfs:comment"secure hashing algorithm with a digest length of 384 https://www.rfc-editor.org/rfc/rfc4634"@en
> ] -# https://rdf.spdx.org/v3/Software/SbomType/runtime node267 -node267 [ shape=none, color=black label=<
runtime
https://rdf.spdx.org/v3/Software/SbomType/runtime
rdfs:comment"SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an “Instrumented” or “Dynamic” SBOM."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipCompleteness/noAssertion node268 -node268 [ shape=none, color=black label=<
noAssertion
https://rdf.spdx.org/v3/Core/RelationshipCompleteness/noAssertion
rdfs:comment"No assertion can be made about the completeness of the relationship."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/manifest node269 -node269 [ shape=none, color=black label=<
manifest
https://rdf.spdx.org/v3/Software/SoftwarePurpose/manifest
rdfs:comment"the Element is a software manifest"@en
> ] -# N4df6b7068b8f4d23b23275fe4d4b1eaa node270 -node270 [ shape=none, color=black label=<
N4df6b7068b8f4d23b23275fe4d4b1eaa
N4df6b7068b8f4d23b23275fe4d4b1eaa
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/attributionText node271 -node271 [ shape=none, color=black label=<
attributionText
https://rdf.spdx.org/v3/Software/attributionText
rdfs:comment"Provides a place for the SPDX data creator to record acknowledgement text for -a software Package, File or Snippet."@en
> ] -# https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/green node272 -node272 [ shape=none, color=black label=<
green
https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/green
rdfs:comment"Dataset can be shared within a community of peers and partners."@en
> ] -# https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType node273 -node273 [ shape=none, color=black label=<
ConfidentialityLevelType
https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType
rdfs:comment"Categories of confidentiality level."@en
> ] -# https://rdf.spdx.org/v3/Core/supportLevel node274 -node274 [ shape=none, color=black label=<
supportLevel
https://rdf.spdx.org/v3/Core/supportLevel
rdfs:comment"Specifies the level of support associated with an artifact."@en
> ] -# Nf87b0294df8a4dc3b3e2ccf68b34a6aa node275 -node275 [ shape=none, color=black label=<
Nf87b0294df8a4dc3b3e2ccf68b34a6aa
Nf87b0294df8a4dc3b3e2ccf68b34a6aa
sh:minCount"2"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/affects node276 -node276 [ shape=none, color=black label=<
affects
https://rdf.spdx.org/v3/Core/RelationshipType/affects
rdfs:comment"(Security/VEX) The `from` vulnerability affect each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/extension node277 -node277 [ shape=none, color=black label=<
extension
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/extension
rdfs:comment"the element follows the Extension profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/SupportType/limitedSupport node278 -node278 [ shape=none, color=black label=<
limitedSupport
https://rdf.spdx.org/v3/Core/SupportType/limitedSupport
rdfs:comment"the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/privacyAssessment node279 -node279 [ shape=none, color=black label=<
privacyAssessment
https://rdf.spdx.org/v3/Core/ExternalRefType/privacyAssessment
rdfs:comment"A reference to a privacy assessment for a package."@en
> ] -# N3726047a2a2a411ab64cf294a95f8bbc node280 -node280 [ shape=none, color=black label=<
N3726047a2a2a411ab64cf294a95f8bbc
N3726047a2a2a411ab64cf294a95f8bbc
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/container node281 -node281 [ shape=none, color=black label=<
container
https://rdf.spdx.org/v3/Software/SoftwarePurpose/container
rdfs:comment"the Element is a container image which can be used by a container runtime application"@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/install node282 -node282 [ shape=none, color=black label=<
install
https://rdf.spdx.org/v3/Software/SoftwarePurpose/install
rdfs:comment"the Element is used to install software on disk"@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b512 node283 -node283 [ shape=none, color=black label=<
blake2b512
https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b512
rdfs:comment"blake2b algorithm with a digest size of 512 https://datatracker.ietf.org/doc/html/rfc7693#section-4"@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha512 node284 -node284 [ shape=none, color=black label=<
sha512
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha512
rdfs:comment"secure hashing algorithm with a digest length of 512 https://www.rfc-editor.org/rfc/rfc4634"@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/data node285 -node285 [ shape=none, color=black label=<
data
https://rdf.spdx.org/v3/Software/SoftwarePurpose/data
rdfs:comment"Element is data"@en
> ] -# https://rdf.spdx.org/v3/Security/actionStatement node286 -node286 [ shape=none, color=black label=<
actionStatement
https://rdf.spdx.org/v3/Security/actionStatement
rdfs:comment"Provides advise on how to mitigate or remediate a vulnerability when a VEX product -is affected by it."@en
> ] -# https://rdf.spdx.org/v3/Core/definingArtifact node287 -node287 [ shape=none, color=black label=<
definingArtifact
https://rdf.spdx.org/v3/Core/definingArtifact
rdfs:comment"Artifact representing a serialization instance of SPDX data containing the definition of a particular Element."@en
> ] -# N0d51535fbe56474b82b26c81f19ff620 node288 -node288 [ shape=none, color=black label=<
N0d51535fbe56474b82b26c81f19ff620
N0d51535fbe56474b82b26c81f19ff620
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/eolNotice node289 -node289 [ shape=none, color=black label=<
eolNotice
https://rdf.spdx.org/v3/Core/ExternalRefType/eolNotice
rdfs:comment"A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package."@en
> ] -# https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship node290 -node290 [ shape=none, color=black label=<
VexFixedVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship
rdfs:comment"Links a vulnerability and elements representing products (in the VEX sense) where -a fix has been applied and are no longer affected."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/source node291 -node291 [ shape=none, color=black label=<
source
https://rdf.spdx.org/v3/Software/SoftwarePurpose/source
rdfs:comment"the Element is a single or a collection of source files"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/funding node292 -node292 [ shape=none, color=black label=<
funding
https://rdf.spdx.org/v3/Core/ExternalRefType/funding
rdfs:comment"A reference to funding information related to a package."@en
> ] -# N7274851c5c9a4d77803f1afc75f4b68f node293 -node293 [ shape=none, color=black label=<
N7274851c5c9a4d77803f1afc75f4b68f
N7274851c5c9a4d77803f1afc75f4b68f
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/hashValue node294 -node294 [ shape=none, color=black label=<
hashValue
https://rdf.spdx.org/v3/Core/hashValue
rdfs:comment"The result of applying a hash algorithm to an Element."@en
> ] -# https://rdf.spdx.org/v3/Security/VexJustificationType/inlineMitigationsAlreadyExist node295 -node295 [ shape=none, color=black label=<
inlineMitigationsAlreadyExist
https://rdf.spdx.org/v3/Security/VexJustificationType/inlineMitigationsAlreadyExist
rdfs:comment"Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator node296 -node296 [ shape=none, color=black label=<
WithAdditionOperator
https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator
rdfs:comment"Portion of an AnyLicenseInfo representing a License which has additional -text applied to it."@en
> ] -# https://rdf.spdx.org/v3/Security/probability node297 -node297 [ shape=none, color=black label=<
probability
https://rdf.spdx.org/v3/Security/probability
rdfs:comment"A probability score between 0 and 1 of a vulnerability being exploited."@en
> ] -# http://www.w3.org/2001/XMLSchema#decimal node298 -node298 [ shape=none, color=black label=<
decimal
http://www.w3.org/2001/XMLSchema#decimal
> ] -# http://www.w3.org/2001/XMLSchema#boolean node299 -node299 [ shape=none, color=black label=<
boolean
http://www.w3.org/2001/XMLSchema#boolean
> ] -# https://rdf.spdx.org/v3/Security/CvssSeverityType/medium node300 -node300 [ shape=none, color=black label=<
medium
https://rdf.spdx.org/v3/Security/CvssSeverityType/medium
rdfs:comment"When a CVSS score is between 4 - 6.9"@en
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopeType/design node301 -node301 [ shape=none, color=black label=<
design
https://rdf.spdx.org/v3/Core/LifecycleScopeType/design
rdfs:comment"A relationship has specific context implications during an element's design."@en
> ] -# N946366c1dd39430e84414a6228dbb053 node302 -node302 [ shape=none, color=black label=<
N946366c1dd39430e84414a6228dbb053
N946366c1dd39430e84414a6228dbb053
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/reportedBy node303 -node303 [ shape=none, color=black label=<
reportedBy
https://rdf.spdx.org/v3/Core/RelationshipType/reportedBy
rdfs:comment"(Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent"@en
> ] -# https://rdf.spdx.org/v3/Software/packageVersion node304 -node304 [ shape=none, color=black label=<
packageVersion
https://rdf.spdx.org/v3/Software/packageVersion
rdfs:comment"Identify the version of a package."@en
> ] -# https://rdf.spdx.org/v3/Software/primaryPurpose node305 -node305 [ shape=none, color=black label=<
primaryPurpose
https://rdf.spdx.org/v3/Software/primaryPurpose
rdfs:comment"Provides information about the primary purpose of the software artifact."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasSpecification node306 -node306 [ shape=none, color=black label=<
hasSpecification
https://rdf.spdx.org/v3/Core/RelationshipType/hasSpecification
rdfs:comment"Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period"@en
> ] -# N723fbc7a31aa422785c6388e2df047e3 node307 -node307 [ shape=none, color=black label=<
N723fbc7a31aa422785c6388e2df047e3
N723fbc7a31aa422785c6388e2df047e3
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipCompleteness/complete node308 -node308 [ shape=none, color=black label=<
complete
https://rdf.spdx.org/v3/Core/RelationshipCompleteness/complete
rdfs:comment"The relationship is known to be exhaustive."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swid node309 -node309 [ shape=none, color=black label=<
swid
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swid
rdfs:comment"https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-21.html#section-2.3"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/runtimeAnalysisReport node310 -node310 [ shape=none, color=black label=<
runtimeAnalysisReport
https://rdf.spdx.org/v3/Core/ExternalRefType/runtimeAnalysisReport
rdfs:comment"A reference to a runtime analysis report for a package."@en
> ] -# https://rdf.spdx.org/v3/Security/SsvcDecisionType/act node311 -node311 [ shape=none, color=black label=<
act
https://rdf.spdx.org/v3/Security/SsvcDecisionType/act
rdfs:comment"The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalDependency node312 -node312 [ shape=none, color=black label=<
hasOptionalDependency
https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalDependency
rdfs:comment"The `from` Element optionally depends on each `to` Element during a LifecycleScopeType period"@en
> ] -# N03ecc1ce186b4a458ba6b556cd338fa3 node313 -node313 [ shape=none, color=black label=<
N03ecc1ce186b4a458ba6b556cd338fa3
N03ecc1ce186b4a458ba6b556cd338fa3
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/configuration node314 -node314 [ shape=none, color=black label=<
configuration
https://rdf.spdx.org/v3/Software/SoftwarePurpose/configuration
rdfs:comment"Element is configuration data"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/generates node315 -node315 [ shape=none, color=black label=<
generates
https://rdf.spdx.org/v3/Core/RelationshipType/generates
rdfs:comment"The `from` Element generates each `to` Element"@en
> ] -# N2151950099c4426780325b1e5d39bbc2 node316 -node316 [ shape=none, color=black label=<
N2151950099c4426780325b1e5d39bbc2
N2151950099c4426780325b1e5d39bbc2
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/AI/informationAboutTraining node317 -node317 [ shape=none, color=black label=<
informationAboutTraining
https://rdf.spdx.org/v3/AI/informationAboutTraining
rdfs:comment"Describes relevant information about different steps of the training process."@en
> ] -# https://rdf.spdx.org/v3/Software/byteRange node318 -node318 [ shape=none, color=black label=<
byteRange
https://rdf.spdx.org/v3/Software/byteRange
rdfs:comment"Defines the byte range in the original host file that the snippet information applies to."@en
> ] -# N654098939a2a4affaf1fb1dc5d88159c node319 -node319 [ shape=none, color=black label=<
N654098939a2a4affaf1fb1dc5d88159c
N654098939a2a4affaf1fb1dc5d88159c
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# N0d19254cdf9f44ada5dbaaa9183e0c92 node320 -node320 [ shape=none, color=black label=<
N0d19254cdf9f44ada5dbaaa9183e0c92
N0d19254cdf9f44ada5dbaaa9183e0c92
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/serious node321 -node321 [ shape=none, color=black label=<
serious
https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/serious
rdfs:comment"The highest level of risk posed by an AI software."@en
> ] -# Ne6330b148f3943d8b18e9a80e002c437 node322 -node322 [ shape=none, color=black label=<
Ne6330b148f3943d8b18e9a80e002c437
Ne6330b148f3943d8b18e9a80e002c437
sh:maxCount"1"^^xsd:integer
> ] -# Nab78c3013a114d78bd1f530c9c88a001 node323 -node323 [ shape=none, color=black label=<
Nab78c3013a114d78bd1f530c9c88a001
Nab78c3013a114d78bd1f530c9c88a001
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/creationInfo node324 -node324 [ shape=none, color=black label=<
creationInfo
https://rdf.spdx.org/v3/Core/creationInfo
rdfs:comment"Provides information about the creation of the Element."@en
> ] -# N3814fcf92e7d403d9ba2dfb4593eba60 node325 -node325 [ shape=none, color=black label=<
N3814fcf92e7d403d9ba2dfb4593eba60
N3814fcf92e7d403d9ba2dfb4593eba60
> ] -# https://rdf.spdx.org/v3/Core/annotationType node326 -node326 [ shape=none, color=black label=<
annotationType
https://rdf.spdx.org/v3/Core/annotationType
rdfs:comment"Describes the type of annotation."@en
> ] -# Nfcc9cffbc6334d5588b62233679fa30e node327 -node327 [ shape=none, color=black label=<
Nfcc9cffbc6334d5588b62233679fa30e
Nfcc9cffbc6334d5588b62233679fa30e
> ] -# https://rdf.spdx.org/v3/Core/externalSpdxId node328 -node328 [ shape=none, color=black label=<
externalSpdxId
https://rdf.spdx.org/v3/Core/externalSpdxId
rdfs:comment"Identifies an external Element used within a Document but defined external to that Document."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved node329 -node329 [ shape=none, color=black label=<
isOsiApproved
https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved
rdfs:comment"Specifies whether the License is listed as approved by the -[Open Source Initiative (OSI)](https://opensource.org)."@en
> ] -# https://rdf.spdx.org/v3/Build/buildStartTime node330 -node330 [ shape=none, color=black label=<
buildStartTime
https://rdf.spdx.org/v3/Build/buildStartTime
rdfs:comment"Property describing the start time of a build."@en
> ] -# N7afac6283b48428dba9a6116b205df16 node331 -node331 [ shape=none, color=black label=<
N7afac6283b48428dba9a6116b205df16
N7afac6283b48428dba9a6116b205df16
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/vcs node332 -node332 [ shape=none, color=black label=<
vcs
https://rdf.spdx.org/v3/Core/ExternalRefType/vcs
rdfs:comment"A reference to a version control system related to a software artifact."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId node333 -node333 [ shape=none, color=black label=<
isDeprecatedAdditionId
https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId
rdfs:comment"Specifies whether an additional text identifier has been marked as deprecated."@en
> ] -# https://rdf.spdx.org/v3/Security/SsvcDecisionType/trackStar node334 -node334 [ shape=none, color=black label=<
trackStar
https://rdf.spdx.org/v3/Security/SsvcDecisionType/trackStar
rdfs:comment"(Track* in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines."@en
> ] -# N52b3bb7501a24cc3ab1f9554c6cfd491 node335 -node335 [ shape=none, color=black label=<
N52b3bb7501a24cc3ab1f9554c6cfd491
N52b3bb7501a24cc3ab1f9554c6cfd491
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/republishedBy node336 -node336 [ shape=none, color=black label=<
republishedBy
https://rdf.spdx.org/v3/Core/RelationshipType/republishedBy
rdfs:comment"(Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s)"@en
> ] -# Nf8d2ee3a89494324a0c762e2a6e4f8c8 node337 -node337 [ shape=none, color=black label=<
Nf8d2ee3a89494324a0c762e2a6e4f8c8
Nf8d2ee3a89494324a0c762e2a6e4f8c8
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/comment node338 -node338 [ shape=none, color=black label=<
comment
https://rdf.spdx.org/v3/Core/comment
rdfs:comment"Provide consumers with comments by the creator of the Element about the Element."@en
> ] -# N198932ca8ba9447c8421590aaf37a043 node339 -node339 [ shape=none, color=black label=<
N198932ca8ba9447c8421590aaf37a043
N198932ca8ba9447c8421590aaf37a043
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Extension/Extension node340 -node340 [ shape=none, color=black label=<
Extension
https://rdf.spdx.org/v3/Extension/Extension
rdfs:comment"A characterization of some aspect of an Element that is associated with the Element in a generalized fashion."@en
> ] -# N7eb97617153a4728b7df9d7215b4b891 node341 -node341 [ shape=none, color=black label=<
N7eb97617153a4728b7df9d7215b4b891
N7eb97617153a4728b7df9d7215b4b891
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# N469681c7e14148679b505b47ee6988e9 node342 -node342 [ shape=none, color=black label=<
N469681c7e14148679b505b47ee6988e9
N469681c7e14148679b505b47ee6988e9
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/additionText node343 -node343 [ shape=none, color=black label=<
additionText
https://rdf.spdx.org/v3/ExpandedLicensing/additionText
rdfs:comment"Identifies the full text of a LicenseAddition."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/trainedOn node344 -node344 [ shape=none, color=black label=<
trainedOn
https://rdf.spdx.org/v3/Core/RelationshipType/trainedOn
rdfs:comment"(AI, Dataset) The `from` Element has been trained by the `to` Element(s)"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/contains node345 -node345 [ shape=none, color=black label=<
contains
https://rdf.spdx.org/v3/Core/RelationshipType/contains
rdfs:comment"The `from` Element contains each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Core/Tool node346 -node346 [ shape=none, color=black label=<
Tool
https://rdf.spdx.org/v3/Core/Tool
rdfs:comment"An element of hardware and/or software utilized to carry out a particular function."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/platform node347 -node347 [ shape=none, color=black label=<
platform
https://rdf.spdx.org/v3/Software/SoftwarePurpose/platform
rdfs:comment"Element represents a runtime environment"@en
> ] -# N9cf4feed77a8472f9cf0f837845270f4 node348 -node348 [ shape=none, color=black label=<
N9cf4feed77a8472f9cf0f837845270f4
N9cf4feed77a8472f9cf0f837845270f4
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Dataset/datasetNoise node349 -node349 [ shape=none, color=black label=<
datasetNoise
https://rdf.spdx.org/v3/Dataset/datasetNoise
rdfs:comment"Describes potentially noisy elements of the dataset."@en
> ] -# https://rdf.spdx.org/v3/Core/identifierLocator node350 -node350 [ shape=none, color=black label=<
identifierLocator
https://rdf.spdx.org/v3/Core/identifierLocator
rdfs:comment"Provides the location for more information regarding an external identifier."@en
> ] -# https://rdf.spdx.org/v3/Software/SbomType node351 -node351 [ shape=none, color=black label=<
SbomType
https://rdf.spdx.org/v3/Software/SbomType
rdfs:comment"Provides a set of values to be used to describe the common types of SBOMs that tools may create."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/application node352 -node352 [ shape=none, color=black label=<
application
https://rdf.spdx.org/v3/Software/SoftwarePurpose/application
rdfs:comment"the Element is a software application"@en
> ] -# https://rdf.spdx.org/v3/Security/actionStatementTime node353 -node353 [ shape=none, color=black label=<
actionStatementTime
https://rdf.spdx.org/v3/Security/actionStatementTime
rdfs:comment"Records the time when a recommended action was communicated in a VEX statement -to mitigate a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b256 node354 -node354 [ shape=none, color=black label=<
blake2b256
https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b256
rdfs:comment"blake2b algorithm with a digest size of 256 https://datatracker.ietf.org/doc/html/rfc7693#section-4"@en
> ] -# https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship node355 -node355 [ shape=none, color=black label=<
VexNotAffectedVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship
rdfs:comment"Links a vulnerability and one or more elements designating the latter as products -not affected by the vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Core/externalIdentifierType node356 -node356 [ shape=none, color=black label=<
externalIdentifierType
https://rdf.spdx.org/v3/Core/externalIdentifierType
rdfs:comment"Specifies the type of the external identifier."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/amendedBy node357 -node357 [ shape=none, color=black label=<
amendedBy
https://rdf.spdx.org/v3/Core/RelationshipType/amendedBy
rdfs:comment"The `from` Element is amended by each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/image node358 -node358 [ shape=none, color=black label=<
image
https://rdf.spdx.org/v3/Dataset/DatasetType/image
rdfs:comment"data is a collection of images such as pictures of animals."@en
> ] -# https://rdf.spdx.org/v3/AI/informationAboutApplication node359 -node359 [ shape=none, color=black label=<
informationAboutApplication
https://rdf.spdx.org/v3/AI/informationAboutApplication
rdfs:comment"Provides relevant information about the AI software, not including the model description."@en
> ] -# https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship node360 -node360 [ shape=none, color=black label=<
EpssVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship
rdfs:comment"Provides an EPSS assessment for a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Software/SbomType/build node361 -node361 [ shape=none, color=black label=<
build
https://rdf.spdx.org/v3/Software/SbomType/build
rdfs:comment"SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs."@en
> ] -# Na4c5259729e5488eb3da8d164b5dca2a node362 -node362 [ shape=none, color=black label=<
Na4c5259729e5488eb3da8d164b5dca2a
Na4c5259729e5488eb3da8d164b5dca2a
> ] -# https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression node363 -node363 [ shape=none, color=black label=<
LicenseExpression
https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression
rdfs:comment"An SPDX Element containing an SPDX license expression string."@en
> ] -# N5e5bccbddc744dc2a205673a82b6f7e7 node364 -node364 [ shape=none, color=black label=<
N5e5bccbddc744dc2a205673a82b6f7e7
N5e5bccbddc744dc2a205673a82b6f7e7
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasTest node365 -node365 [ shape=none, color=black label=<
hasTest
https://rdf.spdx.org/v3/Core/RelationshipType/hasTest
rdfs:comment"Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period"@en
> ] -# N91af0cee8e5c454bac7d042ed6f068f6 node366 -node366 [ shape=none, color=black label=<
N91af0cee8e5c454bac7d042ed6f068f6
N91af0cee8e5c454bac7d042ed6f068f6
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/contentType node367 -node367 [ shape=none, color=black label=<
contentType
https://rdf.spdx.org/v3/Software/contentType
rdfs:comment"Provides information about the content type of an Element."@en
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/usage node368 -node368 [ shape=none, color=black label=<
usage
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/usage
rdfs:comment"the element follows the Usage profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/metrics node369 -node369 [ shape=none, color=black label=<
metrics
https://rdf.spdx.org/v3/Core/ExternalRefType/metrics
rdfs:comment"A reference to metrics related to package such as OpenSSF scorecards."@en
> ] -# https://rdf.spdx.org/v3/Security/vectorString node370 -node370 [ shape=none, color=black label=<
vectorString
https://rdf.spdx.org/v3/Security/vectorString
rdfs:comment"Specifies the CVSS vector string for a vulnerability."@en
> ] -# N3d6e400ee17747d6a7c4d006b77cd2c6 node371 -node371 [ shape=none, color=black label=<
N3d6e400ee17747d6a7c4d006b77cd2c6
N3d6e400ee17747d6a7c4d006b77cd2c6
sh:maxCount"1"^^xsd:integer
> ] -# N179c3a204d764b7aa0c2a310c234d8e1 node372 -node372 [ shape=none, color=black label=<
N179c3a204d764b7aa0c2a310c234d8e1
N179c3a204d764b7aa0c2a310c234d8e1
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/snippetFromFile node373 -node373 [ shape=none, color=black label=<
snippetFromFile
https://rdf.spdx.org/v3/Software/snippetFromFile
rdfs:comment"Defines the original host file that the snippet information applies to."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate node374 -node374 [ shape=none, color=black label=<
standardLicenseTemplate
https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate
rdfs:comment"Identifies the full text of a License, in SPDX templating format."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/serializedInArtifact node375 -node375 [ shape=none, color=black label=<
serializedInArtifact
https://rdf.spdx.org/v3/Core/RelationshipType/serializedInArtifact
rdfs:comment"The `from` SPDXDocument can be found in a serialized form in each `to` Artifact"@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/graph node376 -node376 [ shape=none, color=black label=<
graph
https://rdf.spdx.org/v3/Dataset/DatasetType/graph
rdfs:comment"data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/model node377 -node377 [ shape=none, color=black label=<
model
https://rdf.spdx.org/v3/Software/SoftwarePurpose/model
rdfs:comment"the Element is a machine learning or artificial intelligence model"@en
> ] -# https://rdf.spdx.org/v3/Core/completeness node378 -node378 [ shape=none, color=black label=<
completeness
https://rdf.spdx.org/v3/Core/completeness
rdfs:comment"Provides information about the completeness of relationships."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/query node379 -node379 [ shape=none, color=black label=<
query
https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/query
rdfs:comment"the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset."@en
> ] -# https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/clear node380 -node380 [ shape=none, color=black label=<
clear
https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/clear
rdfs:comment"Dataset may be distributed freely, without restriction."@en
> ] -# Ncb7e85be40a5459180e5377ffb453bd1 node381 -node381 [ shape=none, color=black label=<
Ncb7e85be40a5459180e5377ffb453bd1
Ncb7e85be40a5459180e5377ffb453bd1
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Licensing/NoAssertion node382 -node382 [ shape=none, color=black label=<
NoAssertion
https://rdf.spdx.org/v3/Licensing/NoAssertion
> ] -# https://rdf.spdx.org/v3/Core/to node383 -node383 [ shape=none, color=black label=<
to
https://rdf.spdx.org/v3/Core/to
rdfs:comment"References an Element on the right-hand side of a relationship."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityDisclosureReport node384 -node384 [ shape=none, color=black label=<
vulnerabilityDisclosureReport
https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityDisclosureReport
rdfs:comment"A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161](https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final)."@en
> ] -# N97a004c4825742d98ea2307c4a9a0440 node385 -node385 [ shape=none, color=black label=<
N97a004c4825742d98ea2307c4a9a0440
N97a004c4825742d98ea2307c4a9a0440
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/impactStatement node386 -node386 [ shape=none, color=black label=<
impactStatement
https://rdf.spdx.org/v3/Security/impactStatement
rdfs:comment"Explains why a VEX product is not affected by a vulnerability. It is an -alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable -justification label."@en
> ] -# https://rdf.spdx.org/v3/Software/SbomType/analyzed node387 -node387 [ shape=none, color=black label=<
analyzed
https://rdf.spdx.org/v3/Software/SbomType/analyzed
rdfs:comment"SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a “3rd party” SBOM."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/framework node388 -node388 [ shape=none, color=black label=<
framework
https://rdf.spdx.org/v3/Software/SoftwarePurpose/framework
rdfs:comment"the Element is a software framework"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/fixedBy node389 -node389 [ shape=none, color=black label=<
fixedBy
https://rdf.spdx.org/v3/Core/RelationshipType/fixedBy
rdfs:comment"(Security) Designates a `from` Vulnerability has been fixed by the `to` Agent(s)"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/exploitCreatedBy node390 -node390 [ shape=none, color=black label=<
exploitCreatedBy
https://rdf.spdx.org/v3/Core/RelationshipType/exploitCreatedBy
rdfs:comment"(Security) The `from` Vulnerability has had an exploit created against it by each `to` Agent"@en
> ] -# Nf5e1671a26ee4b57b37ea736c79edb27 node391 -node391 [ shape=none, color=black label=<
Nf5e1671a26ee4b57b37ea736c79edb27
Nf5e1671a26ee4b57b37ea736c79edb27
sh:maxCount"1"^^xsd:integer
> ] -# N10ba1fbc839c40368383cf5a47143cbf node392 -node392 [ shape=none, color=black label=<
N10ba1fbc839c40368383cf5a47143cbf
N10ba1fbc839c40368383cf5a47143cbf
> ] -# https://rdf.spdx.org/v3/Core/name node393 -node393 [ shape=none, color=black label=<
name
https://rdf.spdx.org/v3/Core/name
rdfs:comment"Identifies the name of an Element as designated by the creator."@en
> ] -# N027a5c76c6724ce887f2193507502f33 node394 -node394 [ shape=none, color=black label=<
N027a5c76c6724ce887f2193507502f33
N027a5c76c6724ce887f2193507502f33
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasDeletedFile node395 -node395 [ shape=none, color=black label=<
hasDeletedFile
https://rdf.spdx.org/v3/Core/RelationshipType/hasDeletedFile
rdfs:comment"Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/other node396 -node396 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Core/ExternalRefType/other
rdfs:comment"Used when the type doesn't match any of the other options."@en
> ] -# N98acc89a36824e7387a667eecae2da38 node397 -node397 [ shape=none, color=black label=<
N98acc89a36824e7387a667eecae2da38
N98acc89a36824e7387a667eecae2da38
> ] -# https://rdf.spdx.org/v3/Core/extension node398 -node398 [ shape=none, color=black label=<
extension
https://rdf.spdx.org/v3/Core/extension
rdfs:comment"Specifies an Extension characterization of some aspect of an Element."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasConcludedLicense node399 -node399 [ shape=none, color=black label=<
hasConcludedLicense
https://rdf.spdx.org/v3/Core/RelationshipType/hasConcludedLicense
rdfs:comment"The `from` Software Artifact is concluded by the SPDX data creator to be governed by each `to` license"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasInputs node400 -node400 [ shape=none, color=black label=<
hasInputs
https://rdf.spdx.org/v3/Core/RelationshipType/hasInputs
rdfs:comment"The `from` Build has each `to` Elements as an input during a LifecycleScopeType period."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwareArtifact node401 -node401 [ shape=none, color=black label=<
SoftwareArtifact
https://rdf.spdx.org/v3/Software/SoftwareArtifact
rdfs:comment"A distinct article or unit related to Software."@en
> ] -# Nc720eced74ec4c9b92cfe5572689c168 node402 -node402 [ shape=none, color=black label=<
Nc720eced74ec4c9b92cfe5572689c168
Nc720eced74ec4c9b92cfe5572689c168
sh:maxCount"1"^^xsd:integer
> ] -# N6bbfee4c9cde450292243e208d60bd7a node403 -node403 [ shape=none, color=black label=<
N6bbfee4c9cde450292243e208d60bd7a
N6bbfee4c9cde450292243e208d60bd7a
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/value node404 -node404 [ shape=none, color=black label=<
value
https://rdf.spdx.org/v3/Core/value
rdfs:comment"A value used in a generic key-value pair."@en
> ] -# Na1a343297caa4d989bf61de00ee97d4f node405 -node405 [ shape=none, color=black label=<
Na1a343297caa4d989bf61de00ee97d4f
Na1a343297caa4d989bf61de00ee97d4f
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/created node406 -node406 [ shape=none, color=black label=<
created
https://rdf.spdx.org/v3/Core/created
rdfs:comment"Identifies when the Element was originally created."@en
> ] -# https://rdf.spdx.org/v3/Core/PresenceType/no node407 -node407 [ shape=none, color=black label=<
no
https://rdf.spdx.org/v3/Core/PresenceType/no
rdfs:comment"Indicates absence of the field."@en
> ] -# https://rdf.spdx.org/v3/Core/PresenceType node408 -node408 [ shape=none, color=black label=<
PresenceType
https://rdf.spdx.org/v3/Core/PresenceType
rdfs:comment"Categories of presence or absence."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swhid node409 -node409 [ shape=none, color=black label=<
swhid
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swhid
rdfs:comment"SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en
> ] -# https://rdf.spdx.org/v3/Software/SbomType/source node410 -node410 [ shape=none, color=black label=<
source
https://rdf.spdx.org/v3/Software/SbomType/source
rdfs:comment"SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact."@en
> ] -# https://rdf.spdx.org/v3/AI/sensitivePersonalInformation node411 -node411 [ shape=none, color=black label=<
sensitivePersonalInformation
https://rdf.spdx.org/v3/AI/sensitivePersonalInformation
rdfs:comment"Records if sensitive personal information is used during model training."@en
> ] -# N7f3c853844cf42b1bf25205c776eb858 node412 -node412 [ shape=none, color=black label=<
N7f3c853844cf42b1bf25205c776eb858
N7f3c853844cf42b1bf25205c776eb858
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense node413 -node413 [ shape=none, color=black label=<
CustomLicense
https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense
rdfs:comment"A license that is not listed on the SPDX License List."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/securityPenTestReport node414 -node414 [ shape=none, color=black label=<
securityPenTestReport
https://rdf.spdx.org/v3/Core/ExternalRefType/securityPenTestReport
rdfs:comment"A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package."@en
> ] -# https://rdf.spdx.org/v3/Security/locator node415 -node415 [ shape=none, color=black label=<
locator
https://rdf.spdx.org/v3/Security/locator
rdfs:comment"Provides the location of an exploit catalog."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/library node416 -node416 [ shape=none, color=black label=<
library
https://rdf.spdx.org/v3/Software/SoftwarePurpose/library
rdfs:comment"the Element is a software library"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/doesNotAffect node417 -node417 [ shape=none, color=black label=<
doesNotAffect
https://rdf.spdx.org/v3/Core/RelationshipType/doesNotAffect
rdfs:comment"(Security/VEX) The `from` Vulnerability has no impact on each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/expandsTo node418 -node418 [ shape=none, color=black label=<
expandsTo
https://rdf.spdx.org/v3/Core/RelationshipType/expandsTo
rdfs:comment"The `from` archive expands out as an artifact described by each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre node419 -node419 [ shape=none, color=black label=<
isFsfLibre
https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre
rdfs:comment"Specifies whether the License is listed as free by the -[Free Software Foundation (FSF)](https://fsf.org)."@en
> ] -# https://rdf.spdx.org/v3/Security/statusNotes node420 -node420 [ shape=none, color=black label=<
statusNotes
https://rdf.spdx.org/v3/Security/statusNotes
rdfs:comment"Conveys information about how VEX status was determined."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/diskImage node421 -node421 [ shape=none, color=black label=<
diskImage
https://rdf.spdx.org/v3/Software/SoftwarePurpose/diskImage
rdfs:comment"the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/noAssertion node422 -node422 [ shape=none, color=black label=<
noAssertion
https://rdf.spdx.org/v3/Dataset/DatasetType/noAssertion
rdfs:comment"data type is not known."@en
> ] -# https://rdf.spdx.org/v3/Security/VexJustificationType/componentNotPresent node423 -node423 [ shape=none, color=black label=<
componentNotPresent
https://rdf.spdx.org/v3/Security/VexJustificationType/componentNotPresent
rdfs:comment"The software is not affected because the vulnerable component is not in the product."@en
> ] -# N323a5d40362244dfb78b92114799babf node424 -node424 [ shape=none, color=black label=<
N323a5d40362244dfb78b92114799babf
N323a5d40362244dfb78b92114799babf
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/imports node425 -node425 [ shape=none, color=black label=<
imports
https://rdf.spdx.org/v3/Core/imports
rdfs:comment"Provides an ExternalMap of Element identifiers."@en
> ] -# https://rdf.spdx.org/v3/Core/issuingAuthority node426 -node426 [ shape=none, color=black label=<
issuingAuthority
https://rdf.spdx.org/v3/Core/issuingAuthority
rdfs:comment"An entity that is authorized to issue identification credentials."@en
> ] -# N15e141e6998d411c9e2bb4aa51265362 node427 -node427 [ shape=none, color=black label=<
N15e141e6998d411c9e2bb4aa51265362
N15e141e6998d411c9e2bb4aa51265362
> ] -# N81749d97876d424fb7d5b32579acbb3c node428 -node428 [ shape=none, color=black label=<
N81749d97876d424fb7d5b32579acbb3c
N81749d97876d424fb7d5b32579acbb3c
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/amber node429 -node429 [ shape=none, color=black label=<
amber
https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/amber
rdfs:comment"Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis."@en
> ] -# N2d4ba79e36724b879925834084ea980f node430 -node430 [ shape=none, color=black label=<
N2d4ba79e36724b879925834084ea980f
N2d4ba79e36724b879925834084ea980f
sh:maxCount"1"^^xsd:integer
> ] -# Nce91f1b1ac19471cb220ca98d14f4d91 node431 -node431 [ shape=none, color=black label=<
Nce91f1b1ac19471cb220ca98d14f4d91
Nce91f1b1ac19471cb220ca98d14f4d91
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet node432 -node432 [ shape=none, color=black label=<
ConjunctiveLicenseSet
https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet
rdfs:comment"Portion of an AnyLicenseInfo representing a set of licensing information -where all elements apply."@en
> ] -# N05d221eb39ba49aa9c6dbbb2e7dc97ce node433 -node433 [ shape=none, color=black label=<
N05d221eb39ba49aa9c6dbbb2e7dc97ce
N05d221eb39ba49aa9c6dbbb2e7dc97ce
> ] -# https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/high node434 -node434 [ shape=none, color=black label=<
high
https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/high
rdfs:comment"The second-highest level of risk posed by an AI software."@en
> ] -# https://rdf.spdx.org/v3/Core/contentType node435 -node435 [ shape=none, color=black label=<
contentType
https://rdf.spdx.org/v3/Core/contentType
rdfs:comment"Specifies the media type of an Element or Property."@en
> ] -# https://rdf.spdx.org/v3/Security/CvssSeverityType/critical node436 -node436 [ shape=none, color=black label=<
critical
https://rdf.spdx.org/v3/Security/CvssSeverityType/critical
rdfs:comment"When a CVSS score is between 9.0 - 10.0"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/foundBy node437 -node437 [ shape=none, color=black label=<
foundBy
https://rdf.spdx.org/v3/Core/RelationshipType/foundBy
rdfs:comment"(Security) Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)"@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense node438 -node438 [ shape=none, color=black label=<
ExtendableLicense
https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense
rdfs:comment"Abstract class representing a License or an OrLaterOperator."@en
> ] -# Na19aa242708749d0ae7da65d8c00e3c9 node439 -node439 [ shape=none, color=black label=<
Na19aa242708749d0ae7da65d8c00e3c9
Na19aa242708749d0ae7da65d8c00e3c9
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasMetadata node440 -node440 [ shape=none, color=black label=<
hasMetadata
https://rdf.spdx.org/v3/Core/RelationshipType/hasMetadata
rdfs:comment"Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)"@en
> ] -# https://rdf.spdx.org/v3/Security/CvssSeverityType/high node441 -node441 [ shape=none, color=black label=<
high
https://rdf.spdx.org/v3/Security/CvssSeverityType/high
rdfs:comment"When a CVSS score is between 7.0 - 8.9"@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/other node442 -node442 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Software/SoftwarePurpose/other
rdfs:comment"the Element doesn't fit into any of the other categories"@en
> ] -# Na954d20738584e61a102bf2ea7371082 node443 -node443 [ shape=none, color=black label=<
Na954d20738584e61a102bf2ea7371082
Na954d20738584e61a102bf2ea7371082
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasExample node444 -node444 [ shape=none, color=black label=<
hasExample
https://rdf.spdx.org/v3/Core/RelationshipType/hasExample
rdfs:comment"Every `to` Element is an example for the `from` Element (`from` hasExample `to`)"@en
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopeType/test node445 -node445 [ shape=none, color=black label=<
test
https://rdf.spdx.org/v3/Core/LifecycleScopeType/test
rdfs:comment"A relationship has specific context implications during an element's testing phase, during development."@en
> ] -# N81ca69493d7745eda98d7a77052f8d6b node446 -node446 [ shape=none, color=black label=<
N81ca69493d7745eda98d7a77052f8d6b
N81ca69493d7745eda98d7a77052f8d6b
> ] -# https://rdf.spdx.org/v3/Dataset/sensor node447 -node447 [ shape=none, color=black label=<
sensor
https://rdf.spdx.org/v3/Dataset/sensor
rdfs:comment"Describes a sensor used for collecting the data."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/scrapingScript node448 -node448 [ shape=none, color=black label=<
scrapingScript
https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/scrapingScript
rdfs:comment"the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data."@en
> ] -# https://rdf.spdx.org/v3/Core/SoftwareAgent node449 -node449 [ shape=none, color=black label=<
SoftwareAgent
https://rdf.spdx.org/v3/Core/SoftwareAgent
rdfs:comment"A software agent."@en
> ] -# N37c5589c90b740bc8061238702954aa0 node450 -node450 [ shape=none, color=black label=<
N37c5589c90b740bc8061238702954aa0
N37c5589c90b740bc8061238702954aa0
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha256 node451 -node451 [ shape=none, color=black label=<
sha256
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha256
rdfs:comment"secure hashing algorithm with a digest length of 256 https://www.rfc-editor.org/rfc/rfc4634"@en
> ] -# N8c21909af3a3410db2d3f7399071393d node452 -node452 [ shape=none, color=black label=<
N8c21909af3a3410db2d3f7399071393d
N8c21909af3a3410db2d3f7399071393d
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasOutputs node453 -node453 [ shape=none, color=black label=<
hasOutputs
https://rdf.spdx.org/v3/Core/RelationshipType/hasOutputs
rdfs:comment"The `from` Build element generates each `to` Element as an output during a LifecycleScopeType period."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/NoneLicense node454 -node454 [ shape=none, color=black label=<
NoneLicense
https://rdf.spdx.org/v3/ExpandedLicensing/NoneLicense
rdfs:comment"An Individual Value for License where the SPDX data creator determines that no license is present."@en
> ] -# N17963bdd9a38492abfdaf578e668dc7a node455 -node455 [ shape=none, color=black label=<
N17963bdd9a38492abfdaf578e668dc7a
N17963bdd9a38492abfdaf578e668dc7a
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/sourceArtifact node456 -node456 [ shape=none, color=black label=<
sourceArtifact
https://rdf.spdx.org/v3/Core/ExternalRefType/sourceArtifact
rdfs:comment"A reference to an artifact containing the sources for a package."@en
> ] -# Nb0b45fd1281e4be6afd9c05eac32b7c3 node457 -node457 [ shape=none, color=black label=<
Nb0b45fd1281e4be6afd9c05eac32b7c3
Nb0b45fd1281e4be6afd9c05eac32b7c3
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/npm node458 -node458 [ shape=none, color=black label=<
npm
https://rdf.spdx.org/v3/Core/ExternalRefType/npm
rdfs:comment"A reference to an npm package."@en
> ] -# https://rdf.spdx.org/v3/Security/ExploitCatalogType/other node459 -node459 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Security/ExploitCatalogType/other
rdfs:comment"Other exploit catalogs"@en
> ] -# https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship node460 -node460 [ shape=none, color=black label=<
CvssV3VulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship
rdfs:comment"Provides a CVSS version 3 assessment for a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdvisory node461 -node461 [ shape=none, color=black label=<
securityAdvisory
https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdvisory
rdfs:comment"A reference to a published security advisory (where advisory as defined per ISO 29147:2018) that may affect one or more elements, e.g., vendor advisories or specific NVD entries."@en
> ] -# https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri node462 -node462 [ shape=none, color=black label=<
customIdToUri
https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri
rdfs:comment"Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID."@en
> ] -# N5b2ac460289243c98eba6676cf237061 node463 -node463 [ shape=none, color=black label=<
N5b2ac460289243c98eba6676cf237061
N5b2ac460289243c98eba6676cf237061
sh:maxCount"1"^^xsd:integer
> ] -# N84d4d1ab73984695b1f3b382a3395d5f node464 -node464 [ shape=none, color=black label=<
N84d4d1ab73984695b1f3b382a3395d5f
N84d4d1ab73984695b1f3b382a3395d5f
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Dataset/intendedUse node465 -node465 [ shape=none, color=black label=<
intendedUse
https://rdf.spdx.org/v3/Dataset/intendedUse
rdfs:comment"Describes what the given dataset should be used for."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/invokedBy node466 -node466 [ shape=none, color=black label=<
invokedBy
https://rdf.spdx.org/v3/Core/RelationshipType/invokedBy
rdfs:comment"The `from` Element was invoked by the `to` Agent during a LifecycleScopeType period (for example, a Build element that describes a build step)"@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/dependsOn node467 -node467 [ shape=none, color=black label=<
dependsOn
https://rdf.spdx.org/v3/Core/RelationshipType/dependsOn
rdfs:comment"The `from` Element depends on each `to` Element during a LifecycleScopeType period."@en
> ] -# N68dd7e8ead344189bff69f8bc0812127 node468 -node468 [ shape=none, color=black label=<
N68dd7e8ead344189bff69f8bc0812127
N68dd7e8ead344189bff69f8bc0812127
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet node469 -node469 [ shape=none, color=black label=<
DisjunctiveLicenseSet
https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet
rdfs:comment"Portion of an AnyLicenseInfo representing a set of licensing information -where only any one of the elements applies."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasAssociatedVulnerability node470 -node470 [ shape=none, color=black label=<
hasAssociatedVulnerability
https://rdf.spdx.org/v3/Core/RelationshipType/hasAssociatedVulnerability
rdfs:comment"(Security) Used to associate a `from` Artifact with each `to` Vulnerability"@en
> ] -# N274f9c25c0554b978411726f2e6026ae node471 -node471 [ shape=none, color=black label=<
N274f9c25c0554b978411726f2e6026ae
N274f9c25c0554b978411726f2e6026ae
> ] -# https://rdf.spdx.org/v3/Core/verifiedUsing node472 -node472 [ shape=none, color=black label=<
verifiedUsing
https://rdf.spdx.org/v3/Core/verifiedUsing
rdfs:comment"Provides an IntegrityMethod with which the integrity of an Element can be asserted."@en
> ] -# N8353a660ff4948e6b592147ab8188f34 node473 -node473 [ shape=none, color=black label=<
N8353a660ff4948e6b592147ab8188f34
N8353a660ff4948e6b592147ab8188f34
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/dataLicense node474 -node474 [ shape=none, color=black label=<
dataLicense
https://rdf.spdx.org/v3/Core/dataLicense
rdfs:comment"Provides the license under which the SPDX documentation of the Element can be used."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/copiedTo node475 -node475 [ shape=none, color=black label=<
copiedTo
https://rdf.spdx.org/v3/Core/RelationshipType/copiedTo
rdfs:comment"The `from` Element has been copied to each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/blake3 node476 -node476 [ shape=none, color=black label=<
blake3
https://rdf.spdx.org/v3/Core/HashAlgorithm/blake3
rdfs:comment"https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf"@en
> ] -# N0195563483ff4fa8a3c182412cda1e6d node477 -node477 [ shape=none, color=black label=<
N0195563483ff4fa8a3c182412cda1e6d
N0195563483ff4fa8a3c182412cda1e6d
> ] -# https://rdf.spdx.org/v3/Build/environment node478 -node478 [ shape=none, color=black label=<
environment
https://rdf.spdx.org/v3/Build/environment
rdfs:comment"Property describing the session in which a build is invoked."@en
> ] -# https://rdf.spdx.org/v3/Security/percentile node479 -node479 [ shape=none, color=black label=<
percentile
https://rdf.spdx.org/v3/Security/percentile
rdfs:comment"The percentile of the current probability score."@en
> ] -# Ncabe0ec0cd1d46e1baea1aeec4988e92 node480 -node480 [ shape=none, color=black label=<
Ncabe0ec0cd1d46e1baea1aeec4988e92
Ncabe0ec0cd1d46e1baea1aeec4988e92
sh:maxCount"2"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/lineRange node481 -node481 [ shape=none, color=black label=<
lineRange
https://rdf.spdx.org/v3/Software/lineRange
rdfs:comment"Defines the line range in the original host file that the snippet information applies to."@en
> ] -# https://rdf.spdx.org/v3/Core/algorithm node482 -node482 [ shape=none, color=black label=<
algorithm
https://rdf.spdx.org/v3/Core/algorithm
rdfs:comment"Specifies the algorithm used for calculating the hash value."@en
> ] -# N83d60709fbf44c2686109d44693b9292 node483 -node483 [ shape=none, color=black label=<
N83d60709fbf44c2686109d44693b9292
N83d60709fbf44c2686109d44693b9292
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasDocumentation node484 -node484 [ shape=none, color=black label=<
hasDocumentation
https://rdf.spdx.org/v3/Core/RelationshipType/hasDocumentation
rdfs:comment"The `from` Element is documented by each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopeType/development node485 -node485 [ shape=none, color=black label=<
development
https://rdf.spdx.org/v3/Core/LifecycleScopeType/development
rdfs:comment"A relationship has specific context implications during development phase of an element."@en
> ] -# N7a44f228ba984530a05e4b99db63ff7d node486 -node486 [ shape=none, color=black label=<
N7a44f228ba984530a05e4b99db63ff7d
N7a44f228ba984530a05e4b99db63ff7d
> ] -# https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/medium node487 -node487 [ shape=none, color=black label=<
medium
https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/medium
rdfs:comment"The third-highest level of risk posed by an AI software."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_256 node488 -node488 [ shape=none, color=black label=<
sha3_256
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_256
rdfs:comment"sha3 with a digest length of 256 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/audio node489 -node489 [ shape=none, color=black label=<
audio
https://rdf.spdx.org/v3/Dataset/DatasetType/audio
rdfs:comment"data is audio based, such as a collection of music from the 80s."@en
> ] -# https://rdf.spdx.org/v3/Core/key node490 -node490 [ shape=none, color=black label=<
key
https://rdf.spdx.org/v3/Core/key
rdfs:comment"A key used in a generic key-value pair."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/availableFrom node491 -node491 [ shape=none, color=black label=<
availableFrom
https://rdf.spdx.org/v3/Core/RelationshipType/availableFrom
rdfs:comment"The `from` Element is available from the additional supplier described by each `to` Element"@en
> ] -# N7ccf4c324f814fdfad3692b9aa733f57 node492 -node492 [ shape=none, color=black label=<
N7ccf4c324f814fdfad3692b9aa733f57
N7ccf4c324f814fdfad3692b9aa733f57
> ] -# Ncdf5c30ebcdb40558f8558fe6e6c11e7 node493 -node493 [ shape=none, color=black label=<
Ncdf5c30ebcdb40558f8558fe6e6c11e7
Ncdf5c30ebcdb40558f8558fe6e6c11e7
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/registration node494 -node494 [ shape=none, color=black label=<
registration
https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/registration
rdfs:comment"the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms."@en
> ] -# https://rdf.spdx.org/v3/Security/catalogType node495 -node495 [ shape=none, color=black label=<
catalogType
https://rdf.spdx.org/v3/Security/catalogType
rdfs:comment"Specifies the exploit catalog type."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/delegatedTo node496 -node496 [ shape=none, color=black label=<
delegatedTo
https://rdf.spdx.org/v3/Core/RelationshipType/delegatedTo
rdfs:comment"The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)"@en
> ] -# https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression node497 -node497 [ shape=none, color=black label=<
licenseExpression
https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression
rdfs:comment"A string in the license expression format."@en
> ] -# N2b5e3bf9758b43f6962c6866370fae7b node498 -node498 [ shape=none, color=black label=<
N2b5e3bf9758b43f6962c6866370fae7b
N2b5e3bf9758b43f6962c6866370fae7b
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasDynamicLink node499 -node499 [ shape=none, color=black label=<
hasDynamicLink
https://rdf.spdx.org/v3/Core/RelationshipType/hasDynamicLink
rdfs:comment"The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/usesTool node500 -node500 [ shape=none, color=black label=<
usesTool
https://rdf.spdx.org/v3/Core/RelationshipType/usesTool
rdfs:comment"The `from` Element uses each `to` Element as a tool during a LifecycleScopeType period."@en
> ] -# https://rdf.spdx.org/v3/Core/Hash node501 -node501 [ shape=none, color=black label=<
Hash
https://rdf.spdx.org/v3/Core/Hash
rdfs:comment"A mathematically calculated representation of a grouping of data."@en
> ] -# https://rdf.spdx.org/v3/Dataset/confidentialityLevel node502 -node502 [ shape=none, color=black label=<
confidentialityLevel
https://rdf.spdx.org/v3/Dataset/confidentialityLevel
rdfs:comment"Describes the confidentiality level of the data points contained in the dataset."@en
> ] -# N101f47d2807c4dbd816c95da85edcfca node503 -node503 [ shape=none, color=black label=<
N101f47d2807c4dbd816c95da85edcfca
N101f47d2807c4dbd816c95da85edcfca
sh:minCount"1"^^xsd:integer
> ] -# N3686f0b107cf449bb51f09f05bedd67f node504 -node504 [ shape=none, color=black label=<
N3686f0b107cf449bb51f09f05bedd67f
N3686f0b107cf449bb51f09f05bedd67f
> ] -# https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/red node505 -node505 [ shape=none, color=black label=<
red
https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/red
rdfs:comment"Data points in the dataset are highly confidential and can only be shared with named recipients."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/bower node506 -node506 [ shape=none, color=black label=<
bower
https://rdf.spdx.org/v3/Core/ExternalRefType/bower
rdfs:comment"A reference to a bower package."@en
> ] -# https://rdf.spdx.org/v3/AI/domain node507 -node507 [ shape=none, color=black label=<
domain
https://rdf.spdx.org/v3/AI/domain
rdfs:comment"Captures the domain in which the AI package can be used."@en
> ] -# https://rdf.spdx.org/v3/AI/standardCompliance node508 -node508 [ shape=none, color=black label=<
standardCompliance
https://rdf.spdx.org/v3/AI/standardCompliance
rdfs:comment"Captures a standard that is being complied with."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasEvidence node509 -node509 [ shape=none, color=black label=<
hasEvidence
https://rdf.spdx.org/v3/Core/RelationshipType/hasEvidence
rdfs:comment"(Dataset) Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/exportControlAssessment node510 -node510 [ shape=none, color=black label=<
exportControlAssessment
https://rdf.spdx.org/v3/Core/ExternalRefType/exportControlAssessment
rdfs:comment"A reference to a export control assessment for a package."@en
> ] -# N7c05301c424c45ef875b83d2f1630e8f node511 -node511 [ shape=none, color=black label=<
N7c05301c424c45ef875b83d2f1630e8f
N7c05301c424c45ef875b83d2f1630e8f
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/externalIdentifier node512 -node512 [ shape=none, color=black label=<
externalIdentifier
https://rdf.spdx.org/v3/Core/externalIdentifier
rdfs:comment"Provides a reference to a resource outside the scope of SPDX-3.0 content -that uniquely identifies an Element."@en
> ] -# https://rdf.spdx.org/v3/Core/SupportType/development node513 -node513 [ shape=none, color=black label=<
development
https://rdf.spdx.org/v3/Core/SupportType/development
rdfs:comment"the artifact is in active development and is not considered ready for formal support from the supplier."@en
> ] -# N79417aba9cc340d498584748cd0d92ff node514 -node514 [ shape=none, color=black label=<
N79417aba9cc340d498584748cd0d92ff
N79417aba9cc340d498584748cd0d92ff
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship node515 -node515 [ shape=none, color=black label=<
VexUnderInvestigationVulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship
rdfs:comment"Designates elements as products where the impact of a vulnerability is being -investigated."@en
> ] -# N82580a72b0e641a8b8cd9f1b2ec4a0a2 node516 -node516 [ shape=none, color=black label=<
N82580a72b0e641a8b8cd9f1b2ec4a0a2
N82580a72b0e641a8b8cd9f1b2ec4a0a2
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/describes node517 -node517 [ shape=none, color=black label=<
describes
https://rdf.spdx.org/v3/Core/RelationshipType/describes
rdfs:comment"The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used."@en
> ] -# Nd8aff92c6c2f4b34955fdc6b7511b5a2 node518 -node518 [ shape=none, color=black label=<
Nd8aff92c6c2f4b34955fdc6b7511b5a2
Nd8aff92c6c2f4b34955fdc6b7511b5a2
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/buildMeta node519 -node519 [ shape=none, color=black label=<
buildMeta
https://rdf.spdx.org/v3/Core/ExternalRefType/buildMeta
rdfs:comment"A reference build metadata related to a published package."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/fixedIn node520 -node520 [ shape=none, color=black label=<
fixedIn
https://rdf.spdx.org/v3/Core/RelationshipType/fixedIn
rdfs:comment"(Security/VEX) A `from` Vulnerability has been fixed in each of the `to` Element(s)"@en
> ] -# https://rdf.spdx.org/v3/Security/CvssSeverityType/low node521 -node521 [ shape=none, color=black label=<
low
https://rdf.spdx.org/v3/Security/CvssSeverityType/low
rdfs:comment"When a CVSS score is between 0 - 3.9"@en
> ] -# https://rdf.spdx.org/v3/Security/SsvcDecisionType/track node522 -node522 [ shape=none, color=black label=<
track
https://rdf.spdx.org/v3/Security/SsvcDecisionType/track
rdfs:comment"The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."@en
> ] -# Nec7590cfce884952a66ab5698d7bccf6 node523 -node523 [ shape=none, color=black label=<
Nec7590cfce884952a66ab5698d7bccf6
Nec7590cfce884952a66ab5698d7bccf6
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion node524 -node524 [ shape=none, color=black label=<
deprecatedVersion
https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion
rdfs:comment"Specifies the SPDX License List version in which this license or exception -identifier was deprecated."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha1 node525 -node525 [ shape=none, color=black label=<
sha1
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha1
rdfs:comment"https://datatracker.ietf.org/doc/html/rfc3174"@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsDilithium node526 -node526 [ shape=none, color=black label=<
crystalsDilithium
https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsDilithium
rdfs:comment"https://pq-crystals.org/dilithium/index.shtml"@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/patch node527 -node527 [ shape=none, color=black label=<
patch
https://rdf.spdx.org/v3/Software/SoftwarePurpose/patch
rdfs:comment"Element contains a set of changes to update, fix, or improve another Element"@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha224 node528 -node528 [ shape=none, color=black label=<
sha224
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha224
rdfs:comment"secure hashing algorithm with a digest length of 224 https://datatracker.ietf.org/doc/html/draft-ietf-pkix-sha224-01"@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/md4 node529 -node529 [ shape=none, color=black label=<
md4
https://rdf.spdx.org/v3/Core/HashAlgorithm/md4
rdfs:comment"https://datatracker.ietf.org/doc/html/rfc1186"@en
> ] -# https://rdf.spdx.org/v3/Core/spdxId node530 -node530 [ shape=none, color=black label=<
spdxId
https://rdf.spdx.org/v3/Core/spdxId
rdfs:comment"Identifies an Element to be referenced by other Elements."@en
> ] -# N2867026fddee41f7aee04604bad4c5ca node531 -node531 [ shape=none, color=black label=<
N2867026fddee41f7aee04604bad4c5ca
N2867026fddee41f7aee04604bad4c5ca
sh:maxCount"1"^^xsd:integer
> ] -# N66ce5965b9ab4d1195561485951fc9d7 node532 -node532 [ shape=none, color=black label=<
N66ce5965b9ab4d1195561485951fc9d7
N66ce5965b9ab4d1195561485951fc9d7
sh:maxCount"1"^^xsd:integer
> ] -# Na1219d2003f1475c9c2466ec5b88f306 node533 -node533 [ shape=none, color=black label=<
Na1219d2003f1475c9c2466ec5b88f306
Na1219d2003f1475c9c2466ec5b88f306
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/CvssSeverityType node534 -node534 [ shape=none, color=black label=<
CvssSeverityType
https://rdf.spdx.org/v3/Security/CvssSeverityType
rdfs:comment"Specifies the CVSS base, temporal, threat, or environmental severity type."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/qualityAssessmentReport node535 -node535 [ shape=none, color=black label=<
qualityAssessmentReport
https://rdf.spdx.org/v3/Core/ExternalRefType/qualityAssessmentReport
rdfs:comment"A reference to a quality assessment for a package."@en
> ] -# https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotPresent node536 -node536 [ shape=none, color=black label=<
vulnerableCodeNotPresent
https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotPresent
rdfs:comment"The product is not affected because the code underlying the vulnerability is not present in the product."@en
> ] -# N6625837397e5418c8bea2695d9e02bd0 node537 -node537 [ shape=none, color=black label=<
N6625837397e5418c8bea2695d9e02bd0
N6625837397e5418c8bea2695d9e02bd0
> ] -# https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile node538 -node538 [ shape=none, color=black label=<
packageVerificationCodeExcludedFile
https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile
rdfs:comment"The relative file name of a file to be excluded from the `PackageVerificationCode`."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/altWebPage node539 -node539 [ shape=none, color=black label=<
altWebPage
https://rdf.spdx.org/v3/Core/ExternalRefType/altWebPage
rdfs:comment"A reference to an alternative web page."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/coordinatedBy node540 -node540 [ shape=none, color=black label=<
coordinatedBy
https://rdf.spdx.org/v3/Core/RelationshipType/coordinatedBy
rdfs:comment"(Security) The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/buildSystem node541 -node541 [ shape=none, color=black label=<
buildSystem
https://rdf.spdx.org/v3/Core/ExternalRefType/buildSystem
rdfs:comment"A reference build system used to create or publish the package."@en
> ] -# N68f515641b5f4004a3d9f27c732502c1 node542 -node542 [ shape=none, color=black label=<
N68f515641b5f4004a3d9f27c732502c1
N68f515641b5f4004a3d9f27c732502c1
sh:maxCount"1"^^xsd:integer
> ] -# N5149c94b0d744d4b86a19246955eb8f3 node543 -node543 [ shape=none, color=black label=<
N5149c94b0d744d4b86a19246955eb8f3
N5149c94b0d744d4b86a19246955eb8f3
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/identifier node544 -node544 [ shape=none, color=black label=<
identifier
https://rdf.spdx.org/v3/Core/identifier
rdfs:comment"Uniquely identifies an external element."@en
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopedRelationship node545 -node545 [ shape=none, color=black label=<
LifecycleScopedRelationship
https://rdf.spdx.org/v3/Core/LifecycleScopedRelationship
rdfs:comment"Provide context for a relationship that occurs in the software lifecycle."@en
> ] -# https://rdf.spdx.org/v3/Security/justificationType node546 -node546 [ shape=none, color=black label=<
justificationType
https://rdf.spdx.org/v3/Security/justificationType
rdfs:comment"Impact justification label to be used when linking a vulnerability to an element -representing a VEX product with a VexNotAffectedVulnAssessmentRelationship -relationship."@en
> ] -# N9222475d1add4d0eb31489d0175ebea7 node547 -node547 [ shape=none, color=black label=<
N9222475d1add4d0eb31489d0175ebea7
N9222475d1add4d0eb31489d0175ebea7
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/numeric node548 -node548 [ shape=none, color=black label=<
numeric
https://rdf.spdx.org/v3/Dataset/DatasetType/numeric
rdfs:comment"data consists only of numeric entries."@en
> ] -# https://rdf.spdx.org/v3/Security/impactStatementTime node549 -node549 [ shape=none, color=black label=<
impactStatementTime
https://rdf.spdx.org/v3/Security/impactStatementTime
rdfs:comment"Timestamp of impact statement."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/publishedBy node550 -node550 [ shape=none, color=black label=<
publishedBy
https://rdf.spdx.org/v3/Core/RelationshipType/publishedBy
rdfs:comment"(Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent"@en
> ] -# Nd36813d93d7c460cbbfff8b731665b22 node551 -node551 [ shape=none, color=black label=<
Nd36813d93d7c460cbbfff8b731665b22
Nd36813d93d7c460cbbfff8b731665b22
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/Bom node552 -node552 [ shape=none, color=black label=<
Bom
https://rdf.spdx.org/v3/Core/Bom
rdfs:comment"A container for a grouping of SPDX-3.0 content characterizing details -(provenence, composition, licensing, etc.) about a product."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/filesystemImage node553 -node553 [ shape=none, color=black label=<
filesystemImage
https://rdf.spdx.org/v3/Software/SoftwarePurpose/filesystemImage
rdfs:comment"the Element is a file system image that can be written to a disk (or virtual) partition"@en
> ] -# https://rdf.spdx.org/v3/Core/subject node554 -node554 [ shape=none, color=black label=<
subject
https://rdf.spdx.org/v3/Core/subject
rdfs:comment"An Element an annotator has made an assertion about."@en
> ] -# N1c152c85ecde447fbe2a9ca5918dab30 node555 -node555 [ shape=none, color=black label=<
N1c152c85ecde447fbe2a9ca5918dab30
N1c152c85ecde447fbe2a9ca5918dab30
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# N6824ec92e1c7432daba79ba2ca95feec node556 -node556 [ shape=none, color=black label=<
N6824ec92e1c7432daba79ba2ca95feec
N6824ec92e1c7432daba79ba2ca95feec
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/gitoid node557 -node557 [ shape=none, color=black label=<
gitoid
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/gitoid
rdfs:comment"https://www.iana.org/assignments/uri-schemes/prov/gitoid Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document); this ambiguity exists because the OmniBOR Document is itself an artifact, and the gitoid of that artifact is its valid identifier. Omnibor is a minimalistic schema to describe software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-dependency-graph-adg). Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's ContentIdentifier property. Gitoids calculated on the OmniBOR Document (OmniBOR Identifiers) should be recorded in the SPDX 3.0 Element's ExternalIdentifier property."@en
> ] -# https://rdf.spdx.org/v3/Core/AnnotationType node558 -node558 [ shape=none, color=black label=<
AnnotationType
https://rdf.spdx.org/v3/Core/AnnotationType
rdfs:comment"Specifies the type of an annotation."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/documentation node559 -node559 [ shape=none, color=black label=<
documentation
https://rdf.spdx.org/v3/Core/ExternalRefType/documentation
rdfs:comment"A reference to the documentation for a package."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/md2 node560 -node560 [ shape=none, color=black label=<
md2
https://rdf.spdx.org/v3/Core/HashAlgorithm/md2
rdfs:comment"https://datatracker.ietf.org/doc/rfc1319/"@en
> ] -# https://rdf.spdx.org/v3/Core/originatedBy node561 -node561 [ shape=none, color=black label=<
originatedBy
https://rdf.spdx.org/v3/Core/originatedBy
rdfs:comment"Identifies from where or whom the Element originally came."@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/falcon node562 -node562 [ shape=none, color=black label=<
falcon
https://rdf.spdx.org/v3/Core/HashAlgorithm/falcon
rdfs:comment"https://falcon-sign.info/falcon.pdf"@en
> ] -# Ne878faeb82064696a3d61720b3d4e598 node563 -node563 [ shape=none, color=black label=<
Ne878faeb82064696a3d61720b3d4e598
Ne878faeb82064696a3d61720b3d4e598
> ] -# N5f73c2b65457408b970d85f1294a0519 node564 -node564 [ shape=none, color=black label=<
N5f73c2b65457408b970d85f1294a0519
N5f73c2b65457408b970d85f1294a0519
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# N7a7377b732ea49798193cf1cf67cd775 node565 -node565 [ shape=none, color=black label=<
N7a7377b732ea49798193cf1cf67cd775
N7a7377b732ea49798193cf1cf67cd775
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# N647b956ea3fa4342bbe7a67bf7ab14c8 node566 -node566 [ shape=none, color=black label=<
N647b956ea3fa4342bbe7a67bf7ab14c8
N647b956ea3fa4342bbe7a67bf7ab14c8
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/timestamp node567 -node567 [ shape=none, color=black label=<
timestamp
https://rdf.spdx.org/v3/Dataset/DatasetType/timestamp
rdfs:comment"data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends."@en
> ] -# N19f36ea2af9c479a84ec923d6ce052f5 node568 -node568 [ shape=none, color=black label=<
N19f36ea2af9c479a84ec923d6ce052f5
N19f36ea2af9c479a84ec923d6ce052f5
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/operatingSystem node569 -node569 [ shape=none, color=black label=<
operatingSystem
https://rdf.spdx.org/v3/Software/SoftwarePurpose/operatingSystem
rdfs:comment"the Element is an operating system"@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/member node570 -node570 [ shape=none, color=black label=<
member
https://rdf.spdx.org/v3/ExpandedLicensing/member
rdfs:comment"A license expression participating in a license set."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/dynamicAnalysisReport node571 -node571 [ shape=none, color=black label=<
dynamicAnalysisReport
https://rdf.spdx.org/v3/Core/ExternalRefType/dynamicAnalysisReport
rdfs:comment"A reference to a dynamic analysis report for a package."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/mavenCentral node572 -node572 [ shape=none, color=black label=<
mavenCentral
https://rdf.spdx.org/v3/Core/ExternalRefType/mavenCentral
rdfs:comment"A reference to a maven repository artifact."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalComponent node573 -node573 [ shape=none, color=black label=<
hasOptionalComponent
https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalComponent
rdfs:comment"Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent` `to`)"@en
> ] -# Ncea58645a9524f35b26a1578ccf2964e node574 -node574 [ shape=none, color=black label=<
Ncea58645a9524f35b26a1578ccf2964e
Ncea58645a9524f35b26a1578ccf2964e
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/SupportType/noAssertion node575 -node575 [ shape=none, color=black label=<
noAssertion
https://rdf.spdx.org/v3/Core/SupportType/noAssertion
rdfs:comment"no assertion about the type of support is made. This is considered the default if no other support type is used."@en
> ] -# https://rdf.spdx.org/v3/Software/SbomType/design node576 -node576 [ shape=none, color=black label=<
design
https://rdf.spdx.org/v3/Software/SbomType/design
rdfs:comment"SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact."@en
> ] -# N63de3945d9bd4cb2a1af0c7c82f3b853 node577 -node577 [ shape=none, color=black label=<
N63de3945d9bd4cb2a1af0c7c82f3b853
N63de3945d9bd4cb2a1af0c7c82f3b853
sh:maxCount"1"^^xsd:integer
> ] -# N41662b4dfe494ee5898cb68ee9108f9d node578 -node578 [ shape=none, color=black label=<
N41662b4dfe494ee5898cb68ee9108f9d
N41662b4dfe494ee5898cb68ee9108f9d
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/locationHint node579 -node579 [ shape=none, color=black label=<
locationHint
https://rdf.spdx.org/v3/Core/locationHint
rdfs:comment"Provides an indication of where to retrieve an external Element."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/descendantOf node580 -node580 [ shape=none, color=black label=<
descendantOf
https://rdf.spdx.org/v3/Core/RelationshipType/descendantOf
rdfs:comment"The `from` Element is a descendant of each `to` Element"@en
> ] -# Nf8ea93dda52f42369dbd5892660009f1 node581 -node581 [ shape=none, color=black label=<
Nf8ea93dda52f42369dbd5892660009f1
Nf8ea93dda52f42369dbd5892660009f1
sh:maxCount"1"^^xsd:integer
> ] -# N990081d59bfb4c0fa1a42d929716598e node582 -node582 [ shape=none, color=black label=<
N990081d59bfb4c0fa1a42d929716598e
N990081d59bfb4c0fa1a42d929716598e
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/LifecycleScopeType/runtime node583 -node583 [ shape=none, color=black label=<
runtime
https://rdf.spdx.org/v3/Core/LifecycleScopeType/runtime
rdfs:comment"A relationship has specific context implications during the execution phase of an element."@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/documentation node584 -node584 [ shape=none, color=black label=<
documentation
https://rdf.spdx.org/v3/Software/SoftwarePurpose/documentation
rdfs:comment"Element is documentation"@en
> ] -# https://rdf.spdx.org/v3/Core/SupportType/support node585 -node585 [ shape=none, color=black label=<
support
https://rdf.spdx.org/v3/Core/SupportType/support
rdfs:comment"the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/other node586 -node586 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Dataset/DatasetType/other
rdfs:comment"data is of a type not included in this list."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/patchedBy node587 -node587 [ shape=none, color=black label=<
patchedBy
https://rdf.spdx.org/v3/Core/RelationshipType/patchedBy
rdfs:comment"Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)"@en
> ] -# Nf029167312c34dbc96cf1ea2e726523f node588 -node588 [ shape=none, color=black label=<
Nf029167312c34dbc96cf1ea2e726523f
Nf029167312c34dbc96cf1ea2e726523f
sh:maxCount"1"^^xsd:integer
> ] -# Nac954acdb3054956a3910ca8ffa2d127 node589 -node589 [ shape=none, color=black label=<
Nac954acdb3054956a3910ca8ffa2d127
Nac954acdb3054956a3910ca8ffa2d127
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/builtTime node590 -node590 [ shape=none, color=black label=<
builtTime
https://rdf.spdx.org/v3/Core/builtTime
rdfs:comment"Specifies the time an artifact was built."@en
> ] -# https://rdf.spdx.org/v3/Dataset/datasetSize node591 -node591 [ shape=none, color=black label=<
datasetSize
https://rdf.spdx.org/v3/Dataset/datasetSize
rdfs:comment"Captures the size of the dataset."@en
> ] -# N8f8a020e5ca640f0b81d7dae97b306ad node592 -node592 [ shape=none, color=black label=<
N8f8a020e5ca640f0b81d7dae97b306ad
N8f8a020e5ca640f0b81d7dae97b306ad
sh:maxCount"1"^^xsd:integer
> ] -# N57a40b7b3da1448b894b922ed6042e5d node593 -node593 [ shape=none, color=black label=<
N57a40b7b3da1448b894b922ed6042e5d
N57a40b7b3da1448b894b922ed6042e5d
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# N019b3a1f8f7d43b2a1ad4ea683af13ae node594 -node594 [ shape=none, color=black label=<
N019b3a1f8f7d43b2a1ad4ea683af13ae
N019b3a1f8f7d43b2a1ad4ea683af13ae
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/AI/energyConsumption node595 -node595 [ shape=none, color=black label=<
energyConsumption
https://rdf.spdx.org/v3/AI/energyConsumption
rdfs:comment"Indicates the amount of energy consumed to build the AI package."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/other node596 -node596 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Core/RelationshipType/other
rdfs:comment"Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless)"@en
> ] -# N2ecf8b40622a4b8bbfa5d3615a53d8e5 node597 -node597 [ shape=none, color=black label=<
N2ecf8b40622a4b8bbfa5d3615a53d8e5
N2ecf8b40622a4b8bbfa5d3615a53d8e5
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/PresenceType/noAssertion node598 -node598 [ shape=none, color=black label=<
noAssertion
https://rdf.spdx.org/v3/Core/PresenceType/noAssertion
rdfs:comment"Makes no assertion about the field."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/secureSoftwareAttestation node599 -node599 [ shape=none, color=black label=<
secureSoftwareAttestation
https://rdf.spdx.org/v3/Core/ExternalRefType/secureSoftwareAttestation
rdfs:comment"A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF)](https://csrc.nist.gov/publications/detail/sp/800-218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf)."@en
> ] -# N8e49e1d6b5b5427e85b104e6a6434e01 node600 -node600 [ shape=none, color=black label=<
N8e49e1d6b5b5427e85b104e6a6434e01
N8e49e1d6b5b5427e85b104e6a6434e01
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# Nd2b279dcc246498fac413db7512ac8c2 node601 -node601 [ shape=none, color=black label=<
Nd2b279dcc246498fac413db7512ac8c2
Nd2b279dcc246498fac413db7512ac8c2
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe22 node602 -node602 [ shape=none, color=black label=<
cpe22
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe22
rdfs:comment"https://cpe.mitre.org/files/cpe-specification_2.2.pdf"@en
> ] -# https://rdf.spdx.org/v3/Security/assessedElement node603 -node603 [ shape=none, color=black label=<
assessedElement
https://rdf.spdx.org/v3/Security/assessedElement
rdfs:comment"Specifies an element contained in a piece of software where a vulnerability was -found."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/purchaseOrder node604 -node604 [ shape=none, color=black label=<
purchaseOrder
https://rdf.spdx.org/v3/Core/ExternalRefType/purchaseOrder
rdfs:comment"A reference to a purchase order for a package."@en
> ] -# N52386f5989c94a42b3a60d496d682c35 node605 -node605 [ shape=none, color=black label=<
N52386f5989c94a42b3a60d496d682c35
N52386f5989c94a42b3a60d496d682c35
> ] -# N995fdab5ba2b45a1b4062aad92707ab7 node606 -node606 [ shape=none, color=black label=<
N995fdab5ba2b45a1b4062aad92707ab7
N995fdab5ba2b45a1b4062aad92707ab7
> ] -# Nfcaa91df1ebe410cb2e88a008802c2cb node607 -node607 [ shape=none, color=black label=<
Nfcaa91df1ebe410cb2e88a008802c2cb
Nfcaa91df1ebe410cb2e88a008802c2cb
sh:maxCount"1"^^xsd:integer
> ] -# N31cd0fd5fa4f4162a726f3edb44b356e node608 -node608 [ shape=none, color=black label=<
N31cd0fd5fa4f4162a726f3edb44b356e
N31cd0fd5fa4f4162a726f3edb44b356e
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/externalRefType node609 -node609 [ shape=none, color=black label=<
externalRefType
https://rdf.spdx.org/v3/Core/externalRefType
rdfs:comment"Specifies the type of the external reference."@en
> ] -# N427073e6cce14d7c9ec022005a79e48d node610 -node610 [ shape=none, color=black label=<
N427073e6cce14d7c9ec022005a79e48d
N427073e6cce14d7c9ec022005a79e48d
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/device node611 -node611 [ shape=none, color=black label=<
device
https://rdf.spdx.org/v3/Software/SoftwarePurpose/device
rdfs:comment"the Element refers to a chipset, processor, or electronic board"@en
> ] -# N9295b1fffdae42eabd1b9a8583e2b7e5 node612 -node612 [ shape=none, color=black label=<
N9295b1fffdae42eabd1b9a8583e2b7e5
N9295b1fffdae42eabd1b9a8583e2b7e5
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Dataset/knownBias node613 -node613 [ shape=none, color=black label=<
knownBias
https://rdf.spdx.org/v3/Dataset/knownBias
rdfs:comment"Records the biases that the dataset is known to encompass."@en
> ] -# https://rdf.spdx.org/v3/Software/gitoid node614 -node614 [ shape=none, color=black label=<
gitoid
https://rdf.spdx.org/v3/Software/gitoid
rdfs:comment"Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification."@en
> ] -# N3ab76487cc5649d3941287e97dae6c3f node615 -node615 [ shape=none, color=black label=<
N3ab76487cc5649d3941287e97dae6c3f
N3ab76487cc5649d3941287e97dae6c3f
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/test node616 -node616 [ shape=none, color=black label=<
test
https://rdf.spdx.org/v3/Software/SoftwarePurpose/test
rdfs:comment"The Element is a test used to verify functionality on an software element"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/other node617 -node617 [ shape=none, color=black label=<
other
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/other
rdfs:comment"Used when the type doesn't match any of the other options."@en
> ] -# Na6f57389f0e049c49f41065ea979cb6e node618 -node618 [ shape=none, color=black label=<
Na6f57389f0e049c49f41065ea979cb6e
Na6f57389f0e049c49f41065ea979cb6e
> ] -# https://rdf.spdx.org/v3/Core/validUntilTime node619 -node619 [ shape=none, color=black label=<
validUntilTime
https://rdf.spdx.org/v3/Core/validUntilTime
rdfs:comment"Specifies until when the artifact can be used before its usage needs to be reassessed."@en
> ] -# https://rdf.spdx.org/v3/Core/MediaType node620 -node620 [ shape=none, color=black label=<
MediaType
https://rdf.spdx.org/v3/Core/MediaType
> ] -# https://rdf.spdx.org/v3/ node621 -node621 [ shape=none, color=black label=<
https://rdf.spdx.org/v3/
> ] -# http://www.w3.org/2002/07/owl#Ontology node622 -node622 [ shape=none, color=black label=<
Ontology
http://www.w3.org/2002/07/owl#Ontology
> ] -# Nb61f430f2ce547f88f82bd0f8a70093e node623 -node623 [ shape=none, color=black label=<
Nb61f430f2ce547f88f82bd0f8a70093e
Nb61f430f2ce547f88f82bd0f8a70093e
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/expandedLicensing node624 -node624 [ shape=none, color=black label=<
expandedLicensing
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/expandedLicensing
rdfs:comment"the element follows the expanded Licensing profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/from node625 -node625 [ shape=none, color=black label=<
from
https://rdf.spdx.org/v3/Core/from
rdfs:comment"References the Element on the left-hand side of a relationship."@en
> ] -# Nb93105c39d48412eba12e34a0c5843db node626 -node626 [ shape=none, color=black label=<
Nb93105c39d48412eba12e34a0c5843db
Nb93105c39d48412eba12e34a0c5843db
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe23 node627 -node627 [ shape=none, color=black label=<
cpe23
https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe23
rdfs:comment"https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf"@en
> ] -# Naebffd32e3934fe69bfc6812d39965e5 node628 -node628 [ shape=none, color=black label=<
Naebffd32e3934fe69bfc6812d39965e5
Naebffd32e3934fe69bfc6812d39965e5
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/isDirectory node629 -node629 [ shape=none, color=black label=<
isDirectory
https://rdf.spdx.org/v3/Software/isDirectory
rdfs:comment"If true, denotes the Element is a directory."@en
> ] -# https://rdf.spdx.org/v3/Dataset/DatasetType/text node630 -node630 [ shape=none, color=black label=<
text
https://rdf.spdx.org/v3/Dataset/DatasetType/text
rdfs:comment"data consists of unstructured text, such as a book, wikipedia article (without images), or transcript."@en
> ] -# Ne5bedb0c9e53414dbaa218bb712fa7ad node631 -node631 [ shape=none, color=black label=<
Ne5bedb0c9e53414dbaa218bb712fa7ad
Ne5bedb0c9e53414dbaa218bb712fa7ad
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/ProfileIdentifierType/software node632 -node632 [ shape=none, color=black label=<
software
https://rdf.spdx.org/v3/Core/ProfileIdentifierType/software
rdfs:comment"the element follows the Software profile specification"@en
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/md5 node633 -node633 [ shape=none, color=black label=<
md5
https://rdf.spdx.org/v3/Core/HashAlgorithm/md5
rdfs:comment"https://datatracker.ietf.org/doc/html/rfc1321"@en
> ] -# https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText node634 -node634 [ shape=none, color=black label=<
SimpleLicensingText
https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText
rdfs:comment"A license or addition that is not listed on the SPDX License List."@en
> ] -# https://rdf.spdx.org/v3/Licensing/None node635 -node635 [ shape=none, color=black label=<
None
https://rdf.spdx.org/v3/Licensing/None
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/archive node636 -node636 [ shape=none, color=black label=<
archive
https://rdf.spdx.org/v3/Software/SoftwarePurpose/archive
rdfs:comment"the Element is an archived collection of one or more files (.tar, .zip, etc)"@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/securityOther node637 -node637 [ shape=none, color=black label=<
securityOther
https://rdf.spdx.org/v3/Core/ExternalRefType/securityOther
rdfs:comment"A reference to related security information of unspecified type."@en
> ] -# Na1c759b22a294d8c9ebb1d7623c74d34 node638 -node638 [ shape=none, color=black label=<
Na1c759b22a294d8c9ebb1d7623c74d34
Na1c759b22a294d8c9ebb1d7623c74d34
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_224 node639 -node639 [ shape=none, color=black label=<
sha3_224
https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_224
rdfs:comment"sha3 with a digest length of 224 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en
> ] -# https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship node640 -node640 [ shape=none, color=black label=<
CvssV2VulnAssessmentRelationship
https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship
rdfs:comment"Provides a CVSS version 2.0 assessment for a vulnerability."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/underInvestigationFor node641 -node641 [ shape=none, color=black label=<
underInvestigationFor
https://rdf.spdx.org/v3/Core/RelationshipType/underInvestigationFor
rdfs:comment"(Security/VEX) The `from` Vulnerability impact is being investigated for each `to` Element"@en
> ] -# N0e49f9adfd11454b804bc395d8bc6c69 node642 -node642 [ shape=none, color=black label=<
N0e49f9adfd11454b804bc395d8bc6c69
N0e49f9adfd11454b804bc395d8bc6c69
> ] -# N68edfa00575e4119bfac5231dbdffac2 node643 -node643 [ shape=none, color=black label=<
N68edfa00575e4119bfac5231dbdffac2
N68edfa00575e4119bfac5231dbdffac2
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/executable node644 -node644 [ shape=none, color=black label=<
executable
https://rdf.spdx.org/v3/Software/SoftwarePurpose/executable
rdfs:comment"Element is an Artifact that can be run on a computer"@en
> ] -# N3584a1ee79ab419fba34ccd122b2e3a6 node645 -node645 [ shape=none, color=black label=<
N3584a1ee79ab419fba34ccd122b2e3a6
N3584a1ee79ab419fba34ccd122b2e3a6
> ] -# https://rdf.spdx.org/v3/Core/element node646 -node646 [ shape=none, color=black label=<
element
https://rdf.spdx.org/v3/Core/element
rdfs:comment"Refers to one or more Elements that are part of an ElementCollection."@en
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator node647 -node647 [ shape=none, color=black label=<
OrLaterOperator
https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator
rdfs:comment"Portion of an AnyLicenseInfo representing this version, or any later version, -of the indicated License."@en
> ] -# https://rdf.spdx.org/v3/Core/ExternalRefType/releaseNotes node648 -node648 [ shape=none, color=black label=<
releaseNotes
https://rdf.spdx.org/v3/Core/ExternalRefType/releaseNotes
rdfs:comment"A reference to the release notes for a package."@en
> ] -# Nbdbea7641bff4cc5856fafc4118ff213 node649 -node649 [ shape=none, color=black label=<
Nbdbea7641bff4cc5856fafc4118ff213
Nbdbea7641bff4cc5856fafc4118ff213
sh:minCount"2"^^xsd:integer
> ] -# N516ec1714a92441abfb7fba718f8f761 node650 -node650 [ shape=none, color=black label=<
N516ec1714a92441abfb7fba718f8f761
N516ec1714a92441abfb7fba718f8f761
sh:maxCount"1"^^xsd:integer
sh:minCount"1"^^xsd:integer
> ] -# Na14c84347f214538b154b64ae46538cf node651 -node651 [ shape=none, color=black label=<
Na14c84347f214538b154b64ae46538cf
Na14c84347f214538b154b64ae46538cf
> ] -# https://rdf.spdx.org/v3/Core/RelationshipCompleteness/incomplete node652 -node652 [ shape=none, color=black label=<
incomplete
https://rdf.spdx.org/v3/Core/RelationshipCompleteness/incomplete
rdfs:comment"The relationship is known not to be exhaustive."@en
> ] -# https://rdf.spdx.org/v3/Core/RelationshipType/hasDependencyManifest node653 -node653 [ shape=none, color=black label=<
hasDependencyManifest
https://rdf.spdx.org/v3/Core/RelationshipType/hasDependencyManifest
rdfs:comment"The `from` Element has manifest files that contain dependency information in each `to` Element"@en
> ] -# https://rdf.spdx.org/v3/Software/SoftwarePurpose/specification node654 -node654 [ shape=none, color=black label=<
specification
https://rdf.spdx.org/v3/Software/SoftwarePurpose/specification
rdfs:comment"the Element is a plan, guideline or strategy how to create, perform or analyse an application"@en
> ] -# Naa7bd709cc71466bb3b62cac556b8d67 node655 -node655 [ shape=none, color=black label=<
Naa7bd709cc71466bb3b62cac556b8d67
Naa7bd709cc71466bb3b62cac556b8d67
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/Security/SsvcDecisionType/attend node656 -node656 [ shape=none, color=black label=<
attend
https://rdf.spdx.org/v3/Security/SsvcDecisionType/attend
rdfs:comment"The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."@en
> ] -# N8b039ebfe3334fa4abb9b8a284479a62 node657 -node657 [ shape=none, color=black label=<
N8b039ebfe3334fa4abb9b8a284479a62
N8b039ebfe3334fa4abb9b8a284479a62
sh:maxCount"1"^^xsd:integer
> ] -# https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense node658 -node658 [ shape=none, color=black label=<
subjectLicense
https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense
rdfs:comment"A License participating in an 'or later' model."@en
> ] -# https://rdf.spdx.org/v3/Software/homePage node659 -node659 [ shape=none, color=black label=<
homePage
https://rdf.spdx.org/v3/Software/homePage
rdfs:comment"A place for the SPDX document creator to record a website that serves as the package's home page."@en
> ] -# https://rdf.spdx.org/v3/AI/metric node660 -node660 [ shape=none, color=black label=<
metric
https://rdf.spdx.org/v3/AI/metric
rdfs:comment"Records the measurement of prediction quality of the AI model."@en
> ] -# http://www.w3.org/2001/XMLSchema#nonNegativeInteger node661 -node661 [ shape=none, color=black label=<
nonNegativeInteger
http://www.w3.org/2001/XMLSchema#nonNegativeInteger
> ] -# https://rdf.spdx.org/v3/Core/SemVer node662 -node662 [ shape=none, color=black label=<
SemVer
https://rdf.spdx.org/v3/Core/SemVer
> ] -# N8105f0dc499643938723370ddd8039b7 node663 -node663 [ shape=none, color=black label=<
N8105f0dc499643938723370ddd8039b7
N8105f0dc499643938723370ddd8039b7
> ] -# Nbffe26fafa7348889aa178a9ccab036f node664 -node664 [ shape=none, color=black label=<
Nbffe26fafa7348889aa178a9ccab036f
Nbffe26fafa7348889aa178a9ccab036f
sh:maxCount"1"^^xsd:integer
> ] -# Nf97a2056005c47a1b4f0d59ba668cdf6 node665 -node665 [ shape=none, color=black label=<
Nf97a2056005c47a1b4f0d59ba668cdf6
Nf97a2056005c47a1b4f0d59ba668cdf6
sh:maxCount"1"^^xsd:integer
> ] -# Nd617e0584cf94706abb44a7fa24e57b6 node666 -node666 [ shape=none, color=black label=<
Nd617e0584cf94706abb44a7fa24e57b6
Nd617e0584cf94706abb44a7fa24e57b6
> ] -# Na14bf252a1c94d279d0ca28ce3cd948e node667 -node667 [ shape=none, color=black label=<
Na14bf252a1c94d279d0ca28ce3cd948e
Na14bf252a1c94d279d0ca28ce3cd948e
sh:maxCount"1"^^xsd:integer
> ] -# N18868e97d59d4ce0b315ff4ebd2f348b node668 -node668 [ shape=none, color=black label=<
N18868e97d59d4ce0b315ff4ebd2f348b
N18868e97d59d4ce0b315ff4ebd2f348b
> ] -# Nd4f426ad47a141e19b8387e913028a87 node669 -node669 [ shape=none, color=black label=<
Nd4f426ad47a141e19b8387e913028a87
Nd4f426ad47a141e19b8387e913028a87
sh:maxCount"1"^^xsd:integer
> ] -# N486f5b62945d4a088c949d534ef25121 node670 -node670 [ shape=none, color=black label=<
N486f5b62945d4a088c949d534ef25121
N486f5b62945d4a088c949d534ef25121
> ] -# https://rdf.spdx.org/v3/Core/AnnotationType/review node671 -node671 [ shape=none, color=black label=<
review
https://rdf.spdx.org/v3/Core/AnnotationType/review
rdfs:comment"Used when someone reviews the Element."@en
> ] -# N03104bf212d14f8eb81eedf0d1f77c19 node672 -node672 [ shape=none, color=black label=<
N03104bf212d14f8eb81eedf0d1f77c19
N03104bf212d14f8eb81eedf0d1f77c19
> ] -} diff --git a/ontology/ontology.rdf.json-ld b/ontology/ontology.rdf.json-ld deleted file mode 100644 index 0aef1d987..000000000 --- a/ontology/ontology.rdf.json-ld +++ /dev/null @@ -1,11421 +0,0 @@ -[ - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/securityOther", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Used when there is a security related identifier of unspecified type." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityOther" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/deployed", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "deployed" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/endTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the time from which an element is no longer applicable / valid." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/license", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to additional license information related to an artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "license" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Element", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Base domain class from which all other SPDX-3.0 domain classes derive." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Na6f4c095663042bf987e880a96b8b148" - }, - { - "@id": "_:N19f36ea2af9c479a84ec923d6ce052f5" - }, - { - "@id": "_:N9295b1fffdae42eabd1b9a8583e2b7e5" - }, - { - "@id": "_:N2d4ba79e36724b879925834084ea980f" - }, - { - "@id": "_:N8f8a020e5ca640f0b81d7dae97b306ad" - }, - { - "@id": "_:Nab78c3013a114d78bd1f530c9c88a001" - }, - { - "@id": "_:N03104bf212d14f8eb81eedf0d1f77c19" - }, - { - "@id": "_:N7ccf4c324f814fdfad3692b9aa733f57" - }, - { - "@id": "_:N0e49f9adfd11454b804bc395d8bc6c69" - }, - { - "@id": "_:N98acc89a36824e7387a667eecae2da38" - } - ] - }, - { - "@id": "_:Na6f4c095663042bf987e880a96b8b148", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/spdxId" - } - ] - }, - { - "@id": "_:N19f36ea2af9c479a84ec923d6ce052f5", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/name" - } - ] - }, - { - "@id": "_:N9295b1fffdae42eabd1b9a8583e2b7e5", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/summary" - } - ] - }, - { - "@id": "_:N2d4ba79e36724b879925834084ea980f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/description" - } - ] - }, - { - "@id": "_:N8f8a020e5ca640f0b81d7dae97b306ad", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/comment" - } - ] - }, - { - "@id": "_:Nab78c3013a114d78bd1f530c9c88a001", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/creationInfo" - } - ] - }, - { - "@id": "_:N03104bf212d14f8eb81eedf0d1f77c19", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing" - } - ] - }, - { - "@id": "_:N7ccf4c324f814fdfad3692b9aa733f57", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/externalRef" - } - ] - }, - { - "@id": "_:N0e49f9adfd11454b804bc395d8bc6c69", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier" - } - ] - }, - { - "@id": "_:N98acc89a36824e7387a667eecae2da38", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/extension" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutApplication", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides relevant information about the AI software, not including the model description." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/syntactic", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "syntactic" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicense", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A license that is listed on the SPDX License List." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Ne55b147bf55c40048f9a694ad507799a" - }, - { - "@id": "_:N6c21c1a7369b4a919831be838768c2b6" - } - ] - }, - { - "@id": "_:Ne55b147bf55c40048f9a694ad507799a", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded" - } - ] - }, - { - "@id": "_:N6c21c1a7369b4a919831be838768c2b6", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Categories of presence or absence." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/support", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the software support channel or other support information for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "support" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicenseAddition", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A license addition that is not listed on the SPDX Exceptions List." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The version of the SPDX License List used in the license expression." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/SemVer" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/componentNotPresent", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The software is not affected because the vulnerable component is not in the product." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "componentNotPresent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property describes the invocation entrypoint of a build." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifier", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a resource outside the scope of SPDX-3.0 content that uniquely identifies an Element." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N3726047a2a2a411ab64cf294a95f8bbc" - }, - { - "@id": "_:N5149c94b0d744d4b86a19246955eb8f3" - }, - { - "@id": "_:Nb8e63de39189471b87730e0c122dd304" - }, - { - "@id": "_:N924a79e0135e487ba6355ab2d1857fc8" - }, - { - "@id": "_:Nab74974f7e2a4bb1a9aca9a00d8a75f1" - } - ] - }, - { - "@id": "_:N3726047a2a2a411ab64cf294a95f8bbc", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType" - } - ] - }, - { - "@id": "_:N5149c94b0d744d4b86a19246955eb8f3", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/identifier" - } - ] - }, - { - "@id": "_:Nb8e63de39189471b87730e0c122dd304", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/comment" - } - ] - }, - { - "@id": "_:N924a79e0135e487ba6355ab2d1857fc8", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/identifierLocator" - } - ] - }, - { - "@id": "_:Nab74974f7e2a4bb1a9aca9a00d8a75f1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/issuingAuthority" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/externalSpdxId", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies an external Element used within a Document but defined external to that Document." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType/no", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/PresenceType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Indicates absence of the field." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "no" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/packagedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "packagedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/act", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "act" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/specVersion", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a reference number that can be used to understand how to parse and interpret an Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/SemVer" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/framework", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a software framework" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "framework" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/domain", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Captures the domain in which the AI package can be used." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/configures", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is a configuration applied to each `to` Element during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "configures" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/buildId", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/build", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "build" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides additional purpose information of the software artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/intendedUse", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes what the given dataset should be used for." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/sourceInfo", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records any relevant background information or additional comments\nabout the origin of the package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/CustomLicense", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A license that is not listed on the SPDX License List." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/low", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "When a CVSS score is between 0 - 3.9" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "low" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/medium", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The third-highest level of risk posed by an AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "medium" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/buildSystem", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference build system used to create or publish the package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "buildSystem" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/bom", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element is a bill of materials" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "bom" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/build", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A relationship has specific context implications during an element's build phase, during development." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "build" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/noSupport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "there is no support for the artifact from the supplier, consumer assumes any support obligations." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "noSupport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/fixedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability has been fixed by the `to` Agent(s)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "fixedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/severity", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Captures the threshold that was used for computation of a metric described in the metric field." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/supportLevel", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the level of support associated with an artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/probability", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A probability score between 0 and 1 of a vulnerability being exploited." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssV4VulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a CVSS version 4 assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N6466bcc2da5c46e4bf3d5dbbb558f701" - }, - { - "@id": "_:N52b3bb7501a24cc3ab1f9554c6cfd491" - }, - { - "@id": "_:N469681c7e14148679b505b47ee6988e9" - } - ] - }, - { - "@id": "_:N6466bcc2da5c46e4bf3d5dbbb558f701", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/score" - } - ] - }, - { - "@id": "_:N52b3bb7501a24cc3ab1f9554c6cfd491", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/severity" - } - ] - }, - { - "@id": "_:N469681c7e14148679b505b47ee6988e9", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/vectorString" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is of a type not included in this list." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ListedLicenseException", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A license exception that is listed on the SPDX Exceptions list." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nbe9c069d158548428dd961225d5b6bcb" - }, - { - "@id": "_:Nec7590cfce884952a66ab5698d7bccf6" - } - ] - }, - { - "@id": "_:Nbe9c069d158548428dd961225d5b6bcb", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded" - } - ] - }, - { - "@id": "_:Nec7590cfce884952a66ab5698d7bccf6", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOutputs", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Build element generates each `to` Element as an output during a LifecycleScopeType period." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasOutputs" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/high", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The second-highest level of risk posed by an AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "high" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ConjunctiveLicenseSet", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nbdbea7641bff4cc5856fafc4118ff213" - } - ] - }, - { - "@id": "_:Nbdbea7641bff4cc5856fafc4118ff213", - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 2 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/locationHint", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an indication of where to retrieve an external Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/amendedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is amended by each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "amendedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/urlScheme", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the scheme used in order to locate a resource https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "urlScheme" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/attend", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "attend" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provide an enumerated set of software lifecycle phases that can provide context to relationships." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha224", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "secure hashing algorithm with a digest length of 224 https://datatracker.ietf.org/doc/html/draft-ietf-pkix-sha224-01" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha224" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/scrapingScript", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "scrapingScript" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/OrLaterOperator", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nad1d4443dde6453fb97cf03d5f392827" - } - ] - }, - { - "@id": "_:Nad1d4443dde6453fb97cf03d5f392827", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/privacyAssessment", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a privacy assessment for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "privacyAssessment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/suppliedBy", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies who or what supplied the artifact or VulnAssessmentRelationship referenced by the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Agent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalDependency", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element optionally depends on each `to` Element during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasOptionalDependency" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the CVSS base, temporal, threat, or environmental severity type." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/reportedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "reportedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/rootElement", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "This property is used to denote the root Element(s) of a tree of elements contained in an SBOM." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/originatedBy", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies from where or whom the Element originally came." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Agent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a set of values to be used to describe the common types of SBOMs that tools may create." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Used when the type doesn't match any of the other options." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a License author's preferred text to indicate that a file is covered\nby the License." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/completeness", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the completeness of relationships." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/created", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies when the Element was originally created." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/requirement", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element provides a requirement needed as input for another Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "requirement" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/device", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element refers to a chipset, processor, or electronic board" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "device" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/red", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Data points in the dataset are highly confidential and can only be shared with named recipients." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "red" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/PackageVerificationCode", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An SPDX version 2.X compatible verification method for software packages." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N82580a72b0e641a8b8cd9f1b2ec4a0a2" - }, - { - "@id": "_:Na14c84347f214538b154b64ae46538cf" - } - ] - }, - { - "@id": "_:N82580a72b0e641a8b8cd9f1b2ec4a0a2", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/hashValue" - } - ] - }, - { - "@id": "_:Na14c84347f214538b154b64ae46538cf", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType/noAssertion", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/PresenceType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Makes no assertion about the field." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "noAssertion" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/deviceDriver", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element represents software that controls hardware devices" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "deviceDriver" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/gitoid", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://www.iana.org/assignments/uri-schemes/prov/gitoid Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document); this ambiguity exists because the OmniBOR Document is itself an artifact, and the gitoid of that artifact is its valid identifier. Omnibor is a minimalistic schema to describe software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-dependency-graph-adg). Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's ContentIdentifier property. Gitoids calculated on the OmniBOR Document (OmniBOR Identifiers) should be recorded in the SPDX 3.0 Element's ExternalIdentifier property." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "gitoid" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/complete", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The relationship is known to be exhaustive." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "complete" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha1", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc3174" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha1" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/mavenCentral", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a maven repository artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "mavenCentral" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes the preprocessing steps that were applied to the raw data to create the given dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/falcon", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://falcon-sign.info/falcon.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "falcon" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/Build", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Class that describes a build instance of software/artifacts." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N654098939a2a4affaf1fb1dc5d88159c" - }, - { - "@id": "_:Nb93105c39d48412eba12e34a0c5843db" - }, - { - "@id": "_:Nb860712c98974258aa0af55e9cc73735" - }, - { - "@id": "_:Ncecd765cc12947ef984e0b22fb617e95" - }, - { - "@id": "_:N10ba1fbc839c40368383cf5a47143cbf" - }, - { - "@id": "_:Nfcc9cffbc6334d5588b62233679fa30e" - }, - { - "@id": "_:N569d91e585284334ab2d33a1cc8ef421" - }, - { - "@id": "_:N68e0d6fb609e4e458d59f41de92f1322" - }, - { - "@id": "_:N0195563483ff4fa8a3c182412cda1e6d" - } - ] - }, - { - "@id": "_:N654098939a2a4affaf1fb1dc5d88159c", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/buildType" - } - ] - }, - { - "@id": "_:Nb93105c39d48412eba12e34a0c5843db", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/buildId" - } - ] - }, - { - "@id": "_:Nb860712c98974258aa0af55e9cc73735", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/configSourceEntrypoint" - } - ] - }, - { - "@id": "_:Ncecd765cc12947ef984e0b22fb617e95", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/configSourceUri" - } - ] - }, - { - "@id": "_:N10ba1fbc839c40368383cf5a47143cbf", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest" - } - ] - }, - { - "@id": "_:Nfcc9cffbc6334d5588b62233679fa30e", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/parameters" - } - ] - }, - { - "@id": "_:N569d91e585284334ab2d33a1cc8ef421", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/buildStartTime" - } - ] - }, - { - "@id": "_:N68e0d6fb609e4e458d59f41de92f1322", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/buildEndTime" - } - ] - }, - { - "@id": "_:N0195563483ff4fa8a3c182412cda1e6d", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Build/environment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of an external reference." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes if any sensitive personal information is present in the dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes how the dataset was collected." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/relationshipType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Information about the relationship between two Elements." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha384", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "secure hashing algorithm with a digest length of 384 https://www.rfc-editor.org/rfc/rfc4634" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha384" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/", - "@type": [ - "http://www.w3.org/2002/07/owl#Ontology" - ], - "http://www.w3.org/2002/07/owl#versionIRI": [ - { - "@id": "https://rdf.spdx.org/v3/" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/subject", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An Element an annotator has made an assertion about." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/analyzed", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a “3rd party” SBOM." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "analyzed" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/sourceArtifact", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to an artifact containing the sources for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sourceArtifact" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/identifier", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Uniquely identifies an external element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/serious", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The highest level of risk posed by an AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "serious" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/externalRefType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of the external reference." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/software", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the Software profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "software" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/productMetadata", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to additional product metadata such as reference within organization's product catalog." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "productMetadata" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/library", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a software library" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "library" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A mathematical algorithm that maps data of arbitrary size to a bit string." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/availableFrom", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is available from the additional supplier described by each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "availableFrom" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/AnnotationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/underInvestigationFor", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security/VEX) The `from` Vulnerability impact is being investigated for each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "underInvestigationFor" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/algorithm", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the algorithm used for calculating the hash value." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes all the preprocessing steps applied to the training data before the model training." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/impactStatementTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Timestamp of impact statement." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/AIPackage", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the fields in the AI package profile." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Software/Package" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N4df6b7068b8f4d23b23275fe4d4b1eaa" - }, - { - "@id": "_:N995fdab5ba2b45a1b4062aad92707ab7" - }, - { - "@id": "_:Ncb7e85be40a5459180e5377ffb453bd1" - }, - { - "@id": "_:Nb0b45fd1281e4be6afd9c05eac32b7c3" - }, - { - "@id": "_:N2151950099c4426780325b1e5d39bbc2" - }, - { - "@id": "_:N647b956ea3fa4342bbe7a67bf7ab14c8" - }, - { - "@id": "_:Nf26fc8a9288649098e4a03706255c0ad" - }, - { - "@id": "_:Ne878faeb82064696a3d61720b3d4e598" - }, - { - "@id": "_:Na6f57389f0e049c49f41065ea979cb6e" - }, - { - "@id": "_:N546e0866bb1e401aa2295a6f62d7b38b" - }, - { - "@id": "_:N9222475d1add4d0eb31489d0175ebea7" - }, - { - "@id": "_:N56f5626641d3476999cc48b60024870a" - }, - { - "@id": "_:Na4c5259729e5488eb3da8d164b5dca2a" - }, - { - "@id": "_:Nd630d31d55784785b0d23eec0a9b3742" - }, - { - "@id": "_:Nad719ce2d9384054a1f3e7da3acc7f72" - } - ] - }, - { - "@id": "_:N4df6b7068b8f4d23b23275fe4d4b1eaa", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/energyConsumption" - } - ] - }, - { - "@id": "_:N995fdab5ba2b45a1b4062aad92707ab7", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/standardCompliance" - } - ] - }, - { - "@id": "_:Ncb7e85be40a5459180e5377ffb453bd1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/limitation" - } - ] - }, - { - "@id": "_:Nb0b45fd1281e4be6afd9c05eac32b7c3", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/typeOfModel" - } - ] - }, - { - "@id": "_:N2151950099c4426780325b1e5d39bbc2", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutTraining" - } - ] - }, - { - "@id": "_:N647b956ea3fa4342bbe7a67bf7ab14c8", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutApplication" - } - ] - }, - { - "@id": "_:Nf26fc8a9288649098e4a03706255c0ad", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/hyperparameter" - } - ] - }, - { - "@id": "_:Ne878faeb82064696a3d61720b3d4e598", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/modelDataPreprocessing" - } - ] - }, - { - "@id": "_:Na6f57389f0e049c49f41065ea979cb6e", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/modelExplainability" - } - ] - }, - { - "@id": "_:N546e0866bb1e401aa2295a6f62d7b38b", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation" - } - ] - }, - { - "@id": "_:N9222475d1add4d0eb31489d0175ebea7", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/metricDecisionThreshold" - } - ] - }, - { - "@id": "_:N56f5626641d3476999cc48b60024870a", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/metric" - } - ] - }, - { - "@id": "_:Na4c5259729e5488eb3da8d164b5dca2a", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/domain" - } - ] - }, - { - "@id": "_:Nd630d31d55784785b0d23eec0a9b3742", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/autonomyType" - } - ] - }, - { - "@id": "_:Nad719ce2d9384054a1f3e7da3acc7f72", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/configSourceDigest", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property that describes the digest of the build configuration file used to invoke a build." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Hash" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the exploit catalog type." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/high", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "When a CVSS score is between 7.0 - 8.9" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "high" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/WithAdditionOperator", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N7eb97617153a4728b7df9d7215b4b891" - }, - { - "@id": "_:N1c152c85ecde447fbe2a9ca5918dab30" - } - ] - }, - { - "@id": "_:N7eb97617153a4728b7df9d7215b4b891", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense" - } - ] - }, - { - "@id": "_:N1c152c85ecde447fbe2a9ca5918dab30", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotInExecutePath", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "vulnerableCodeNotInExecutePath" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/altWebPage", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to an alternative web page." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "altWebPage" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Annotation", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An assertion made in relation to one or more elements." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N17963bdd9a38492abfdaf578e668dc7a" - }, - { - "@id": "_:Nf8ea93dda52f42369dbd5892660009f1" - }, - { - "@id": "_:N323a5d40362244dfb78b92114799babf" - }, - { - "@id": "_:N03ecc1ce186b4a458ba6b556cd338fa3" - } - ] - }, - { - "@id": "_:N17963bdd9a38492abfdaf578e668dc7a", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/annotationType" - } - ] - }, - { - "@id": "_:Nf8ea93dda52f42369dbd5892660009f1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/contentType" - } - ] - }, - { - "@id": "_:N323a5d40362244dfb78b92114799babf", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/statement" - } - ] - }, - { - "@id": "_:N03ecc1ce186b4a458ba6b556cd338fa3", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/subject" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasTestCase", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasTestCase" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/NoAssertionLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An Individual Value for License when no assertion can be made about its actual value." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo" - } - ], - "http://www.w3.org/2002/07/owl#sameAs": [ - { - "@id": "https://rdf.spdx.org/v3/Licensing/NoAssertion" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssV3VulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a CVSS version 3 assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Ndb364c9b48f847108340d33cc43999c0" - }, - { - "@id": "_:N5f73c2b65457408b970d85f1294a0519" - }, - { - "@id": "_:N7afac6283b48428dba9a6116b205df16" - } - ] - }, - { - "@id": "_:Ndb364c9b48f847108340d33cc43999c0", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/score" - } - ] - }, - { - "@id": "_:N5f73c2b65457408b970d85f1294a0519", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/severity" - } - ] - }, - { - "@id": "_:N7afac6283b48428dba9a6116b205df16", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/vectorString" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/structured", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is stored in tabular format or retrieved from a relational database." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "structured" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/startTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the time from which an element is applicable / valid." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Asbtract ancestor class for all VEX relationships" - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Na1219d2003f1475c9c2466ec5b88f306" - }, - { - "@id": "_:Ne20e154cd47d469c8b80bc65de191a00" - } - ] - }, - { - "@id": "_:Na1219d2003f1475c9c2466ec5b88f306", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/vexVersion" - } - ] - }, - { - "@id": "_:Ne20e154cd47d469c8b80bc65de191a00", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/statusNotes" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/module", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a module of a piece of software" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "module" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/metrics", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to metrics related to package such as OpenSSF scorecards." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "metrics" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A tuple of two positive integers that define a range." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nfeaaccd96cec46799adc66a23fa18a33" - }, - { - "@id": "_:N7a7377b732ea49798193cf1cf67cd775" - } - ] - }, - { - "@id": "_:Nfeaaccd96cec46799adc66a23fa18a33", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/beginIntegerRange" - } - ] - }, - { - "@id": "_:N7a7377b732ea49798193cf1cf67cd775", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/endIntegerRange" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/image", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is a collection of images such as pictures of animals." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "image" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/CreationInfo", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the creation of the Element." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nd8f7fe2ea1074444b91975c6dbc6cf7b" - }, - { - "@id": "_:N027a5c76c6724ce887f2193507502f33" - }, - { - "@id": "_:N54e84abcdd0c49baa5881973534a5317" - }, - { - "@id": "_:N101f47d2807c4dbd816c95da85edcfca" - }, - { - "@id": "_:N41cd9c52d93e48e4a7c4486d198b3391" - } - ] - }, - { - "@id": "_:Nd8f7fe2ea1074444b91975c6dbc6cf7b", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/specVersion" - } - ] - }, - { - "@id": "_:N027a5c76c6724ce887f2193507502f33", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/comment" - } - ] - }, - { - "@id": "_:N54e84abcdd0c49baa5881973534a5317", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/created" - } - ] - }, - { - "@id": "_:N101f47d2807c4dbd816c95da85edcfca", - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/createdBy" - } - ] - }, - { - "@id": "_:N41cd9c52d93e48e4a7c4486d198b3391", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/createdUsing" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies whether the License is listed as free by the\n[Free Software Foundation (FSF)](https://fsf.org)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/generates", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element generates each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "generates" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/modifiedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is modified by each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "modifiedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vcs", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a version control system related to a software artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "vcs" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/numeric", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data consists only of numeric entries." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "numeric" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the full text of a LicenseAddition, in SPDX templating format." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/SimpleLicensingText", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A license or addition that is not listed on the SPDX License List." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N7dcb94c9a8294ac3877c287a7ff56582" - } - ] - }, - { - "@id": "_:N7dcb94c9a8294ac3877c287a7ff56582", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Contains a URL where the License or LicenseAddition can be found in use." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/locator", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides the location of an exploit catalog." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/actionStatement", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/extension", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies an Extension characterization of some aspect of an Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Extension/Extension" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDependencyManifest", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element has manifest files that contain dependency information in each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDependencyManifest" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/inlineMitigationsAlreadyExist", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "inlineMitigationsAlreadyExist" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssV2VulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a CVSS version 2.0 assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N8e49e1d6b5b5427e85b104e6a6434e01" - }, - { - "@id": "_:N0d19254cdf9f44ada5dbaaa9183e0c92" - } - ] - }, - { - "@id": "_:N8e49e1d6b5b5427e85b104e6a6434e01", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/score" - } - ] - }, - { - "@id": "_:N0d19254cdf9f44ada5dbaaa9183e0c92", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/vectorString" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/clickthrough", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "clickthrough" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectAddition", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A LicenseAddition participating in a 'with addition' model." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of an external identifier." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/listVersionAdded", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/imports", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an ExternalMap of Element identifiers." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalMap" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/decisionType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes the confidentiality level of the data points contained in the dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/endOfSupport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "endOfSupport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md5", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc1321" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "md5" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/componentAnalysisReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a Software Composition Analysis (SCA) report." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "componentAnalysisReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/medium", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "When a CVSS score is between 4 - 6.9" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "medium" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/copyrightText", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/sensor", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is recorded from a physical sensor, such as a thermometer reading or biometric device." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sensor" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/republishedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "republishedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/hashValue", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The result of applying a hash algorithm to an Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SpdxDocument", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A collection of SPDX Elements that could potentially be serialized." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ElementCollection" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N6625837397e5418c8bea2695d9e02bd0" - }, - { - "@id": "_:N8c21909af3a3410db2d3f7399071393d" - }, - { - "@id": "_:N2f13545c1dc84a06992b376dd13840a8" - } - ] - }, - { - "@id": "_:N6625837397e5418c8bea2695d9e02bd0", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/imports" - } - ] - }, - { - "@id": "_:N8c21909af3a3410db2d3f7399071393d", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/namespaceMap" - } - ] - }, - { - "@id": "_:N2f13545c1dc84a06992b376dd13840a8", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/dataLicense" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/text", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data consists of unstructured text, such as a book, wikipedia article (without images), or transcript." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "text" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasVariant", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasVariant" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b512", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "blake2b algorithm with a digest size of 512 https://datatracker.ietf.org/doc/html/rfc7693#section-4" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "blake2b512" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/standardCompliance", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Captures a standard that is being complied with." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDynamicLink", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDynamicLink" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/limitedSupport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "limitedSupport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/binaryArtifact", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to binary artifacts related to a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "binaryArtifact" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Defines the original host file that the snippet information applies to." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Software/File" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/builtTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the time an artifact was built." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/model", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a machine learning or artificial intelligence model" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "model" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element doesn't fit into any of the other categories" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cve", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification as defined by https://csrc.nist.gov/glossary/term/cve_id." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "cve" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/autonomyType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "States if a human is involved in the decisions of the AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/core", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the Core profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "core" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/noAssertion", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data type is not known." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "noAssertion" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType/low", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Low/no risk is posed by the AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "low" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/impactStatement", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/sensitivePersonalInformation", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records if sensitive personal information is used during model training." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/key", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A key used in a generic key-value pair." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/definingArtifact", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Artifact representing a serialization instance of SPDX data containing the definition of a particular Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Artifact" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifierType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of the external identifier." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/LicenseAddition", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Ncea58645a9524f35b26a1578ccf2964e" - }, - { - "@id": "_:N7c05301c424c45ef875b83d2f1630e8f" - }, - { - "@id": "_:Na14bf252a1c94d279d0ca28ce3cd948e" - }, - { - "@id": "_:N6824ec92e1c7432daba79ba2ca95feec" - }, - { - "@id": "_:Nd2d3b8c6b76242c087fdc3f20bc0030a" - }, - { - "@id": "_:N3814fcf92e7d403d9ba2dfb4593eba60" - } - ] - }, - { - "@id": "_:Ncea58645a9524f35b26a1578ccf2964e", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText" - } - ] - }, - { - "@id": "_:N7c05301c424c45ef875b83d2f1630e8f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardAdditionTemplate" - } - ] - }, - { - "@id": "_:Na14bf252a1c94d279d0ca28ce3cd948e", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId" - } - ] - }, - { - "@id": "_:N6824ec92e1c7432daba79ba2ca95feec", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy" - } - ] - }, - { - "@id": "_:Nd2d3b8c6b76242c087fdc3f20bc0030a", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml" - } - ] - }, - { - "@id": "_:N3814fcf92e7d403d9ba2dfb4593eba60", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/coordinatedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "coordinatedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/ai", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the AI profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "ai" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/description", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a detailed description of the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/releaseNotes", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the release notes for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "releaseNotes" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/descendantOf", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is a descendant of each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "descendantOf" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/energyConsumption", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Indicates the amount of energy consumed to build the AI package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes a mechanism to update the dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/additionText", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the full text of a LicenseAddition." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/runtime", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A relationship has specific context implications during the execution phase of an element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "runtime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/chat", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the instant messaging system used by the maintainer for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "chat" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsDilithium", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://pq-crystals.org/dilithium/index.shtml" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "crystalsDilithium" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/file", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "file" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/PresenceType/yes", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/PresenceType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Indicates presence of the field." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "yes" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/kev", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/ExploitCatalogType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "CISA's Known Exploited Vulnerability (KEV) Catalog" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "kev" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/operatingSystem", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is an operating system" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "operatingSystem" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/homePage", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A place for the SPDX document creator to record a website that serves as the package's home page." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/catalogType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the exploit catalog type." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAssociatedVulnerability", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) Used to associate a `from` Artifact with each `to` Vulnerability" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasAssociatedVulnerability" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDistributionArtifact", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is distributed as an artifact in each Element `to`, (e.g. an RPM or archive file)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDistributionArtifact" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A key with an associated value." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N990081d59bfb4c0fa1a42d929716598e" - }, - { - "@id": "_:Nd2b279dcc246498fac413db7512ac8c2" - } - ] - }, - { - "@id": "_:N990081d59bfb4c0fa1a42d929716598e", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/key" - } - ] - }, - { - "@id": "_:Nd2b279dcc246498fac413db7512ac8c2", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/value" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityPenTestReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityPenTestReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/packageVersion", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identify the version of a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/contains", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element contains each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "contains" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/amber", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "amber" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/statusNotes", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Conveys information about how VEX status was determined." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SoftwareAgent", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A software agent." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Agent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/sbomType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the type of an SBOM." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasMetadata", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasMetadata" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/doesNotAffect", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security/VEX) The `from` Vulnerability has no impact on each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "doesNotAffect" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Person", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An individual human being." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Agent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/npm", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to an npm package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "npm" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/timeseries", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "timeseries" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/issuingAuthority", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An entity that is authorized to issue identification credentials." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/externalIdentifier", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifier" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A string in the license expression format." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specified the time and date when a vulnerability was withdrawn." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/video", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is video based, such as a collection of movie clips featuring Tom Hanks." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "video" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/altDownloadLocation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to an alternative download location." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "altDownloadLocation" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/application", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a software application" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "application" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the primary purpose of an Element." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/test", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A relationship has specific context implications during an element's testing phase, during development." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "test" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the type of an annotation." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/timestamp", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "timestamp" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/modelExplainability", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes methods that can be used to explain the model." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityFix", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the patch or source code that fixes a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityFix" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/DisjunctiveLicenseSet", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere only any one of the elements applies." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nf87b0294df8a4dc3b3e2ccf68b34a6aa" - } - ] - }, - { - "@id": "_:Nf87b0294df8a4dc3b3e2ccf68b34a6aa", - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 2 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/filesystemImage", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a file system image that can be written to a disk (or virtual) partition" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "filesystemImage" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/socialMedia", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a social media channel for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "socialMedia" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/File", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Refers to any object that stores content on a computer." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N6bbfee4c9cde450292243e208d60bd7a" - }, - { - "@id": "_:N2a046462db954bdeb439fda29ad26226" - } - ] - }, - { - "@id": "_:N6bbfee4c9cde450292243e208d60bd7a", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/contentType" - } - ] - }, - { - "@id": "_:N2a046462db954bdeb439fda29ad26226", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/isDirectory" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Abstract class representing a license combination consisting of one or more\nlicenses (optionally including additional text), which may be combined\naccording to the SPDX license expression syntax." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/security", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the Security profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "security" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "any hashing algorithm that does not exist in this list of entries" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/name", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the name of an Element as designated by the creator." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasRequirement", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasRequirement" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/ExploitCatalogType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Other exploit catalogs" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the time when a vulnerability was published." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/createdBy", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies who or what created the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Agent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/categorical", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data that is classified into a discrete number of categories, such as the eye color of a population of people." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "categorical" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/crystalsKyber", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://pq-crystals.org/kyber/index.shtml" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "crystalsKyber" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdversaryModel", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the security adversary model for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityAdversaryModel" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeNotPresent", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The product is not affected because the code underlying the vulnerability is not present in the product." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "vulnerableCodeNotPresent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/design", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "design" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopedRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provide context for a relationship that occurs in the software lifecycle." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Relationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N5507f7a4e87148b7b679ae2bf02fe75d" - } - ] - }, - { - "@id": "_:N5507f7a4e87148b7b679ae2bf02fe75d", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/scope" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/byteRange", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Defines the byte range in the original host file that the snippet information applies to." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/prefix", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A substitute for a URI." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/registration", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "registration" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDeclaredLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Software Artifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDeclaredLicense" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasInputs", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Build has each `to` Elements as an input during a LifecycleScopeType period." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasInputs" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasProvidedDependency", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element has a dependency on each `to` Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasProvidedDependency" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/knownBias", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records the biases that the dataset is known to encompass." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Indicates the type of support that is associated with an artifact." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/query", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "query" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/SsvcVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an SSVC assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N81749d97876d424fb7d5b32579acbb3c" - } - ] - }, - { - "@id": "_:N81749d97876d424fb7d5b32579acbb3c", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/decisionType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes the type of the given dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/funding", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to funding information related to a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "funding" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/affects", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security/VEX) The `from` vulnerability affect each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "affects" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b256", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "blake2b algorithm with a digest size of 256 https://datatracker.ietf.org/doc/html/rfc7693#section-4" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "blake2b256" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Organization", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A group of people who work together in an organized way for a shared purpose." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Agent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/buildType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityPolicy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to instructions for reporting newly discovered security vulnerabilities for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityPolicy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/member", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A license expression participating in a license set." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectLicense", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A License participating in an 'or later' model." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/data", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element is data" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "data" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/VexJustificationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "vulnerableCodeCannotBeControlledByAdversary" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/endIntegerRange", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Defines the end of a range." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/gitoid", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexUnderInvestigationVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Designates elements as products where the impact of a vulnerability is being\ninvestigated." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/purchaseOrder", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a purchase order for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "purchaseOrder" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityDisclosureReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161](https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "vulnerabilityDisclosureReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Hash", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A mathematically calculated representation of a grouping of data." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N516ec1714a92441abfb7fba718f8f761" - }, - { - "@id": "_:N9cf4feed77a8472f9cf0f837845270f4" - } - ] - }, - { - "@id": "_:N516ec1714a92441abfb7fba718f8f761", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/algorithm" - } - ] - }, - { - "@id": "_:N9cf4feed77a8472f9cf0f837845270f4", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/hashValue" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRef", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a resource outside the scope of SPDX-3.0 content." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N946366c1dd39430e84414a6228dbb053" - }, - { - "@id": "_:N3ab76487cc5649d3941287e97dae6c3f" - }, - { - "@id": "_:N68dd7e8ead344189bff69f8bc0812127" - }, - { - "@id": "_:Nf5e1671a26ee4b57b37ea736c79edb27" - } - ] - }, - { - "@id": "_:N946366c1dd39430e84414a6228dbb053", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/externalRefType" - } - ] - }, - { - "@id": "_:N3ab76487cc5649d3941287e97dae6c3f", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/locator" - } - ] - }, - { - "@id": "_:N68dd7e8ead344189bff69f8bc0812127", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/contentType" - } - ] - }, - { - "@id": "_:Nf5e1671a26ee4b57b37ea736c79edb27", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/comment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/source", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "source" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/trackStar", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Track* in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "trackStar" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/lineRange", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Defines the line range in the original host file that the snippet information applies to." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/PositiveIntegerRange" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType/review", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/AnnotationType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Used when someone reviews the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "review" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/documentation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the documentation for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "documentation" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an independently reproducible mechanism that permits verification of a specific Element." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N2867026fddee41f7aee04604bad4c5ca" - } - ] - }, - { - "@id": "_:N2867026fddee41f7aee04604bad4c5ca", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/comment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/executable", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element is an Artifact that can be run on a computer" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "executable" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/dataLicense", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides the license under which the SPDX documentation of the Element can be used." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/specification", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a plan, guideline or strategy how to create, perform or analyse an application" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "specification" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/EpssVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an EPSS assessment for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Na19aa242708749d0ae7da65d8c00e3c9" - }, - { - "@id": "_:N2b5e3bf9758b43f6962c6866370fae7b" - }, - { - "@id": "_:N57a40b7b3da1448b894b922ed6042e5d" - } - ] - }, - { - "@id": "_:Na19aa242708749d0ae7da65d8c00e3c9", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/probability" - } - ] - }, - { - "@id": "_:N2b5e3bf9758b43f6962c6866370fae7b", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/percentile" - } - ] - }, - { - "@id": "_:N57a40b7b3da1448b894b922ed6042e5d", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/hyperparameter", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records a hyperparameter used to build the AI model contained in the AI package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/Package", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Refers to any unit of content that can be associated with a distribution of software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Na1a343297caa4d989bf61de00ee97d4f" - }, - { - "@id": "_:Nbffe26fafa7348889aa178a9ccab036f" - }, - { - "@id": "_:Nfcaa91df1ebe410cb2e88a008802c2cb" - }, - { - "@id": "_:N91af0cee8e5c454bac7d042ed6f068f6" - }, - { - "@id": "_:N4a083e5bccea4aa6bb0cdcd345e8c5af" - } - ] - }, - { - "@id": "_:Na1a343297caa4d989bf61de00ee97d4f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/packageVersion" - } - ] - }, - { - "@id": "_:Nbffe26fafa7348889aa178a9ccab036f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/downloadLocation" - } - ] - }, - { - "@id": "_:Nfcaa91df1ebe410cb2e88a008802c2cb", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/packageUrl" - } - ] - }, - { - "@id": "_:N91af0cee8e5c454bac7d042ed6f068f6", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/homePage" - } - ] - }, - { - "@id": "_:N4a083e5bccea4aa6bb0cdcd345e8c5af", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/sourceInfo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/ancestorOf", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is an ancestor of each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "ancestorOf" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_256", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "sha3 with a digest length of 256 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha3_256" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/informationAboutTraining", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes relevant information about different steps of the training process." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/contentType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the media type of an Element or Property." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/MediaType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/firmware", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element provides low level control over a device's hardware" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "firmware" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/mailingList", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the mailing list used by the maintainer for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "mailingList" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/safetyRiskAssessment", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Categorizes safety risk impact of AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAssessmentFor", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) Relates a `from` Vulnerability and each `to` Element(s) with a security assessment. To be used with `VulnAssessmentRelationship` types" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasAssessmentFor" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/packageUrl", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/design", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A relationship has specific context implications during an element's design." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "design" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexNotAffectedVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N019b3a1f8f7d43b2a1ad4ea683af13ae" - }, - { - "@id": "_:Nd36813d93d7c460cbbfff8b731665b22" - }, - { - "@id": "_:Ne5bedb0c9e53414dbaa218bb712fa7ad" - } - ] - }, - { - "@id": "_:N019b3a1f8f7d43b2a1ad4ea683af13ae", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/justificationType" - } - ] - }, - { - "@id": "_:Nd36813d93d7c460cbbfff8b731665b22", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/impactStatement" - } - ] - }, - { - "@id": "_:Ne5bedb0c9e53414dbaa218bb712fa7ad", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/impactStatementTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Abstract ancestor class for all vulnerability assessments" - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Relationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N20ecbe01adba4a7690add1ef8d9f7c56" - }, - { - "@id": "_:Nac954acdb3054956a3910ca8ffa2d127" - }, - { - "@id": "_:N7274851c5c9a4d77803f1afc75f4b68f" - }, - { - "@id": "_:N97a004c4825742d98ea2307c4a9a0440" - }, - { - "@id": "_:Nee501485e82c4f94a9b9f32a1e52c388" - } - ] - }, - { - "@id": "_:N20ecbe01adba4a7690add1ef8d9f7c56", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/assessedElement" - } - ] - }, - { - "@id": "_:Nac954acdb3054956a3910ca8ffa2d127", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime" - } - ] - }, - { - "@id": "_:N7274851c5c9a4d77803f1afc75f4b68f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/suppliedBy" - } - ] - }, - { - "@id": "_:N97a004c4825742d98ea2307c4a9a0440", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/modifiedTime" - } - ] - }, - { - "@id": "_:Nee501485e82c4f94a9b9f32a1e52c388", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Relationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes a relationship between one or more elements." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N0d51535fbe56474b82b26c81f19ff620" - }, - { - "@id": "_:N05d221eb39ba49aa9c6dbbb2e7dc97ce" - }, - { - "@id": "_:N191ff65d3bb94539a0caf79cb7b80f58" - }, - { - "@id": "_:N84d4d1ab73984695b1f3b382a3395d5f" - }, - { - "@id": "_:N63de3945d9bd4cb2a1af0c7c82f3b853" - }, - { - "@id": "_:N405bfeaace5248f0b3100565ecfc1348" - } - ] - }, - { - "@id": "_:N0d51535fbe56474b82b26c81f19ff620", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/from" - } - ] - }, - { - "@id": "_:N05d221eb39ba49aa9c6dbbb2e7dc97ce", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/to" - } - ] - }, - { - "@id": "_:N191ff65d3bb94539a0caf79cb7b80f58", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/relationshipType" - } - ] - }, - { - "@id": "_:N84d4d1ab73984695b1f3b382a3395d5f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/completeness" - } - ] - }, - { - "@id": "_:N63de3945d9bd4cb2a1af0c7c82f3b853", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/startTime" - } - ] - }, - { - "@id": "_:N405bfeaace5248f0b3100565ecfc1348", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/endTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Information about the relationship between two Elements." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/graph", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "graph" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType/audio", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "data is audio based, such as a collection of music from the 80s." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "audio" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/diskImage", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "diskImage" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md4", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc1186" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "md4" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType/track", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/SsvcDecisionType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "track" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/configSourceUri", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property that describes the URI of the build configuration source file." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/typeOfModel", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records the type of the model used in the AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe23", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "cpe23" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_384", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "sha3 with a digest length of 384 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha3_384" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasHost", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. The host that the build runs on)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasHost" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/vexVersion", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the version of the VEX document." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/simpleLicensing", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the simple Licensing profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "simpleLicensing" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/statement", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Commentary on an assertion that an annotator has made." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/locator", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides the location of an external reference." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an IntegrityMethod with which the integrity of an Element can be asserted." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/IntegrityMethod" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A distinct article or unit related to Software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Artifact" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Ncabe0ec0cd1d46e1baea1aeec4988e92" - }, - { - "@id": "_:Nf029167312c34dbc96cf1ea2e726523f" - }, - { - "@id": "_:N15e141e6998d411c9e2bb4aa51265362" - }, - { - "@id": "_:Nc720eced74ec4c9b92cfe5572689c168" - }, - { - "@id": "_:N83d60709fbf44c2686109d44693b9292" - } - ] - }, - { - "@id": "_:Ncabe0ec0cd1d46e1baea1aeec4988e92", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 2 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/gitoid" - } - ] - }, - { - "@id": "_:Nf029167312c34dbc96cf1ea2e726523f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose" - } - ] - }, - { - "@id": "_:N15e141e6998d411c9e2bb4aa51265362", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/additionalPurpose" - } - ] - }, - { - "@id": "_:Nc720eced74ec4c9b92cfe5572689c168", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/copyrightText" - } - ] - }, - { - "@id": "_:N83d60709fbf44c2686109d44693b9292", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/attributionText" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/downloadLocation", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the download Uniform Resource Identifier for the package at the time that the document was created." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Tool", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An element of hardware and/or software utilized to carry out a particular function." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The field describes the availability of a dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDocumentation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element is documented by each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDocumentation" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Used when the type doesn't match any of the other options." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/development", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the artifact is in active development and is not considered ready for formal support from the supplier." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "development" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/Snippet", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes a certain part of a file." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwareArtifact" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N7f3c853844cf42b1bf25205c776eb858" - }, - { - "@id": "_:N427073e6cce14d7c9ec022005a79e48d" - }, - { - "@id": "_:Nb9b02a97b93b44d980ba644a140ff854" - } - ] - }, - { - "@id": "_:N7f3c853844cf42b1bf25205c776eb858", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/byteRange" - } - ] - }, - { - "@id": "_:N427073e6cce14d7c9ec022005a79e48d", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/lineRange" - } - ] - }, - { - "@id": "_:Nb9b02a97b93b44d980ba644a140ff854", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/snippetFromFile" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/buildEndTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property that describes the time at which a build stops." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType/development", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/LifecycleScopeType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A relationship has specific context implications during development phase of an element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "development" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/dynamicAnalysisReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a dynamic analysis report for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "dynamicAnalysisReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/evidence", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is the evidence that a specification or requirement has been fulfilled" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "evidence" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/green", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Dataset can be shared within a community of peers and partners." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "green" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/annotationType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes the type of annotation." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/AnnotationType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/buildMeta", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference build metadata related to a published package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "buildMeta" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/fixedIn", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security/VEX) A `from` Vulnerability has been fixed in each of the `to` Element(s)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "fixedIn" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasOptionalComponent", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent` `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasOptionalComponent" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/nuget", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a nuget package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "nuget" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/releaseHistory", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a published list of releases for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "releaseHistory" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Bom", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Bundle" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/primaryPurpose", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the primary purpose of the software artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/platform", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element represents a runtime environment" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "platform" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/riskAssessment", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a risk assessment for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "riskAssessment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/environment", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property describing the session in which a build is invoked." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/identifierLocator", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides the location for more information regarding an external identifier." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetSize", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Captures the size of the dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/creationInfo", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the creation of the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/CreationInfo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Agent", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Agent represents anything with the potential to act on a system." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDataFile", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element treats each `to` Element as a data file" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDataFile" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexFixedVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/exploitCreatedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) The `from` Vulnerability has had an exploit created against it by each `to` Agent" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "exploitCreatedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/none", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "When a CVSS score is 0" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "none" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/subjectExtendableLicense", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A License participating in a 'with addition' model." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityThreatModel", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityThreatModel" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/context", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasExample", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasExample" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/test", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The Element is a test used to verify functionality on an software element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "test" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/buildStartTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property describing the start time of a build." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasStaticLink", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasStaticLink" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake3", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "blake3" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/packageUrl", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://github.com/package-url/purl-spec" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "packageUrl" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/element", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Refers to one or more Elements that are part of an ElementCollection." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/eolNotice", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "eolNotice" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/patch", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element contains a set of changes to update, fix, or improve another Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "patch" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/ExploitCatalogVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an exploit assessment of a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N68edfa00575e4119bfac5231dbdffac2" - }, - { - "@id": "_:N723fbc7a31aa422785c6388e2df047e3" - }, - { - "@id": "_:N198932ca8ba9447c8421590aaf37a043" - } - ] - }, - { - "@id": "_:N68edfa00575e4119bfac5231dbdffac2", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/catalogType" - } - ] - }, - { - "@id": "_:N723fbc7a31aa422785c6388e2df047e3", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/exploited" - } - ] - }, - { - "@id": "_:N198932ca8ba9447c8421590aaf37a043", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/locator" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/trainedOn", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(AI, Dataset) The `from` Element has been trained by the `to` Element(s)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "trainedOn" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/install", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is used to install software on disk" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "install" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/releaseTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the time an artifact was released." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasAddedFile", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is is a file added to the `from` Element (`from` hasAddedFile `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasAddedFile" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType/directDownload", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the dataset is publicly available and can be downloaded directly." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "directDownload" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasDeletedFile", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasDeletedFile" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/dataset", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the Dataset profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "dataset" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/publishedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "publishedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/SsvcDecisionType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the SSVC decision type." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SbomType/runtime", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SbomType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an “Instrumented” or “Dynamic” SBOM." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "runtime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/CvssSeverityType/critical", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Security/CvssSeverityType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "When a CVSS score is between 9.0 - 10.0" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "critical" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasEvidence", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Dataset) Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasEvidence" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedAdditionId", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies whether an additional text identifier has been marked as deprecated." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_224", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "sha3 with a digest length of 224 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha3_224" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "vulnerabilityExploitabilityAssessment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/NamespaceMap", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A mapping between prefixes and namespace partial URIs." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Na954d20738584e61a102bf2ea7371082" - }, - { - "@id": "_:Nde9e9deafdca41b2a4b2850c494cc04b" - } - ] - }, - { - "@id": "_:Na954d20738584e61a102bf2ea7371082", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/prefix" - } - ] - }, - { - "@id": "_:Nde9e9deafdca41b2a4b2850c494cc04b", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/namespace" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/cpe22", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://cpe.mitre.org/files/cpe-specification_2.2.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "cpe22" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/extension", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the Extension profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "extension" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/from", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "References the Element on the left-hand side of a relationship." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalMap", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A map of Element identifiers that are used within a Document but defined external to that Document." - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nea4f9256a8d04d8da5e521a41046af01" - }, - { - "@id": "_:N274f9c25c0554b978411726f2e6026ae" - }, - { - "@id": "_:N41662b4dfe494ee5898cb68ee9108f9d" - }, - { - "@id": "_:Na1c759b22a294d8c9ebb1d7623c74d34" - } - ] - }, - { - "@id": "_:Nea4f9256a8d04d8da5e521a41046af01", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/externalSpdxId" - } - ] - }, - { - "@id": "_:N274f9c25c0554b978411726f2e6026ae", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/verifiedUsing" - } - ] - }, - { - "@id": "_:N41662b4dfe494ee5898cb68ee9108f9d", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/locationHint" - } - ] - }, - { - "@id": "_:Na1c759b22a294d8c9ebb1d7623c74d34", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/definingArtifact" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/deprecatedVersion", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/assessedElement", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies an element contained in a piece of software where a vulnerability was\nfound." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/standardName", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The name of a relevant standard that may apply to an artifact." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Enumeration of the valid profiles." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/invokedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element was invoked by the `to` Agent during a LifecycleScopeType period (for example, a Build element that describes a build step)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "invokedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/summary", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A short description of an Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/Dataset", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the fields in the Dataset profile." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Software/Package" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nb3ebec013faa418d962aac516ac769a5" - }, - { - "@id": "_:Naba01f69581948368e4f1aef56ac8a73" - }, - { - "@id": "_:N335f0b90407e48569deabd6bde531854" - }, - { - "@id": "_:N8b039ebfe3334fa4abb9b8a284479a62" - }, - { - "@id": "_:Nce91f1b1ac19471cb220ca98d14f4d91" - }, - { - "@id": "_:N18868e97d59d4ce0b315ff4ebd2f348b" - }, - { - "@id": "_:N81ca69493d7745eda98d7a77052f8d6b" - }, - { - "@id": "_:N486f5b62945d4a088c949d534ef25121" - }, - { - "@id": "_:Nde8829dc37624a1bb575a7aaf476206f" - }, - { - "@id": "_:N8105f0dc499643938723370ddd8039b7" - }, - { - "@id": "_:N3d6e400ee17747d6a7c4d006b77cd2c6" - }, - { - "@id": "_:N179c3a204d764b7aa0c2a310c234d8e1" - }, - { - "@id": "_:Ne6330b148f3943d8b18e9a80e002c437" - } - ] - }, - { - "@id": "_:Nb3ebec013faa418d962aac516ac769a5", - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetType" - } - ] - }, - { - "@id": "_:Naba01f69581948368e4f1aef56ac8a73", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/dataCollectionProcess" - } - ] - }, - { - "@id": "_:N335f0b90407e48569deabd6bde531854", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/intendedUse" - } - ] - }, - { - "@id": "_:N8b039ebfe3334fa4abb9b8a284479a62", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetSize" - } - ] - }, - { - "@id": "_:Nce91f1b1ac19471cb220ca98d14f4d91", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetNoise" - } - ] - }, - { - "@id": "_:N18868e97d59d4ce0b315ff4ebd2f348b", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/dataPreprocessing" - } - ] - }, - { - "@id": "_:N81ca69493d7745eda98d7a77052f8d6b", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/sensor" - } - ] - }, - { - "@id": "_:N486f5b62945d4a088c949d534ef25121", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/knownBias" - } - ] - }, - { - "@id": "_:Nde8829dc37624a1bb575a7aaf476206f", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/sensitivePersonalInformation" - } - ] - }, - { - "@id": "_:N8105f0dc499643938723370ddd8039b7", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed" - } - ] - }, - { - "@id": "_:N3d6e400ee17747d6a7c4d006b77cd2c6", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/confidentialityLevel" - } - ] - }, - { - "@id": "_:N179c3a204d764b7aa0c2a310c234d8e1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetUpdateMechanism" - } - ] - }, - { - "@id": "_:Ne6330b148f3943d8b18e9a80e002c437", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetAvailability" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/noAssertion", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "no assertion about the type of support is made. This is considered the default if no other support type is used." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "noAssertion" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/incomplete", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The relationship is known not to be exhaustive." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "incomplete" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityAdvisory", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a published security advisory (where advisory as defined per ISO 29147:2018) that may affect one or more elements, e.g., vendor advisories or specific NVD entries." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityAdvisory" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/Sbom", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A collection of SPDX Elements describing a single package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Bom" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nb61f430f2ce547f88f82bd0f8a70093e" - } - ] - }, - { - "@id": "_:Nb61f430f2ce547f88f82bd0f8a70093e", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Software/sbomType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetAvailabilityType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Availability of dataset" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/metric", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records the measurement of prediction quality of the AI model." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha256", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "secure hashing algorithm with a digest length of 256 https://www.rfc-editor.org/rfc/rfc4634" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha256" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/score", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a numerical (0-10) representation of the severity of a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/modifiedTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies a time when a vulnerability assessment was modified" - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/other", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "other" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the full text of a License or Addition." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ElementCollection", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A collection of Elements, not necessarily with unifying context." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N3686f0b107cf449bb51f09f05bedd67f" - }, - { - "@id": "_:Nd617e0584cf94706abb44a7fa24e57b6" - }, - { - "@id": "_:N3584a1ee79ab419fba34ccd122b2e3a6" - } - ] - }, - { - "@id": "_:N3686f0b107cf449bb51f09f05bedd67f", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/element" - } - ] - }, - { - "@id": "_:Nd617e0584cf94706abb44a7fa24e57b6", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/rootElement" - } - ] - }, - { - "@id": "_:N3584a1ee79ab419fba34ccd122b2e3a6", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/profileConformance" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha3_512", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "sha3 with a digest length of 512 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha3_512" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/dependsOn", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element depends on each `to` Element during a LifecycleScopeType period." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "dependsOn" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/SupportType/support", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/SupportType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "support" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/usesTool", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element uses each `to` Element as a tool during a LifecycleScopeType period." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "usesTool" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/expandsTo", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` archive expands out as an artifact described by each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "expandsTo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/qualityAssessmentReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a quality assessment for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "qualityAssessmentReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swid", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-21.html#section-2.3" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "swid" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/expandedLicensing", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the expanded Licensing profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "expandedLicensing" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/DatasetType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Enumeration of dataset types." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/exploited", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/blake2b384", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "blake2b algorithm with a digest size of 384 https://datatracker.ietf.org/doc/html/rfc7693#section-4" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "blake2b384" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/exportControlAssessment", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a export control assessment for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "exportControlAssessment" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/LicenseExpression", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An SPDX Element containing an SPDX license expression string." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N7da586f2b18b48baa89694e762b5acfc" - }, - { - "@id": "_:Nab5427b1573b465aa214b4d6a09e7fc9" - }, - { - "@id": "_:N5e5bccbddc744dc2a205673a82b6f7e7" - } - ] - }, - { - "@id": "_:N7da586f2b18b48baa89694e762b5acfc", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseExpression" - } - ] - }, - { - "@id": "_:Nab5427b1573b465aa214b4d6a09e7fc9", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseListVersion" - } - ] - }, - { - "@id": "_:N5e5bccbddc744dc2a205673a82b6f7e7", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/customIdToUri" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/staticAnalysisReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a static analysis report for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "staticAnalysisReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/contentType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides information about the content type of an Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/MediaType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexAffectedVulnAssessmentRelationship", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VexVulnAssessmentRelationship" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nf8d2ee3a89494324a0c762e2a6e4f8c8" - }, - { - "@id": "_:N52386f5989c94a42b3a60d496d682c35" - } - ] - }, - { - "@id": "_:Nf8d2ee3a89494324a0c762e2a6e4f8c8", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/actionStatement" - } - ] - }, - { - "@id": "_:N52386f5989c94a42b3a60d496d682c35", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/actionStatementTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Extension/Extension", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/comment", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provide consumers with comments by the creator of the Element about the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies whether the License is listed as approved by the\n[Open Source Initiative (OSI)](https://opensource.org)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/vectorString", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the CVSS vector string for a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/certificationReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a certification report for a package from an accredited/independent body." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "certificationReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasTest", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasTest" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/foundBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(Security) Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "foundBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/swhid", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "swhid" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies the VEX justification type." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/profileConformance", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes one a profile which the creator of this ElementCollection intends to conform to." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType/clear", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Dataset may be distributed freely, without restriction." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "clear" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/bower", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a bower package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "bower" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalIdentifierType/email", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://datatracker.ietf.org/doc/html/rfc3696#section-3" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "email" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/limitation", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Captures a limitation of the AI software." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Abstract class representing a License or an OrLaterOperator." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/AnyLicenseInfo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/beginIntegerRange", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Defines the beginning of a range." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/datasetNoise", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes potentially noisy elements of the dataset." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/License", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Abstract class for the portion of an AnyLicenseInfo representing a license." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/ExtendableLicense" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N8353a660ff4948e6b592147ab8188f34" - }, - { - "@id": "_:N79417aba9cc340d498584748cd0d92ff" - }, - { - "@id": "_:Ncdf5c30ebcdb40558f8558fe6e6c11e7" - }, - { - "@id": "_:N2ecf8b40622a4b8bbfa5d3615a53d8e5" - }, - { - "@id": "_:N66ce5965b9ab4d1195561485951fc9d7" - }, - { - "@id": "_:Ne4927c745de548bfa70b9a18fe10a083" - }, - { - "@id": "_:N01ddeabd8c9e48b49c1037cd0c51a382" - }, - { - "@id": "_:N8a058b49966b4a81b80e9c599306f5cd" - }, - { - "@id": "_:N37c5589c90b740bc8061238702954aa0" - } - ] - }, - { - "@id": "_:N8353a660ff4948e6b592147ab8188f34", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#minCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/SimpleLicensing/licenseText" - } - ] - }, - { - "@id": "_:N79417aba9cc340d498584748cd0d92ff", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isOsiApproved" - } - ] - }, - { - "@id": "_:Ncdf5c30ebcdb40558f8558fe6e6c11e7", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isFsfLibre" - } - ] - }, - { - "@id": "_:N2ecf8b40622a4b8bbfa5d3615a53d8e5", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseHeader" - } - ] - }, - { - "@id": "_:N66ce5965b9ab4d1195561485951fc9d7", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate" - } - ] - }, - { - "@id": "_:Ne4927c745de548bfa70b9a18fe10a083", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId" - } - ] - }, - { - "@id": "_:N01ddeabd8c9e48b49c1037cd0c51a382", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/obsoletedBy" - } - ] - }, - { - "@id": "_:N8a058b49966b4a81b80e9c599306f5cd", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml" - } - ] - }, - { - "@id": "_:N37c5589c90b740bc8061238702954aa0", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/seeAlso" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/actionStatementTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Records the time when a recommended action was communicated in a VEX statement \nto mitigate a vulnerability." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/secureSoftwareAttestation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF)](https://csrc.nist.gov/publications/detail/sp/800-218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf)." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "secureSoftwareAttestation" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/ConfidentialityLevelType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Categories of confidentiality level." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasPrerequsite", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element has a prerequsite on each `to` Element, during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasPrerequsite" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/describes", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "describes" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/validUntilTime", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies until when the artifact can be used before its usage needs to be reassessed." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DateTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/documentation", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element is documentation" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "documentation" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/spdxId", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies an Element to be referenced by other Elements." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Artifact", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A distinct article or unit within the digital domain." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:N3b8cc710a8434c9e8adc50df7e9726f6" - }, - { - "@id": "_:N5b2ac460289243c98eba6676cf237061" - }, - { - "@id": "_:N68f515641b5f4004a3d9f27c732502c1" - }, - { - "@id": "_:Nf97a2056005c47a1b4f0d59ba668cdf6" - }, - { - "@id": "_:N31cd0fd5fa4f4162a726f3edb44b356e" - }, - { - "@id": "_:Nd8aff92c6c2f4b34955fdc6b7511b5a2" - }, - { - "@id": "_:N7a44f228ba984530a05e4b99db63ff7d" - } - ] - }, - { - "@id": "_:N3b8cc710a8434c9e8adc50df7e9726f6", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/originatedBy" - } - ] - }, - { - "@id": "_:N5b2ac460289243c98eba6676cf237061", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/suppliedBy" - } - ] - }, - { - "@id": "_:N68f515641b5f4004a3d9f27c732502c1", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/builtTime" - } - ] - }, - { - "@id": "_:Nf97a2056005c47a1b4f0d59ba668cdf6", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/releaseTime" - } - ] - }, - { - "@id": "_:N31cd0fd5fa4f4162a726f3edb44b356e", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/validUntilTime" - } - ] - }, - { - "@id": "_:Nd8aff92c6c2f4b34955fdc6b7511b5a2", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/standardName" - } - ] - }, - { - "@id": "_:N7a44f228ba984530a05e4b99db63ff7d", - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/supportLevel" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/issueTracker", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to the issue tracker for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "issueTracker" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/archive", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is an archived collection of one or more files (.tar, .zip, etc)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "archive" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/externalRef", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRef" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/manifest", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a software manifest" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "manifest" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md6", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "md6" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/NoneLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "An Individual Value for License where the SPDX data creator determines that no license is present." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/IndividualLicensingInfo" - } - ], - "http://www.w3.org/2002/07/owl#sameAs": [ - { - "@id": "https://rdf.spdx.org/v3/Licensing/None" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/Vulnerability", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies a vulnerability and its associated information." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Artifact" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Naebffd32e3934fe69bfc6812d39965e5" - }, - { - "@id": "_:Naa7bd709cc71466bb3b62cac556b8d67" - }, - { - "@id": "_:N7dda24cd7f5f4503b6b4f93fc7ab97c9" - } - ] - }, - { - "@id": "_:Naebffd32e3934fe69bfc6812d39965e5", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/publishedTime" - } - ] - }, - { - "@id": "_:Naa7bd709cc71466bb3b62cac556b8d67", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/modifiedTime" - } - ] - }, - { - "@id": "_:N7dda24cd7f5f4503b6b4f93fc7ab97c9", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Security/withdrawnTime" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/justificationType", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Security/VexJustificationType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasSpecification", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasSpecification" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/sha512", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "secure hashing algorithm with a digest length of 512 https://www.rfc-editor.org/rfc/rfc4634" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "sha512" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipCompleteness/noAssertion", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipCompleteness" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "No assertion can be made about the completeness of the relationship." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "noAssertion" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/AI/SafetyRiskAssessmentType", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Categories of safety risk impact of the application." - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/value", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A value used in a generic key-value pair." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/isDirectory", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "If true, denotes the Element is a directory." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/namespace", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides an unambiguous mechanism for conveying a URI fragment portion of an ElementID." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#anyURI" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/delegatedTo", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "delegatedTo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/HashAlgorithm/md2", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/HashAlgorithm" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "https://datatracker.ietf.org/doc/rfc1319/" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "md2" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/packageVerificationCodeExcludedFile", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The relative file name of a file to be excluded from the `PackageVerificationCode`." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Build/parameters", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Property describing the parameters used in an instance of a build." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/createdUsing", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the tooling that was used during the creation of the Element." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Tool" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/anonymizationMethodUsed", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes the anonymization methods used." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/patchedBy", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "patchedBy" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/to", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "References an Element on the right-hand side of a relationship." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/Element" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Dataset/sensor", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Describes a sensor used for collecting the data." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/DictionaryEntry" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/standardLicenseTemplate", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies the full text of a License, in SPDX templating format." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/runtimeAnalysisReport", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to a runtime analysis report for a package." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "runtimeAnalysisReport" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ExternalRefType/securityOther", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ExternalRefType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A reference to related security information of unspecified type." - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "securityOther" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/scope", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Capture the scope of information about a specific relationship between elements." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/LifecycleScopeType" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/build", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the Build profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "build" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/namespaceMap", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#ObjectProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "https://rdf.spdx.org/v3/Core/NamespaceMap" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/attributionText", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/copiedTo", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Element has been copied to each `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "copiedTo" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/Bundle", - "@type": [ - "http://www.w3.org/2000/01/rdf-schema#Class", - "http://www.w3.org/2002/07/owl#Class", - "http://www.w3.org/ns/shacl#NodeShape" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "A collection of Elements that have a shared context." - } - ], - "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ - { - "@id": "https://rdf.spdx.org/v3/Core/ElementCollection" - } - ], - "http://www.w3.org/ns/shacl#property": [ - { - "@id": "_:Nd4f426ad47a141e19b8387e913028a87" - } - ] - }, - { - "@id": "_:Nd4f426ad47a141e19b8387e913028a87", - "http://www.w3.org/ns/shacl#maxCount": [ - { - "@value": 1 - } - ], - "http://www.w3.org/ns/shacl#path": [ - { - "@id": "https://rdf.spdx.org/v3/Core/context" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Security/percentile", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The percentile of the current probability score." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#decimal" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/configuration", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Element is configuration data" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "configuration" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/serializedInArtifact", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` SPDXDocument can be found in a serialized form in each `to` Artifact" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "serializedInArtifact" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/testedOn", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "(AI, Dataset) The `from` Element has been tested on the `to` Element" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "testedOn" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/ProfileIdentifierType/usage", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/ProfileIdentifierType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the element follows the Usage profile specification" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "usage" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/isDeprecatedLicenseId", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Specifies whether a license or additional text identifier has been marked as\ndeprecated." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#boolean" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Core/RelationshipType/hasConcludedLicense", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Core/RelationshipType" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "The `from` Software Artifact is concluded by the SPDX data creator to be governed by each `to` license" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "hasConcludedLicense" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/ExpandedLicensing/licenseXml", - "@type": [ - "http://www.w3.org/1999/02/22-rdf-syntax-ns#Property", - "http://www.w3.org/2002/07/owl#DatatypeProperty" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "Identifies all the text and metadata associated with a license in the license XML format." - } - ], - "http://www.w3.org/2000/01/rdf-schema#range": [ - { - "@id": "http://www.w3.org/2001/XMLSchema#string" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/source", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a single or a collection of source files" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "source" - } - ] - }, - { - "@id": "https://rdf.spdx.org/v3/Software/SoftwarePurpose/container", - "@type": [ - "http://www.w3.org/2002/07/owl#NamedIndividual", - "https://rdf.spdx.org/v3/Software/SoftwarePurpose" - ], - "http://www.w3.org/2000/01/rdf-schema#comment": [ - { - "@language": "en", - "@value": "the Element is a container image which can be used by a container runtime application" - } - ], - "http://www.w3.org/2000/01/rdf-schema#label": [ - { - "@value": "container" - } - ] - } -] \ No newline at end of file diff --git a/ontology/ontology.rdf.pretty-xml b/ontology/ontology.rdf.pretty-xml deleted file mode 100644 index b21d6945f..000000000 --- a/ontology/ontology.rdf.pretty-xml +++ /dev/null @@ -1,3506 +0,0 @@ - - - - - - A license that is listed on the SPDX License List. - - - - - 1 - - - - - - 1 - - - - - - hasTestCase - Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`) - - - - - Provides an exploit assessment of a vulnerability. - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - vulnerabilityExploitabilityAssessment - A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf). - - - - none - When a CVSS score is 0 - - - - bom - Element is a bill of materials - - - - video - data is video based, such as a collection of movie clips featuring Tom Hanks. - - - - nuget - A reference to a nuget package. - - - - categorical - data that is classified into a discrete number of categories, such as the eye color of a population of people. - - - - other - Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element). - - - - - Provides information about the fields in the Dataset profile. - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - other - A relationship has other specific context information necessary to capture that the above set of enumerations does not handle. - - - - hasHost - The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. The host that the build runs on) - - - - endOfSupport - there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact. - - - - binaryArtifact - A reference to binary artifacts related to a package. - - - - packageUrl - https://github.com/package-url/purl-spec - - - - configures - The `from` Element is a configuration applied to each `to` Element during a LifecycleScopeType period - - - - low - Low/no risk is posed by the AI software. - - - - urlScheme - the scheme used in order to locate a resource https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml - - - - - Provides information about the fields in the AI package profile. - - - - - 1 - - - - - - - - - - - 1 - - - - - - - - - - - 1 - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - 1 - - - - - - hasProvidedDependency - The `from` Element has a dependency on each `to` Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period - - - - cve - An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification as defined by https://csrc.nist.gov/glossary/term/cve_id. - - - - mailingList - A reference to the mailing list used by the maintainer for a package. - - - - vulnerableCodeNotInExecutePath - The affected code is not reachable through the execution of the code, including non-anticipated states of the product. - - - - kev - CISA's Known Exploited Vulnerability (KEV) Catalog - - - - riskAssessment - A reference to a risk assessment for a package. - - - - - Describes a certain part of a file. - - - - - 1 - - - - - - 1 - - - - - - 1 - 1 - - - - - - - A license exception that is listed on the SPDX Exceptions list. - - - - - 1 - - - - - - 1 - - - - - - syntactic - data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing. - - - - hasDistributionArtifact - The `from` Element is distributed as an artifact in each Element `to`, (e.g. an RPM or archive file) - - - - hasAssessmentFor - (Security) Relates a `from` Vulnerability and each `to` Element(s) with a security assessment. To be used with `VulnAssessmentRelationship` types - - - - module - the Element is a module of a piece of software - - - - hasPrerequsite - The `from` Element has a prerequsite on each `to` Element, during a LifecycleScopeType period - - - - build - A relationship has specific context implications during an element's build phase, during development. - - - - modifiedBy - The `from` Element is modified by each `to` Element - - - - packagedBy - Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`) - - - - file - the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc) - - - - email - https://datatracker.ietf.org/doc/html/rfc3696#section-3 - - - - noSupport - there is no support for the artifact from the supplier, consumer assumes any support obligations. - - - - - An SPDX version 2.X compatible verification method for software packages. - - - - - 1 - 1 - - - - - - - - - - - vulnerableCodeCannotBeControlledByAdversary - The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack. - - - - testedOn - (AI, Dataset) The `from` Element has been tested on the `to` Element - - - - - Specifies a vulnerability and its associated information. - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - hasDeclaredLicense - The `from` Software Artifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling. - - - - securityThreatModel - A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package. - - - - - Provides a CVSS version 4 assessment for a vulnerability. - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - socialMedia - A reference to a social media channel for a package. - - - - security - the element follows the Security profile specification - - - - - Connects a vulnerability and an element designating the element as a product -affected by the vulnerability. - - - - - 1 - - - - - - - - - - - clickthrough - the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage. - - - - blake2b384 - blake2b algorithm with a digest size of 384 https://datatracker.ietf.org/doc/html/rfc7693#section-4 - - - - securityFix - A reference to the patch or source code that fixes a vulnerability. - - - - securityOther - Used when there is a security related identifier of unspecified type. - - - - deployed - SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment. - - - - support - A reference to the software support channel or other support information for a package. - - - - structured - data is stored in tabular format or retrieved from a relational database. - - - - evidence - the Element is the evidence that a specification or requirement has been fulfilled - - - - componentAnalysisReport - A reference to a Software Composition Analysis (SCA) report. - - - - staticAnalysisReport - A reference to a static analysis report for a package. - - - - securityAdversaryModel - A reference to the security adversary model for a package. - - - - sha3_384 - sha3 with a digest length of 384 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - ancestorOf - The `from` Element is an ancestor of each `to` Element - - - - A license addition that is not listed on the SPDX Exceptions List. - - - - - crystalsKyber - https://pq-crystals.org/kyber/index.shtml - - - - An individual human being. - - - - - sensor - data is recorded from a physical sensor, such as a thermometer reading or biometric device. - - - - hasVariant - Every `to` Element is a variant the `from` Element (`from` hasVariant `to`) - - - - firmware - the Element provides low level control over a device's hardware - - - - hasDataFile - The `from` Element treats each `to` Element as a data file - - - - simpleLicensing - the element follows the simple Licensing profile specification - - - - yes - Indicates presence of the field. - - - - other - any hashing algorithm that does not exist in this list of entries - - - - hasRequirement - The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period - - - - md6 - https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf - - - - hasAddedFile - Every `to` Element is is a file added to the `from` Element (`from` hasAddedFile `to`) - - - - hasStaticLink - The `from` Element statically links in each `to` Element, during a LifecycleScopeType period - - - - securityPolicy - A reference to instructions for reporting newly discovered security vulnerabilities for a package. - - - - issueTracker - A reference to the issue tracker for a package. - - - - license - A reference to additional license information related to an artifact. - - - - altDownloadLocation - A reference to an alternative download location. - - - - certificationReport - A reference to a certification report for a package from an accredited/independent body. - - - - sha3_512 - sha3 with a digest length of 512 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - directDownload - the dataset is publicly available and can be downloaded directly. - - - - - Class that describes a build instance of software/artifacts. - - - - - 1 - 1 - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - 1 - - - - - - - - - - - deviceDriver - Element represents software that controls hardware devices - - - - dataset - the element follows the Dataset profile specification - - - - - An assertion made in relation to one or more elements. - - - - - 1 - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - 1 - - - - - - build - the element follows the Build profile specification - - - - ai - the element follows the AI profile specification - - - - productMetadata - A reference to additional product metadata such as reference within organization's product catalog. - - - - - Provides an SSVC assessment for a vulnerability. - - - - - 1 - 1 - - - - - - - A collection of SPDX Elements describing a single package. - - - - - - - - - - core - the element follows the Core profile specification - - - - A group of people who work together in an organized way for a shared purpose. - - - - - chat - A reference to the instant messaging system used by the maintainer for a package. - - - - timeseries - data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day. - - - - requirement - the Element provides a requirement needed as input for another Element - - - - releaseHistory - A reference to a published list of releases for a package. - - - - - A collection of SPDX Elements that could potentially be serialized. - - - - - - - - - - - - - - - 1 - - - - - An Individual Value for License when no assertion can be made about its actual value. - - - - - - sha384 - secure hashing algorithm with a digest length of 384 https://www.rfc-editor.org/rfc/rfc4634 - - - - runtime - SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an “Instrumented” or “Dynamic” SBOM. - - - - noAssertion - No assertion can be made about the completeness of the relationship. - - - - manifest - the Element is a software manifest - - - - green - Dataset can be shared within a community of peers and partners. - - - - affects - (Security/VEX) The `from` vulnerability affect each `to` Element - - - - extension - the element follows the Extension profile specification - - - - limitedSupport - the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support. - - - - privacyAssessment - A reference to a privacy assessment for a package. - - - - container - the Element is a container image which can be used by a container runtime application - - - - install - the Element is used to install software on disk - - - - blake2b512 - blake2b algorithm with a digest size of 512 https://datatracker.ietf.org/doc/html/rfc7693#section-4 - - - - sha512 - secure hashing algorithm with a digest length of 512 https://www.rfc-editor.org/rfc/rfc4634 - - - - data - Element is data - - - - eolNotice - A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package. - - - - Links a vulnerability and elements representing products (in the VEX sense) where -a fix has been applied and are no longer affected. - - - - - source - the Element is a single or a collection of source files - - - - funding - A reference to funding information related to a package. - - - - inlineMitigationsAlreadyExist - Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability. - - - - - Portion of an AnyLicenseInfo representing a License which has additional -text applied to it. - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - medium - When a CVSS score is between 4 - 6.9 - - - - design - A relationship has specific context implications during an element's design. - - - - reportedBy - (Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent - - - - hasSpecification - Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period - - - - complete - The relationship is known to be exhaustive. - - - - swid - https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-21.html#section-2.3 - - - - runtimeAnalysisReport - A reference to a runtime analysis report for a package. - - - - act - The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible. - - - - hasOptionalDependency - The `from` Element optionally depends on each `to` Element during a LifecycleScopeType period - - - - configuration - Element is configuration data - - - - generates - The `from` Element generates each `to` Element - - - - serious - The highest level of risk posed by an AI software. - - - - vcs - A reference to a version control system related to a software artifact. - - - - trackStar - (Track* in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines. - - - - republishedBy - (Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s) - - - - trainedOn - (AI, Dataset) The `from` Element has been trained by the `to` Element(s) - - - - contains - The `from` Element contains each `to` Element - - - - platform - Element represents a runtime environment - - - - application - the Element is a software application - - - - blake2b256 - blake2b algorithm with a digest size of 256 https://datatracker.ietf.org/doc/html/rfc7693#section-4 - - - - - Links a vulnerability and one or more elements designating the latter as products -not affected by the vulnerability. - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - amendedBy - The `from` Element is amended by each `to` Element - - - - image - data is a collection of images such as pictures of animals. - - - - - Provides an EPSS assessment for a vulnerability. - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - build - SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs. - - - - - An SPDX Element containing an SPDX license expression string. - - - - - 1 - 1 - - - - - - 1 - - - - - - - - - - - hasTest - Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period - - - - usage - the element follows the Usage profile specification - - - - metrics - A reference to metrics related to package such as OpenSSF scorecards. - - - - serializedInArtifact - The `from` SPDXDocument can be found in a serialized form in each `to` Artifact - - - - graph - data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends. - - - - model - the Element is a machine learning or artificial intelligence model - - - - query - the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset. - - - - clear - Dataset may be distributed freely, without restriction. - - - - vulnerabilityDisclosureReport - A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161](https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final). - - - - analyzed - SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a “3rd party” SBOM. - - - - framework - the Element is a software framework - - - - fixedBy - (Security) Designates a `from` Vulnerability has been fixed by the `to` Agent(s) - - - - exploitCreatedBy - (Security) The `from` Vulnerability has had an exploit created against it by each `to` Agent - - - - hasDeletedFile - Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`) - - - - other - Used when the type doesn't match any of the other options. - - - - hasConcludedLicense - The `from` Software Artifact is concluded by the SPDX data creator to be governed by each `to` license - - - - hasInputs - The `from` Build has each `to` Elements as an input during a LifecycleScopeType period. - - - - no - Indicates absence of the field. - - - - swhid - SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. - - - - source - SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact. - - - - A license that is not listed on the SPDX License List. - - - - - securityPenTestReport - A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package. - - - - library - the Element is a software library - - - - doesNotAffect - (Security/VEX) The `from` Vulnerability has no impact on each `to` Element - - - - expandsTo - The `from` archive expands out as an artifact described by each `to` Element - - - - diskImage - the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc. - - - - noAssertion - data type is not known. - - - - componentNotPresent - The software is not affected because the vulnerable component is not in the product. - - - - amber - Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis. - - - - - Portion of an AnyLicenseInfo representing a set of licensing information -where all elements apply. - - - - - 2 - - - - - - high - The second-highest level of risk posed by an AI software. - - - - critical - When a CVSS score is between 9.0 - 10.0 - - - - foundBy - (Security) Designates a `from` Vulnerability was originally discovered by the `to` Agent(s) - - - - hasMetadata - Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`) - - - - high - When a CVSS score is between 7.0 - 8.9 - - - - other - the Element doesn't fit into any of the other categories - - - - hasExample - Every `to` Element is an example for the `from` Element (`from` hasExample `to`) - - - - test - A relationship has specific context implications during an element's testing phase, during development. - - - - scrapingScript - the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data. - - - - A software agent. - - - - - sha256 - secure hashing algorithm with a digest length of 256 https://www.rfc-editor.org/rfc/rfc4634 - - - - hasOutputs - The `from` Build element generates each `to` Element as an output during a LifecycleScopeType period. - - - An Individual Value for License where the SPDX data creator determines that no license is present. - - - - - - sourceArtifact - A reference to an artifact containing the sources for a package. - - - - npm - A reference to an npm package. - - - - other - Other exploit catalogs - - - - - Provides a CVSS version 3 assessment for a vulnerability. - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - securityAdvisory - A reference to a published security advisory (where advisory as defined per ISO 29147:2018) that may affect one or more elements, e.g., vendor advisories or specific NVD entries. - - - - invokedBy - The `from` Element was invoked by the `to` Agent during a LifecycleScopeType period (for example, a Build element that describes a build step) - - - - dependsOn - The `from` Element depends on each `to` Element during a LifecycleScopeType period. - - - - - Portion of an AnyLicenseInfo representing a set of licensing information -where only any one of the elements applies. - - - - - 2 - - - - - - hasAssociatedVulnerability - (Security) Used to associate a `from` Artifact with each `to` Vulnerability - - - - copiedTo - The `from` Element has been copied to each `to` Element - - - - blake3 - https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf - - - - hasDocumentation - The `from` Element is documented by each `to` Element - - - - development - A relationship has specific context implications during development phase of an element. - - - - medium - The third-highest level of risk posed by an AI software. - - - - sha3_256 - sha3 with a digest length of 256 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - audio - data is audio based, such as a collection of music from the 80s. - - - - availableFrom - The `from` Element is available from the additional supplier described by each `to` Element - - - - registration - the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms. - - - - delegatedTo - The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. the `to` invokedBy Relationship is being done on behalf of `from`) - - - - hasDynamicLink - The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period. - - - - usesTool - The `from` Element uses each `to` Element as a tool during a LifecycleScopeType period. - - - - red - Data points in the dataset are highly confidential and can only be shared with named recipients. - - - - bower - A reference to a bower package. - - - - hasEvidence - (Dataset) Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`) - - - - exportControlAssessment - A reference to a export control assessment for a package. - - - - development - the artifact is in active development and is not considered ready for formal support from the supplier. - - - - Designates elements as products where the impact of a vulnerability is being -investigated. - - - - - describes - The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used. - - - - buildMeta - A reference build metadata related to a published package. - - - - fixedIn - (Security/VEX) A `from` Vulnerability has been fixed in each of the `to` Element(s) - - - - low - When a CVSS score is between 0 - 3.9 - - - - track - The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines. - - - - sha1 - https://datatracker.ietf.org/doc/html/rfc3174 - - - - crystalsDilithium - https://pq-crystals.org/dilithium/index.shtml - - - - patch - Element contains a set of changes to update, fix, or improve another Element - - - - sha224 - secure hashing algorithm with a digest length of 224 https://datatracker.ietf.org/doc/html/draft-ietf-pkix-sha224-01 - - - - md4 - https://datatracker.ietf.org/doc/html/rfc1186 - - - - qualityAssessmentReport - A reference to a quality assessment for a package. - - - - vulnerableCodeNotPresent - The product is not affected because the code underlying the vulnerability is not present in the product. - - - - altWebPage - A reference to an alternative web page. - - - - coordinatedBy - (Security) The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent) - - - - buildSystem - A reference build system used to create or publish the package. - - - - - Provide context for a relationship that occurs in the software lifecycle. - - - - - 1 - - - - - - numeric - data consists only of numeric entries. - - - - publishedBy - (Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent - - - - filesystemImage - the Element is a file system image that can be written to a disk (or virtual) partition - - - - gitoid - https://www.iana.org/assignments/uri-schemes/prov/gitoid Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document); this ambiguity exists because the OmniBOR Document is itself an artifact, and the gitoid of that artifact is its valid identifier. Omnibor is a minimalistic schema to describe software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-dependency-graph-adg). Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's ContentIdentifier property. Gitoids calculated on the OmniBOR Document (OmniBOR Identifiers) should be recorded in the SPDX 3.0 Element's ExternalIdentifier property. - - - - documentation - A reference to the documentation for a package. - - - - md2 - https://datatracker.ietf.org/doc/rfc1319/ - - - - falcon - https://falcon-sign.info/falcon.pdf - - - - timestamp - data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends. - - - - operatingSystem - the Element is an operating system - - - - dynamicAnalysisReport - A reference to a dynamic analysis report for a package. - - - - mavenCentral - A reference to a maven repository artifact. - - - - hasOptionalComponent - Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent` `to`) - - - - noAssertion - no assertion about the type of support is made. This is considered the default if no other support type is used. - - - - design - SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact. - - - - descendantOf - The `from` Element is a descendant of each `to` Element - - - - runtime - A relationship has specific context implications during the execution phase of an element. - - - - documentation - Element is documentation - - - - support - the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support. - - - - other - data is of a type not included in this list. - - - - patchedBy - Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`) - - - - other - Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless) - - - - noAssertion - Makes no assertion about the field. - - - - secureSoftwareAttestation - A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF)](https://csrc.nist.gov/publications/detail/sp/800-218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf). - - - - cpe22 - https://cpe.mitre.org/files/cpe-specification_2.2.pdf - - - - purchaseOrder - A reference to a purchase order for a package. - - - - device - the Element refers to a chipset, processor, or electronic board - - - - test - The Element is a test used to verify functionality on an software element - - - - other - Used when the type doesn't match any of the other options. - - - - - - - expandedLicensing - the element follows the expanded Licensing profile specification - - - - cpe23 - https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf - - - - text - data consists of unstructured text, such as a book, wikipedia article (without images), or transcript. - - - - software - the element follows the Software profile specification - - - - md5 - https://datatracker.ietf.org/doc/html/rfc1321 - - - - - A license or addition that is not listed on the SPDX License List. - - - - - 1 - 1 - - - - - - archive - the Element is an archived collection of one or more files (.tar, .zip, etc) - - - - securityOther - A reference to related security information of unspecified type. - - - - sha3_224 - sha3 with a digest length of 224 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - - Provides a CVSS version 2.0 assessment for a vulnerability. - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - underInvestigationFor - (Security/VEX) The `from` Vulnerability impact is being investigated for each `to` Element - - - - executable - Element is an Artifact that can be run on a computer - - - - - Portion of an AnyLicenseInfo representing this version, or any later version, -of the indicated License. - - - - - 1 - 1 - - - - - - releaseNotes - A reference to the release notes for a package. - - - - incomplete - The relationship is known not to be exhaustive. - - - - hasDependencyManifest - The `from` Element has manifest files that contain dependency information in each `to` Element - - - - specification - the Element is a plan, guideline or strategy how to create, perform or analyse an application - - - - attend - The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines. - - - - review - Used when someone reviews the Element. - - - - Describes the type of the given dataset. - - - - - States if a human is involved in the decisions of the AI software. - - - - - The field describes the availability of a dataset. - - - - - Specifies the time from which an element is applicable / valid. - - - - - - Asbtract ancestor class for all VEX relationships - - - - - 1 - - - - - - 1 - - - - - - - A reference to a resource outside the scope of SPDX-3.0 content that uniquely identifies an Element. - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - 1 - - - - - - - - - - - 1 - - - - - - - Abstract class for the portion of an AnyLicenseInfo representing a license. - - - - - 1 - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - - - - - - Provides the location of an external reference. - - - - - Categorizes safety risk impact of AI software. - - - - - Property that describes the digest of the build configuration file used to invoke a build. - - - - - A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on. - - - - - Describes the anonymization methods used. - - - - - Captures a limitation of the AI software. - - - - - - Provides information about the creation of the Element. - - - - 1 - 1 - - - - - - 1 - - - - - - 1 - 1 - - - - - - 1 - - - - - - - - - - - Describes methods that can be used to explain the model. - - - - - A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile. - - - - - Describes how the dataset was collected. - - - - - A short description of an Element. - - - - - - A distinct article or unit within the digital domain. - - - - - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - - - - - - - - - - - Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. - - - - - Describes a mechanism to update the dataset. - - - - - Describes all the preprocessing steps applied to the training data before the model training. - - - - - Provides information about the type of an SBOM. - - - - - This property is used to denote the root Element(s) of a tree of elements contained in an SBOM. - - - - - - Abstract ancestor class for all vulnerability assessments - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - Defines the end of a range. - - - - - Defines the beginning of a range. - - - - - Records any relevant background information or additional comments -about the origin of the package. - - - - - - A mapping between prefixes and namespace partial URIs. - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - Specifies the time when a vulnerability was published. - - - - - Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog. - - - - - Describes the preprocessing steps that were applied to the raw data to create the given dataset. - - - - - Describes if any sensitive personal information is present in the dataset. - - - - - - Refers to any unit of content that can be associated with a distribution of software. - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - Specifies the time an artifact was released. - - - - - Property that describes the time at which a build stops. - - - - - The name of a relevant standard that may apply to an artifact. - - - - - Records the type of the model used in the AI software. - - - - - A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it. - - - - - Enumeration of dataset types. - - - - Provides a reference number that can be used to understand how to parse and interpret an Element. - - - - - Identifies who or what supplied the artifact or VulnAssessmentRelationship referenced by the Element. - - - - - Gives information about the circumstances or unifying properties -that Elements of the bundle have been assembled under. - - - - - Specifies the exploit catalog type. - - - - Points to a resource outside the scope of the SPDX-3.0 content -that provides additional characteristics of an Element. - - - - - Identifies the download Uniform Resource Identifier for the package at the time that the document was created. - - - - - Specifies a time when a vulnerability assessment was modified - - - - - A substitute for a URI. - - - - - A mathematical algorithm that maps data of arbitrary size to a bit string. - - - - Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance. - - - - - Provides a detailed description of the Element. - - - - - Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness. - - - - Specifies the SSVC decision type. - - - - Specifies the version of the VEX document. - - - - - - Refers to any object that stores content on a computer. - - - - - 1 - - - - - - 1 - - - - - - Specifies the time from which an element is no longer applicable / valid. - - - - - Identifies the text of one or more copyright notices for a software Package, -File or Snippet, if any. - - - - - A LicenseAddition participating in a 'with addition' model. - - - - - Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package. - - - - - Contains a URL where the License or LicenseAddition can be found in use. - - - - - Specified the time and date when a vulnerability was withdrawn. - - - - - Identifies all the text and metadata associated with a license in the license XML format. - - - - - - A tuple of two positive integers that define a range. - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - Enumeration of the valid profiles. - - - - - A collection of Elements, not necessarily with unifying context. - - - - - - - - - - - - - - - - - - - - Capture the scope of information about a specific relationship between elements. - - - - - Property describing the parameters used in an instance of a build. - - - - - Specifies the type of an external identifier. - - - - Records a hyperparameter used to build the AI model contained in the AI package. - - - - - Captures the threshold that was used for computation of a metric described in the metric field. - - - - - Information about the relationship between two Elements. - - - - - - Describes a relationship between one or more elements. - - - - - 1 - 1 - - - - - - - - - - - 1 - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - Agent represents anything with the potential to act on a system. - - - - - - Abstract class for additional text intended to be added to a License, but -which is not itself a standalone License. - - - - - 1 - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - - - - - - - A map of Element identifiers that are used within a Document but defined external to that Document. - - - - 1 - 1 - - - - - - - - - - - 1 - - - - - - 1 - - - - - - Identifies the full text of a LicenseAddition, in SPDX templating format. - - - - - Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf) - - - - - Provides a License author's preferred text to indicate that a file is covered -by the License. - - - - - Describes one a profile which the creator of this ElementCollection intends to conform to. - - - - - A License participating in a 'with addition' model. - - - - - - A collection of Elements that have a shared context. - - - - - 1 - - - - - - Provides additional purpose information of the software artifact. - - - - - Identifies who or what created the Element. - - - - - Commentary on an assertion that an annotator has made. - - - - - Provides a place for the SPDX data creator to record acknowledgement text for -a software Package, File or Snippet. - - - - - Specifies the level of support associated with an artifact. - - - - - Provides advise on how to mitigate or remediate a vulnerability when a VEX product -is affected by it. - - - - - Artifact representing a serialization instance of SPDX data containing the definition of a particular Element. - - - - - The result of applying a hash algorithm to an Element. - - - - - A probability score between 0 and 1 of a vulnerability being exploited. - - - - - Specifies whether a license or additional text identifier has been marked as -deprecated. - - - - - - A reference to a resource outside the scope of SPDX-3.0 content. - - - - 1 - - - - - - - - - - - 1 - - - - - - 1 - - - - - - Identify the version of a package. - - - - - Provides information about the primary purpose of the software artifact. - - - - - Defines the byte range in the original host file that the snippet information applies to. - - - - - Describes the type of annotation. - - - - - Identifies an external Element used within a Document but defined external to that Document. - - - - - Specifies whether the License is listed as approved by the -[Open Source Initiative (OSI)](https://opensource.org). - - - - - - A key with an associated value. - - - - 1 - 1 - - - - - - 1 - - - - - - Specifies whether an additional text identifier has been marked as deprecated. - - - - - A characterization of some aspect of an Element that is associated with the Element in a generalized fashion. - - - - Identifies the full text of a LicenseAddition. - - - - - - Base domain class from which all other SPDX-3.0 domain classes derive. - - - - 1 - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - - - - - - 1 - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - Property that describes the URI of the build configuration source file. - - - - - Specifies the SPDX License List version in which this ListedLicense or -ListedLicenseException identifier was first added. - - - - - An element of hardware and/or software utilized to carry out a particular function. - - - - - Describes potentially noisy elements of the dataset. - - - - - Provides the location for more information regarding an external identifier. - - - - - Provides a set of values to be used to describe the common types of SBOMs that tools may create. - - - - Records the time when a recommended action was communicated in a VEX statement -to mitigate a vulnerability. - - - - - Property describing the start time of a build. - - - - - Specifies the type of the external identifier. - - - - - Provides relevant information about the AI software, not including the model description. - - - - - Provides information about the content type of an Element. - - - - - Defines the original host file that the snippet information applies to. - - - - - Identifies the full text of a License, in SPDX templating format. - - - - - Provides information about the completeness of relationships. - - - - - Identifies the full text of a License or Addition. - - - - - References an Element on the right-hand side of a relationship. - - - - - Explains why a VEX product is not affected by a vulnerability. It is an -alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable -justification label. - - - - - Identifies the name of an Element as designated by the creator. - - - - - - A distinct article or unit related to Software. - - - - - 2 - - - - - - 1 - - - - - - - - - - - 1 - - - - - - - - - - - Provide consumers with comments by the creator of the Element about the Element. - - - - - A value used in a generic key-value pair. - - - - - Provides information about the primary purpose of an Element. - - - - Abstract class representing a license combination consisting of one or more -licenses (optionally including additional text), which may be combined -according to the SPDX license expression syntax. - - - - - Identifies when the Element was originally created. - - - - - Records if sensitive personal information is used during model training. - - - - - Specifies whether the License is listed as free by the -[Free Software Foundation (FSF)](https://fsf.org). - - - - - Conveys information about how VEX status was determined. - - - - - Provides an ExternalMap of Element identifiers. - - - - - An entity that is authorized to issue identification credentials. - - - - - Categories of confidentiality level. - - - - Describes relevant information about different steps of the training process. - - - - - Property describes the invocation entrypoint of a build. - - - - - Specifies the media type of an Element or Property. - - - - - Abstract class representing a License or an OrLaterOperator. - - - - - Identifies the tooling that was used during the creation of the Element. - - - - - Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID. - - - - - Describes what the given dataset should be used for. - - - - - - Provides an independently reproducible mechanism that permits verification of a specific Element. - - - - 1 - - - - - - Provides information about the creation of the Element. - - - - - Specifies an Extension characterization of some aspect of an Element. - - - - - The percentile of the current probability score. - - - - - Defines the line range in the original host file that the snippet information applies to. - - - - - Specifies the algorithm used for calculating the hash value. - - - - - A key used in a generic key-value pair. - - - - - Provides a numerical (0-10) representation of the severity of a vulnerability. - - - - - Property describing the session in which a build is invoked. - - - - - Describes a sensor used for collecting the data. - - - - - Specifies the exploit catalog type. - - - - - A string in the license expression format. - - - - - - A mathematically calculated representation of a grouping of data. - - - - - 1 - 1 - - - - - - 1 - 1 - - - - - - Captures the domain in which the AI package can be used. - - - - - The version of the SPDX License List used in the license expression. - - - - - Captures a standard that is being complied with. - - - - - Provides a reference to a resource outside the scope of SPDX-3.0 content -that uniquely identifies an Element. - - - - - Provides the location of an exploit catalog. - - - - - Identifies an Element to be referenced by other Elements. - - - - - Specifies the CVSS vector string for a vulnerability. - - - - - Provides the license under which the SPDX documentation of the Element can be used. - - - - - Specifies the CVSS base, temporal, threat, or environmental severity type. - - - - The relative file name of a file to be excluded from the `PackageVerificationCode`. - - - - - Categories of presence or absence. - - - - Information about the relationship between two Elements. - - - - Impact justification label to be used when linking a vulnerability to an element -representing a VEX product with a VexNotAffectedVulnAssessmentRelationship -relationship. - - - - - Provides an IntegrityMethod with which the integrity of an Element can be asserted. - - - - - Timestamp of impact statement. - - - - - A container for a grouping of SPDX-3.0 content characterizing details -(provenence, composition, licensing, etc.) about a product. - - - - - Specifies the type of an annotation. - - - - Identifies from where or whom the Element originally came. - - - - - A license expression participating in a license set. - - - - - Specifies the SPDX License List version in which this license or exception -identifier was deprecated. - - - - - Specifies the licenseId that is preferred to be used in place of a deprecated -License or LicenseAddition. - - - - - Describes the confidentiality level of the data points contained in the dataset. - - - - - Provides an unambiguous mechanism for conveying a URI fragment portion of an ElementID. - - - - - Specifies the time an artifact was built. - - - - - Captures the size of the dataset. - - - - - Uniquely identifies an external element. - - - - - Specifies the type of an external reference. - - - - Indicates the amount of energy consumed to build the AI package. - - - - - Provides an indication of where to retrieve an external Element. - - - - - Specifies an element contained in a piece of software where a vulnerability was -found. - - - - - Specifies the type of the external reference. - - - - - Categories of safety risk impact of the application. - - - - Records the biases that the dataset is known to encompass. - - - - - Specifies until when the artifact can be used before its usage needs to be reassessed. - - - - - References the Element on the left-hand side of a relationship. - - - - - If true, denotes the Element is a directory. - - - - - Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification. - - - - - Refers to one or more Elements that are part of an ElementCollection. - - - - - Provide an enumerated set of software lifecycle phases that can provide context to relationships. - - - - A License participating in an 'or later' model. - - - - - A place for the SPDX document creator to record a website that serves as the package's home page. - - - - - Records the measurement of prediction quality of the AI model. - - - - - An Element an annotator has made an assertion about. - - - - - Specifies the VEX justification type. - - - - Indicates the type of support that is associated with an artifact. - - - - Availability of dataset - - diff --git a/ontology/ontology.rdf.ttl b/ontology/ontology.rdf.ttl deleted file mode 100644 index 39c3265ee..000000000 --- a/ontology/ontology.rdf.ttl +++ /dev/null @@ -1,2800 +0,0 @@ -@prefix owl: . -@prefix rdf: . -@prefix rdfs: . -@prefix sh: . -@prefix spdx: . -@prefix xsd: . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides information about the fields in the AI package profile."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:path ], - [ sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Categories of safety risk impact of the application."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Class that describes a build instance of software/artifacts."@en ; - rdfs:subClassOf ; - sh:property [ sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Agent represents anything with the potential to act on a system."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "An assertion made in relation to one or more elements."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Specifies the type of an annotation."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A distinct article or unit within the digital domain."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment """A container for a grouping of SPDX-3.0 content characterizing details -(provenence, composition, licensing, etc.) about a product."""@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A collection of Elements that have a shared context."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides information about the creation of the Element."@en ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:minCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A key with an associated value."@en ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Base domain class from which all other SPDX-3.0 domain classes derive."@en ; - sh:property [ sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A collection of Elements, not necessarily with unifying context."@en ; - rdfs:subClassOf ; - sh:property [ sh:path ], - [ sh:path ], - [ sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A reference to a resource outside the scope of SPDX-3.0 content that uniquely identifies an Element."@en ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Specifies the type of an external identifier."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A map of Element identifiers that are used within a Document but defined external to that Document."@en ; - sh:property [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A reference to a resource outside the scope of SPDX-3.0 content."@en ; - sh:property [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Specifies the type of an external reference."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A mathematically calculated representation of a grouping of data."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "A mathematical algorithm that maps data of arbitrary size to a bit string."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides an independently reproducible mechanism that permits verification of a specific Element."@en ; - sh:property [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Provide an enumerated set of software lifecycle phases that can provide context to relationships."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provide context for a relationship that occurs in the software lifecycle."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A mapping between prefixes and namespace partial URIs."@en ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "A group of people who work together in an organized way for a shared purpose."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "An SPDX version 2.X compatible verification method for software packages."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "An individual human being."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A tuple of two positive integers that define a range."@en ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Categories of presence or absence."@en . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Enumeration of the valid profiles."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Describes a relationship between one or more elements."@en ; - rdfs:subClassOf ; - sh:property [ sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness."@en . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Information about the relationship between two Elements."@en . - - a rdfs:Class, - owl:Class ; - rdfs:comment "A software agent."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A collection of SPDX Elements that could potentially be serialized."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Indicates the type of support that is associated with an artifact."@en . - - a rdfs:Class, - owl:Class ; - rdfs:comment "An element of hardware and/or software utilized to carry out a particular function."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Categories of confidentiality level."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides information about the fields in the Dataset profile."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Availability of dataset"@en . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Enumeration of dataset types."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information -where all elements apply."""@en ; - rdfs:subClassOf ; - sh:property [ sh:minCount 2 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "A license that is not listed on the SPDX License List."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class ; - rdfs:comment "A license addition that is not listed on the SPDX Exceptions List."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information -where only any one of the elements applies."""@en ; - rdfs:subClassOf ; - sh:property [ sh:minCount 2 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Abstract class representing a License or an OrLaterOperator."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class ; - rdfs:comment "A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile."@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Abstract class for the portion of an AnyLicenseInfo representing a license."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment """Abstract class for additional text intended to be added to a License, but -which is not itself a standalone License."""@en ; - rdfs:subClassOf ; - sh:property [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A license that is listed on the SPDX License List."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A license exception that is listed on the SPDX Exceptions list."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment """Portion of an AnyLicenseInfo representing this version, or any later version, -of the indicated License."""@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment """Portion of an AnyLicenseInfo representing a License which has additional -text applied to it."""@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion."@en . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Specifies the CVSS base, temporal, threat, or environmental severity type."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides a CVSS version 2.0 assessment for a vulnerability."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides a CVSS version 3 assessment for a vulnerability."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides a CVSS version 4 assessment for a vulnerability."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides an EPSS assessment for a vulnerability."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Specifies the exploit catalog type."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides an exploit assessment of a vulnerability."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Specifies the SSVC decision type."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Provides an SSVC assessment for a vulnerability."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment """Connects a vulnerability and an element designating the element as a product -affected by the vulnerability."""@en ; - rdfs:subClassOf ; - sh:property [ sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment """Links a vulnerability and elements representing products (in the VEX sense) where -a fix has been applied and are no longer affected."""@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Specifies the VEX justification type."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment """Links a vulnerability and one or more elements designating the latter as products -not affected by the vulnerability."""@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment """Designates elements as products where the impact of a vulnerability is being -investigated."""@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Asbtract ancestor class for all VEX relationships"@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Abstract ancestor class for all vulnerability assessments"@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Specifies a vulnerability and its associated information."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment """Abstract class representing a license combination consisting of one or more -licenses (optionally including additional text), which may be combined -according to the SPDX license expression syntax."""@en ; - rdfs:subClassOf . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "An SPDX Element containing an SPDX license expression string."@en ; - rdfs:subClassOf ; - sh:property [ sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A license or addition that is not listed on the SPDX License List."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Refers to any object that stores content on a computer."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Refers to any unit of content that can be associated with a distribution of software."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A collection of SPDX Elements describing a single package."@en ; - rdfs:subClassOf ; - sh:property [ sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Provides a set of values to be used to describe the common types of SBOMs that tools may create."@en . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "Describes a certain part of a file."@en ; - rdfs:subClassOf ; - sh:property [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 1 ; - sh:minCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class, - sh:NodeShape ; - rdfs:comment "A distinct article or unit related to Software."@en ; - rdfs:subClassOf ; - sh:property [ sh:path ], - [ sh:path ], - [ sh:maxCount 1 ; - sh:path ], - [ sh:maxCount 2 ; - sh:path ], - [ sh:maxCount 1 ; - sh:path ] . - - a rdfs:Class, - owl:Class ; - rdfs:comment "Provides information about the primary purpose of an Element."@en . - - a owl:NamedIndividual, - ; - rdfs:label "high" ; - rdfs:comment "The second-highest level of risk posed by an AI software."@en . - - a owl:NamedIndividual, - ; - rdfs:label "low" ; - rdfs:comment "Low/no risk is posed by the AI software."@en . - - a owl:NamedIndividual, - ; - rdfs:label "medium" ; - rdfs:comment "The third-highest level of risk posed by an AI software."@en . - - a owl:NamedIndividual, - ; - rdfs:label "serious" ; - rdfs:comment "The highest level of risk posed by an AI software."@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element)."@en . - - a owl:NamedIndividual, - ; - rdfs:label "review" ; - rdfs:comment "Used when someone reviews the Element."@en . - - a owl:NamedIndividual, - ; - rdfs:label "cpe22" ; - rdfs:comment "https://cpe.mitre.org/files/cpe-specification_2.2.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "cpe23" ; - rdfs:comment "https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "cve" ; - rdfs:comment "An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification as defined by https://csrc.nist.gov/glossary/term/cve_id."@en . - - a owl:NamedIndividual, - ; - rdfs:label "email" ; - rdfs:comment "https://datatracker.ietf.org/doc/html/rfc3696#section-3"@en . - - a owl:NamedIndividual, - ; - rdfs:label "gitoid" ; - rdfs:comment "https://www.iana.org/assignments/uri-schemes/prov/gitoid Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document); this ambiguity exists because the OmniBOR Document is itself an artifact, and the gitoid of that artifact is its valid identifier. Omnibor is a minimalistic schema to describe software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-dependency-graph-adg). Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's ContentIdentifier property. Gitoids calculated on the OmniBOR Document (OmniBOR Identifiers) should be recorded in the SPDX 3.0 Element's ExternalIdentifier property."@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "Used when the type doesn't match any of the other options."@en . - - a owl:NamedIndividual, - ; - rdfs:label "packageUrl" ; - rdfs:comment "https://github.com/package-url/purl-spec"@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityOther" ; - rdfs:comment "Used when there is a security related identifier of unspecified type."@en . - - a owl:NamedIndividual, - ; - rdfs:label "swhid" ; - rdfs:comment "SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . - - a owl:NamedIndividual, - ; - rdfs:label "swid" ; - rdfs:comment "https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-21.html#section-2.3"@en . - - a owl:NamedIndividual, - ; - rdfs:label "urlScheme" ; - rdfs:comment "the scheme used in order to locate a resource https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml"@en . - - a owl:NamedIndividual, - ; - rdfs:label "altDownloadLocation" ; - rdfs:comment "A reference to an alternative download location."@en . - - a owl:NamedIndividual, - ; - rdfs:label "altWebPage" ; - rdfs:comment "A reference to an alternative web page."@en . - - a owl:NamedIndividual, - ; - rdfs:label "binaryArtifact" ; - rdfs:comment "A reference to binary artifacts related to a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "bower" ; - rdfs:comment "A reference to a bower package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "buildMeta" ; - rdfs:comment "A reference build metadata related to a published package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "buildSystem" ; - rdfs:comment "A reference build system used to create or publish the package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "certificationReport" ; - rdfs:comment "A reference to a certification report for a package from an accredited/independent body."@en . - - a owl:NamedIndividual, - ; - rdfs:label "chat" ; - rdfs:comment "A reference to the instant messaging system used by the maintainer for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "componentAnalysisReport" ; - rdfs:comment "A reference to a Software Composition Analysis (SCA) report."@en . - - a owl:NamedIndividual, - ; - rdfs:label "documentation" ; - rdfs:comment "A reference to the documentation for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "dynamicAnalysisReport" ; - rdfs:comment "A reference to a dynamic analysis report for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "eolNotice" ; - rdfs:comment "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "exportControlAssessment" ; - rdfs:comment "A reference to a export control assessment for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "funding" ; - rdfs:comment "A reference to funding information related to a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "issueTracker" ; - rdfs:comment "A reference to the issue tracker for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "license" ; - rdfs:comment "A reference to additional license information related to an artifact."@en . - - a owl:NamedIndividual, - ; - rdfs:label "mailingList" ; - rdfs:comment "A reference to the mailing list used by the maintainer for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "mavenCentral" ; - rdfs:comment "A reference to a maven repository artifact."@en . - - a owl:NamedIndividual, - ; - rdfs:label "metrics" ; - rdfs:comment "A reference to metrics related to package such as OpenSSF scorecards."@en . - - a owl:NamedIndividual, - ; - rdfs:label "npm" ; - rdfs:comment "A reference to an npm package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "nuget" ; - rdfs:comment "A reference to a nuget package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "Used when the type doesn't match any of the other options."@en . - - a owl:NamedIndividual, - ; - rdfs:label "privacyAssessment" ; - rdfs:comment "A reference to a privacy assessment for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "productMetadata" ; - rdfs:comment "A reference to additional product metadata such as reference within organization's product catalog."@en . - - a owl:NamedIndividual, - ; - rdfs:label "purchaseOrder" ; - rdfs:comment "A reference to a purchase order for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "qualityAssessmentReport" ; - rdfs:comment "A reference to a quality assessment for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "releaseHistory" ; - rdfs:comment "A reference to a published list of releases for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "releaseNotes" ; - rdfs:comment "A reference to the release notes for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "riskAssessment" ; - rdfs:comment "A reference to a risk assessment for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "runtimeAnalysisReport" ; - rdfs:comment "A reference to a runtime analysis report for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "secureSoftwareAttestation" ; - rdfs:comment "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF)](https://csrc.nist.gov/publications/detail/sp/800-218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf)."@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityAdversaryModel" ; - rdfs:comment "A reference to the security adversary model for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityAdvisory" ; - rdfs:comment "A reference to a published security advisory (where advisory as defined per ISO 29147:2018) that may affect one or more elements, e.g., vendor advisories or specific NVD entries."@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityFix" ; - rdfs:comment "A reference to the patch or source code that fixes a vulnerability."@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityOther" ; - rdfs:comment "A reference to related security information of unspecified type."@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityPenTestReport" ; - rdfs:comment "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityPolicy" ; - rdfs:comment "A reference to instructions for reporting newly discovered security vulnerabilities for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "securityThreatModel" ; - rdfs:comment "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "socialMedia" ; - rdfs:comment "A reference to a social media channel for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "sourceArtifact" ; - rdfs:comment "A reference to an artifact containing the sources for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "staticAnalysisReport" ; - rdfs:comment "A reference to a static analysis report for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "support" ; - rdfs:comment "A reference to the software support channel or other support information for a package."@en . - - a owl:NamedIndividual, - ; - rdfs:label "vcs" ; - rdfs:comment "A reference to a version control system related to a software artifact."@en . - - a owl:NamedIndividual, - ; - rdfs:label "vulnerabilityDisclosureReport" ; - rdfs:comment "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161](https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final)."@en . - - a owl:NamedIndividual, - ; - rdfs:label "vulnerabilityExploitabilityAssessment" ; - rdfs:comment "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)."@en . - - a owl:NamedIndividual, - ; - rdfs:label "blake2b256" ; - rdfs:comment "blake2b algorithm with a digest size of 256 https://datatracker.ietf.org/doc/html/rfc7693#section-4"@en . - - a owl:NamedIndividual, - ; - rdfs:label "blake2b384" ; - rdfs:comment "blake2b algorithm with a digest size of 384 https://datatracker.ietf.org/doc/html/rfc7693#section-4"@en . - - a owl:NamedIndividual, - ; - rdfs:label "blake2b512" ; - rdfs:comment "blake2b algorithm with a digest size of 512 https://datatracker.ietf.org/doc/html/rfc7693#section-4"@en . - - a owl:NamedIndividual, - ; - rdfs:label "blake3" ; - rdfs:comment "https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "crystalsDilithium" ; - rdfs:comment "https://pq-crystals.org/dilithium/index.shtml"@en . - - a owl:NamedIndividual, - ; - rdfs:label "crystalsKyber" ; - rdfs:comment "https://pq-crystals.org/kyber/index.shtml"@en . - - a owl:NamedIndividual, - ; - rdfs:label "falcon" ; - rdfs:comment "https://falcon-sign.info/falcon.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "md2" ; - rdfs:comment "https://datatracker.ietf.org/doc/rfc1319/"@en . - - a owl:NamedIndividual, - ; - rdfs:label "md4" ; - rdfs:comment "https://datatracker.ietf.org/doc/html/rfc1186"@en . - - a owl:NamedIndividual, - ; - rdfs:label "md5" ; - rdfs:comment "https://datatracker.ietf.org/doc/html/rfc1321"@en . - - a owl:NamedIndividual, - ; - rdfs:label "md6" ; - rdfs:comment "https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "any hashing algorithm that does not exist in this list of entries"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha1" ; - rdfs:comment "https://datatracker.ietf.org/doc/html/rfc3174"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha224" ; - rdfs:comment "secure hashing algorithm with a digest length of 224 https://datatracker.ietf.org/doc/html/draft-ietf-pkix-sha224-01"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha256" ; - rdfs:comment "secure hashing algorithm with a digest length of 256 https://www.rfc-editor.org/rfc/rfc4634"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha384" ; - rdfs:comment "secure hashing algorithm with a digest length of 384 https://www.rfc-editor.org/rfc/rfc4634"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha3_224" ; - rdfs:comment "sha3 with a digest length of 224 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha3_256" ; - rdfs:comment "sha3 with a digest length of 256 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha3_384" ; - rdfs:comment "sha3 with a digest length of 384 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha3_512" ; - rdfs:comment "sha3 with a digest length of 512 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"@en . - - a owl:NamedIndividual, - ; - rdfs:label "sha512" ; - rdfs:comment "secure hashing algorithm with a digest length of 512 https://www.rfc-editor.org/rfc/rfc4634"@en . - - a owl:NamedIndividual, - ; - rdfs:label "build" ; - rdfs:comment "A relationship has specific context implications during an element's build phase, during development."@en . - - a owl:NamedIndividual, - ; - rdfs:label "design" ; - rdfs:comment "A relationship has specific context implications during an element's design."@en . - - a owl:NamedIndividual, - ; - rdfs:label "development" ; - rdfs:comment "A relationship has specific context implications during development phase of an element."@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle."@en . - - a owl:NamedIndividual, - ; - rdfs:label "runtime" ; - rdfs:comment "A relationship has specific context implications during the execution phase of an element."@en . - - a owl:NamedIndividual, - ; - rdfs:label "test" ; - rdfs:comment "A relationship has specific context implications during an element's testing phase, during development."@en . - - a owl:NamedIndividual, - ; - rdfs:label "no" ; - rdfs:comment "Indicates absence of the field."@en . - - a owl:NamedIndividual, - ; - rdfs:label "noAssertion" ; - rdfs:comment "Makes no assertion about the field."@en . - - a owl:NamedIndividual, - ; - rdfs:label "yes" ; - rdfs:comment "Indicates presence of the field."@en . - - a owl:NamedIndividual, - ; - rdfs:label "ai" ; - rdfs:comment "the element follows the AI profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "build" ; - rdfs:comment "the element follows the Build profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "core" ; - rdfs:comment "the element follows the Core profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "dataset" ; - rdfs:comment "the element follows the Dataset profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "expandedLicensing" ; - rdfs:comment "the element follows the expanded Licensing profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "extension" ; - rdfs:comment "the element follows the Extension profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "security" ; - rdfs:comment "the element follows the Security profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "simpleLicensing" ; - rdfs:comment "the element follows the simple Licensing profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "software" ; - rdfs:comment "the element follows the Software profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "usage" ; - rdfs:comment "the element follows the Usage profile specification"@en . - - a owl:NamedIndividual, - ; - rdfs:label "complete" ; - rdfs:comment "The relationship is known to be exhaustive."@en . - - a owl:NamedIndividual, - ; - rdfs:label "incomplete" ; - rdfs:comment "The relationship is known not to be exhaustive."@en . - - a owl:NamedIndividual, - ; - rdfs:label "noAssertion" ; - rdfs:comment "No assertion can be made about the completeness of the relationship."@en . - - a owl:NamedIndividual, - ; - rdfs:label "affects" ; - rdfs:comment "(Security/VEX) The `from` vulnerability affect each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "amendedBy" ; - rdfs:comment "The `from` Element is amended by each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "ancestorOf" ; - rdfs:comment "The `from` Element is an ancestor of each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "availableFrom" ; - rdfs:comment "The `from` Element is available from the additional supplier described by each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "configures" ; - rdfs:comment "The `from` Element is a configuration applied to each `to` Element during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "contains" ; - rdfs:comment "The `from` Element contains each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "coordinatedBy" ; - rdfs:comment "(Security) The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "copiedTo" ; - rdfs:comment "The `from` Element has been copied to each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "delegatedTo" ; - rdfs:comment "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "dependsOn" ; - rdfs:comment "The `from` Element depends on each `to` Element during a LifecycleScopeType period."@en . - - a owl:NamedIndividual, - ; - rdfs:label "descendantOf" ; - rdfs:comment "The `from` Element is a descendant of each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "describes" ; - rdfs:comment "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used."@en . - - a owl:NamedIndividual, - ; - rdfs:label "doesNotAffect" ; - rdfs:comment "(Security/VEX) The `from` Vulnerability has no impact on each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "expandsTo" ; - rdfs:comment "The `from` archive expands out as an artifact described by each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "exploitCreatedBy" ; - rdfs:comment "(Security) The `from` Vulnerability has had an exploit created against it by each `to` Agent"@en . - - a owl:NamedIndividual, - ; - rdfs:label "fixedBy" ; - rdfs:comment "(Security) Designates a `from` Vulnerability has been fixed by the `to` Agent(s)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "fixedIn" ; - rdfs:comment "(Security/VEX) A `from` Vulnerability has been fixed in each of the `to` Element(s)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "foundBy" ; - rdfs:comment "(Security) Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "generates" ; - rdfs:comment "The `from` Element generates each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasAddedFile" ; - rdfs:comment "Every `to` Element is is a file added to the `from` Element (`from` hasAddedFile `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasAssessmentFor" ; - rdfs:comment "(Security) Relates a `from` Vulnerability and each `to` Element(s) with a security assessment. To be used with `VulnAssessmentRelationship` types"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasAssociatedVulnerability" ; - rdfs:comment "(Security) Used to associate a `from` Artifact with each `to` Vulnerability"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasConcludedLicense" ; - rdfs:comment "The `from` Software Artifact is concluded by the SPDX data creator to be governed by each `to` license"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasDataFile" ; - rdfs:comment "The `from` Element treats each `to` Element as a data file"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasDeclaredLicense" ; - rdfs:comment "The `from` Software Artifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling."@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasDeletedFile" ; - rdfs:comment "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasDependencyManifest" ; - rdfs:comment "The `from` Element has manifest files that contain dependency information in each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasDistributionArtifact" ; - rdfs:comment "The `from` Element is distributed as an artifact in each Element `to`, (e.g. an RPM or archive file)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasDocumentation" ; - rdfs:comment "The `from` Element is documented by each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasDynamicLink" ; - rdfs:comment "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period."@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasEvidence" ; - rdfs:comment "(Dataset) Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasExample" ; - rdfs:comment "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasHost" ; - rdfs:comment "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. The host that the build runs on)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasInputs" ; - rdfs:comment "The `from` Build has each `to` Elements as an input during a LifecycleScopeType period."@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasMetadata" ; - rdfs:comment "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasOptionalComponent" ; - rdfs:comment "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent` `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasOptionalDependency" ; - rdfs:comment "The `from` Element optionally depends on each `to` Element during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasOutputs" ; - rdfs:comment "The `from` Build element generates each `to` Element as an output during a LifecycleScopeType period."@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasPrerequsite" ; - rdfs:comment "The `from` Element has a prerequsite on each `to` Element, during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasProvidedDependency" ; - rdfs:comment "The `from` Element has a dependency on each `to` Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasRequirement" ; - rdfs:comment "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasSpecification" ; - rdfs:comment "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasStaticLink" ; - rdfs:comment "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasTest" ; - rdfs:comment "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasTestCase" ; - rdfs:comment "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "hasVariant" ; - rdfs:comment "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "invokedBy" ; - rdfs:comment "The `from` Element was invoked by the `to` Agent during a LifecycleScopeType period (for example, a Build element that describes a build step)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "modifiedBy" ; - rdfs:comment "The `from` Element is modified by each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "packagedBy" ; - rdfs:comment "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "patchedBy" ; - rdfs:comment "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "publishedBy" ; - rdfs:comment "(Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent"@en . - - a owl:NamedIndividual, - ; - rdfs:label "reportedBy" ; - rdfs:comment "(Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent"@en . - - a owl:NamedIndividual, - ; - rdfs:label "republishedBy" ; - rdfs:comment "(Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "serializedInArtifact" ; - rdfs:comment "The `from` SPDXDocument can be found in a serialized form in each `to` Artifact"@en . - - a owl:NamedIndividual, - ; - rdfs:label "testedOn" ; - rdfs:comment "(AI, Dataset) The `from` Element has been tested on the `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "trainedOn" ; - rdfs:comment "(AI, Dataset) The `from` Element has been trained by the `to` Element(s)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "underInvestigationFor" ; - rdfs:comment "(Security/VEX) The `from` Vulnerability impact is being investigated for each `to` Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "usesTool" ; - rdfs:comment "The `from` Element uses each `to` Element as a tool during a LifecycleScopeType period."@en . - - a owl:NamedIndividual, - ; - rdfs:label "development" ; - rdfs:comment "the artifact is in active development and is not considered ready for formal support from the supplier."@en . - - a owl:NamedIndividual, - ; - rdfs:label "endOfSupport" ; - rdfs:comment "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact."@en . - - a owl:NamedIndividual, - ; - rdfs:label "limitedSupport" ; - rdfs:comment "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . - - a owl:NamedIndividual, - ; - rdfs:label "noAssertion" ; - rdfs:comment "no assertion about the type of support is made. This is considered the default if no other support type is used."@en . - - a owl:NamedIndividual, - ; - rdfs:label "noSupport" ; - rdfs:comment "there is no support for the artifact from the supplier, consumer assumes any support obligations."@en . - - a owl:NamedIndividual, - ; - rdfs:label "support" ; - rdfs:comment "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . - - a owl:NamedIndividual, - ; - rdfs:label "amber" ; - rdfs:comment "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis."@en . - - a owl:NamedIndividual, - ; - rdfs:label "clear" ; - rdfs:comment "Dataset may be distributed freely, without restriction."@en . - - a owl:NamedIndividual, - ; - rdfs:label "green" ; - rdfs:comment "Dataset can be shared within a community of peers and partners."@en . - - a owl:NamedIndividual, - ; - rdfs:label "red" ; - rdfs:comment "Data points in the dataset are highly confidential and can only be shared with named recipients."@en . - - a owl:NamedIndividual, - ; - rdfs:label "clickthrough" ; - rdfs:comment "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage."@en . - - a owl:NamedIndividual, - ; - rdfs:label "directDownload" ; - rdfs:comment "the dataset is publicly available and can be downloaded directly."@en . - - a owl:NamedIndividual, - ; - rdfs:label "query" ; - rdfs:comment "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset."@en . - - a owl:NamedIndividual, - ; - rdfs:label "registration" ; - rdfs:comment "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms."@en . - - a owl:NamedIndividual, - ; - rdfs:label "scrapingScript" ; - rdfs:comment "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data."@en . - - a owl:NamedIndividual, - ; - rdfs:label "audio" ; - rdfs:comment "data is audio based, such as a collection of music from the 80s."@en . - - a owl:NamedIndividual, - ; - rdfs:label "categorical" ; - rdfs:comment "data that is classified into a discrete number of categories, such as the eye color of a population of people."@en . - - a owl:NamedIndividual, - ; - rdfs:label "graph" ; - rdfs:comment "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends."@en . - - a owl:NamedIndividual, - ; - rdfs:label "image" ; - rdfs:comment "data is a collection of images such as pictures of animals."@en . - - a owl:NamedIndividual, - ; - rdfs:label "noAssertion" ; - rdfs:comment "data type is not known."@en . - - a owl:NamedIndividual, - ; - rdfs:label "numeric" ; - rdfs:comment "data consists only of numeric entries."@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "data is of a type not included in this list."@en . - - a owl:NamedIndividual, - ; - rdfs:label "sensor" ; - rdfs:comment "data is recorded from a physical sensor, such as a thermometer reading or biometric device."@en . - - a owl:NamedIndividual, - ; - rdfs:label "structured" ; - rdfs:comment "data is stored in tabular format or retrieved from a relational database."@en . - - a owl:NamedIndividual, - ; - rdfs:label "syntactic" ; - rdfs:comment "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing."@en . - - a owl:NamedIndividual, - ; - rdfs:label "text" ; - rdfs:comment "data consists of unstructured text, such as a book, wikipedia article (without images), or transcript."@en . - - a owl:NamedIndividual, - ; - rdfs:label "timeseries" ; - rdfs:comment "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day."@en . - - a owl:NamedIndividual, - ; - rdfs:label "timestamp" ; - rdfs:comment "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends."@en . - - a owl:NamedIndividual, - ; - rdfs:label "video" ; - rdfs:comment "data is video based, such as a collection of movie clips featuring Tom Hanks."@en . - - a owl:NamedIndividual ; - rdfs:comment "An Individual Value for License when no assertion can be made about its actual value."@en ; - rdfs:range ; - owl:sameAs . - - a owl:NamedIndividual ; - rdfs:comment "An Individual Value for License where the SPDX data creator determines that no license is present."@en ; - rdfs:range ; - owl:sameAs . - - a owl:NamedIndividual, - ; - rdfs:label "critical" ; - rdfs:comment "When a CVSS score is between 9.0 - 10.0"@en . - - a owl:NamedIndividual, - ; - rdfs:label "high" ; - rdfs:comment "When a CVSS score is between 7.0 - 8.9"@en . - - a owl:NamedIndividual, - ; - rdfs:label "low" ; - rdfs:comment "When a CVSS score is between 0 - 3.9"@en . - - a owl:NamedIndividual, - ; - rdfs:label "medium" ; - rdfs:comment "When a CVSS score is between 4 - 6.9"@en . - - a owl:NamedIndividual, - ; - rdfs:label "none" ; - rdfs:comment "When a CVSS score is 0"@en . - - a owl:NamedIndividual, - ; - rdfs:label "kev" ; - rdfs:comment "CISA's Known Exploited Vulnerability (KEV) Catalog"@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "Other exploit catalogs"@en . - - a owl:NamedIndividual, - ; - rdfs:label "act" ; - rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."@en . - - a owl:NamedIndividual, - ; - rdfs:label "attend" ; - rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."@en . - - a owl:NamedIndividual, - ; - rdfs:label "track" ; - rdfs:comment "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."@en . - - a owl:NamedIndividual, - ; - rdfs:label "trackStar" ; - rdfs:comment "(Track* in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines."@en . - - a owl:NamedIndividual, - ; - rdfs:label "componentNotPresent" ; - rdfs:comment "The software is not affected because the vulnerable component is not in the product."@en . - - a owl:NamedIndividual, - ; - rdfs:label "inlineMitigationsAlreadyExist" ; - rdfs:comment "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability."@en . - - a owl:NamedIndividual, - ; - rdfs:label "vulnerableCodeCannotBeControlledByAdversary" ; - rdfs:comment "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack."@en . - - a owl:NamedIndividual, - ; - rdfs:label "vulnerableCodeNotInExecutePath" ; - rdfs:comment "The affected code is not reachable through the execution of the code, including non-anticipated states of the product."@en . - - a owl:NamedIndividual, - ; - rdfs:label "vulnerableCodeNotPresent" ; - rdfs:comment "The product is not affected because the code underlying the vulnerability is not present in the product."@en . - - a owl:NamedIndividual, - ; - rdfs:label "analyzed" ; - rdfs:comment "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a “3rd party” SBOM."@en . - - a owl:NamedIndividual, - ; - rdfs:label "build" ; - rdfs:comment "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs."@en . - - a owl:NamedIndividual, - ; - rdfs:label "deployed" ; - rdfs:comment "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment."@en . - - a owl:NamedIndividual, - ; - rdfs:label "design" ; - rdfs:comment "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact."@en . - - a owl:NamedIndividual, - ; - rdfs:label "runtime" ; - rdfs:comment "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an “Instrumented” or “Dynamic” SBOM."@en . - - a owl:NamedIndividual, - ; - rdfs:label "source" ; - rdfs:comment "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact."@en . - - a owl:NamedIndividual, - ; - rdfs:label "application" ; - rdfs:comment "the Element is a software application"@en . - - a owl:NamedIndividual, - ; - rdfs:label "archive" ; - rdfs:comment "the Element is an archived collection of one or more files (.tar, .zip, etc)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "bom" ; - rdfs:comment "Element is a bill of materials"@en . - - a owl:NamedIndividual, - ; - rdfs:label "configuration" ; - rdfs:comment "Element is configuration data"@en . - - a owl:NamedIndividual, - ; - rdfs:label "container" ; - rdfs:comment "the Element is a container image which can be used by a container runtime application"@en . - - a owl:NamedIndividual, - ; - rdfs:label "data" ; - rdfs:comment "Element is data"@en . - - a owl:NamedIndividual, - ; - rdfs:label "device" ; - rdfs:comment "the Element refers to a chipset, processor, or electronic board"@en . - - a owl:NamedIndividual, - ; - rdfs:label "deviceDriver" ; - rdfs:comment "Element represents software that controls hardware devices"@en . - - a owl:NamedIndividual, - ; - rdfs:label "diskImage" ; - rdfs:comment "the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc."@en . - - a owl:NamedIndividual, - ; - rdfs:label "documentation" ; - rdfs:comment "Element is documentation"@en . - - a owl:NamedIndividual, - ; - rdfs:label "evidence" ; - rdfs:comment "the Element is the evidence that a specification or requirement has been fulfilled"@en . - - a owl:NamedIndividual, - ; - rdfs:label "executable" ; - rdfs:comment "Element is an Artifact that can be run on a computer"@en . - - a owl:NamedIndividual, - ; - rdfs:label "file" ; - rdfs:comment "the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc)"@en . - - a owl:NamedIndividual, - ; - rdfs:label "filesystemImage" ; - rdfs:comment "the Element is a file system image that can be written to a disk (or virtual) partition"@en . - - a owl:NamedIndividual, - ; - rdfs:label "firmware" ; - rdfs:comment "the Element provides low level control over a device's hardware"@en . - - a owl:NamedIndividual, - ; - rdfs:label "framework" ; - rdfs:comment "the Element is a software framework"@en . - - a owl:NamedIndividual, - ; - rdfs:label "install" ; - rdfs:comment "the Element is used to install software on disk"@en . - - a owl:NamedIndividual, - ; - rdfs:label "library" ; - rdfs:comment "the Element is a software library"@en . - - a owl:NamedIndividual, - ; - rdfs:label "manifest" ; - rdfs:comment "the Element is a software manifest"@en . - - a owl:NamedIndividual, - ; - rdfs:label "model" ; - rdfs:comment "the Element is a machine learning or artificial intelligence model"@en . - - a owl:NamedIndividual, - ; - rdfs:label "module" ; - rdfs:comment "the Element is a module of a piece of software"@en . - - a owl:NamedIndividual, - ; - rdfs:label "operatingSystem" ; - rdfs:comment "the Element is an operating system"@en . - - a owl:NamedIndividual, - ; - rdfs:label "other" ; - rdfs:comment "the Element doesn't fit into any of the other categories"@en . - - a owl:NamedIndividual, - ; - rdfs:label "patch" ; - rdfs:comment "Element contains a set of changes to update, fix, or improve another Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "platform" ; - rdfs:comment "Element represents a runtime environment"@en . - - a owl:NamedIndividual, - ; - rdfs:label "requirement" ; - rdfs:comment "the Element provides a requirement needed as input for another Element"@en . - - a owl:NamedIndividual, - ; - rdfs:label "source" ; - rdfs:comment "the Element is a single or a collection of source files"@en . - - a owl:NamedIndividual, - ; - rdfs:label "specification" ; - rdfs:comment "the Element is a plan, guideline or strategy how to create, perform or analyse an application"@en . - - a owl:NamedIndividual, - ; - rdfs:label "test" ; - rdfs:comment "The Element is a test used to verify functionality on an software element"@en . - -spdx: a owl:Ontology ; - owl:versionIRI spdx: . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "States if a human is involved in the decisions of the AI software."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Captures the domain in which the AI package can be used."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Indicates the amount of energy consumed to build the AI package."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Records a hyperparameter used to build the AI model contained in the AI package."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides relevant information about the AI software, not including the model description."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes relevant information about different steps of the training process."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Captures a limitation of the AI software."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Records the measurement of prediction quality of the AI model."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Captures the threshold that was used for computation of a metric described in the metric field."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes all the preprocessing steps applied to the training data before the model training."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes methods that can be used to explain the model."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Categorizes safety risk impact of AI software."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Records if sensitive personal information is used during model training."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Captures a standard that is being complied with."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Records the type of the model used in the AI software."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Property that describes the time at which a build stops."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Property describing the start time of a build."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Property that describes the digest of the build configuration file used to invoke a build."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Property describes the invocation entrypoint of a build."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Property that describes the URI of the build configuration source file."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Property describing the session in which a build is invoked."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Property describing the parameters used in an instance of a build."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Specifies the algorithm used for calculating the hash value."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Describes the type of annotation."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Defines the beginning of a range."@en ; - rdfs:range xsd:positiveInteger . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the time an artifact was built."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides information about the completeness of relationships."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Gives information about the circumstances or unifying properties -that Elements of the bundle have been assembled under."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies when the Element was originally created."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Identifies who or what created the Element."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Identifies the tooling that was used during the creation of the Element."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides information about the creation of the Element."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides the license under which the SPDX documentation of the Element can be used."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Artifact representing a serialization instance of SPDX data containing the definition of a particular Element."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides a detailed description of the Element."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Refers to one or more Elements that are part of an ElementCollection."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Defines the end of a range."@en ; - rdfs:range xsd:positiveInteger . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the time from which an element is no longer applicable / valid."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Specifies an Extension characterization of some aspect of an Element."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment """Provides a reference to a resource outside the scope of SPDX-3.0 content -that uniquely identifies an Element."""@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Specifies the type of the external identifier."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment """Points to a resource outside the scope of the SPDX-3.0 content -that provides additional characteristics of an Element."""@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Specifies the type of the external reference."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies an external Element used within a Document but defined external to that Document."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "References the Element on the left-hand side of a relationship."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Uniquely identifies an external element."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides the location for more information regarding an external identifier."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides an ExternalMap of Element identifiers."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "An entity that is authorized to issue identification credentials."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A key used in a generic key-value pair."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides an indication of where to retrieve an external Element."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides the location of an external reference."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies the name of an Element as designated by the creator."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides an unambiguous mechanism for conveying a URI fragment portion of an ElementID."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Identifies from where or whom the Element originally came."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "The relative file name of a file to be excluded from the `PackageVerificationCode`."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A substitute for a URI."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Describes one a profile which the creator of this ElementCollection intends to conform to."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Information about the relationship between two Elements."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the time an artifact was released."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "This property is used to denote the root Element(s) of a tree of elements contained in an SBOM."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Capture the scope of information about a specific relationship between elements."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies an Element to be referenced by other Elements."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides a reference number that can be used to understand how to parse and interpret an Element."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "The name of a relevant standard that may apply to an artifact."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the time from which an element is applicable / valid."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Commentary on an assertion that an annotator has made."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "An Element an annotator has made an assertion about."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A short description of an Element."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the level of support associated with an artifact."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "References an Element on the right-hand side of a relationship."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies until when the artifact can be used before its usage needs to be reassessed."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A value used in a generic key-value pair."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes the anonymization methods used."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Describes the confidentiality level of the data points contained in the dataset."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes how the dataset was collected."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes the preprocessing steps that were applied to the raw data to create the given dataset."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "The field describes the availability of a dataset."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes potentially noisy elements of the dataset."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Captures the size of the dataset."@en ; - rdfs:range xsd:nonNegativeInteger . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes the type of the given dataset."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes a mechanism to update the dataset."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describes what the given dataset should be used for."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Records the biases that the dataset is known to encompass."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Describes if any sensitive personal information is present in the dataset."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Describes a sensor used for collecting the data."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies the full text of a LicenseAddition."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies whether an additional text identifier has been marked as deprecated."@en ; - rdfs:range xsd:boolean . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Specifies whether a license or additional text identifier has been marked as -deprecated."""@en ; - rdfs:range xsd:boolean . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Specifies whether the License is listed as free by the -[Free Software Foundation (FSF)](https://fsf.org)."""@en ; - rdfs:range xsd:boolean . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Specifies whether the License is listed as approved by the -[Open Source Initiative (OSI)](https://opensource.org)."""@en ; - rdfs:range xsd:boolean . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies the full text of a LicenseAddition, in SPDX templating format."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Provides a License author's preferred text to indicate that a file is covered -by the License."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies the full text of a License, in SPDX templating format."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "A LicenseAddition participating in a 'with addition' model."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "A License participating in a 'with addition' model."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "A License participating in an 'or later' model."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Provides advise on how to mitigate or remediate a vulnerability when a VEX product -is affected by it."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Records the time when a recommended action was communicated in a VEX statement -to mitigate a vulnerability."""@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment """Specifies an element contained in a piece of software where a vulnerability was -found."""@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Specifies the exploit catalog type."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf)"@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog."@en ; - rdfs:range xsd:boolean . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Explains why a VEX product is not affected by a vulnerability. It is an -alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable -justification label."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Timestamp of impact statement."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment """Impact justification label to be used when linking a vulnerability to an element -representing a VEX product with a VexNotAffectedVulnAssessmentRelationship -relationship."""@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides the location of an exploit catalog."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "The percentile of the current probability score."@en ; - rdfs:range xsd:decimal . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A probability score between 0 and 1 of a vulnerability being exploited."@en ; - rdfs:range xsd:decimal . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Conveys information about how VEX status was determined."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the version of the VEX document."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A string in the license expression format."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "The version of the SPDX License List used in the license expression."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides additional purpose information of the software artifact."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Provides a place for the SPDX data creator to record acknowledgement text for -a software Package, File or Snippet."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Defines the byte range in the original host file that the snippet information applies to."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides information about the content type of an Element."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Identifies the text of one or more copyright notices for a software Package, -File or Snippet, if any."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies the download Uniform Resource Identifier for the package at the time that the document was created."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "A place for the SPDX document creator to record a website that serves as the package's home page."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "If true, denotes the Element is a directory."@en ; - rdfs:range xsd:boolean . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Defines the line range in the original host file that the snippet information applies to."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identify the version of a package."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides information about the primary purpose of the software artifact."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides information about the type of an SBOM."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Defines the original host file that the snippet information applies to."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Records any relevant background information or additional comments -about the origin of the package."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the media type of an Element or Property."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "The result of applying a hash algorithm to an Element."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Identifies who or what supplied the artifact or VulnAssessmentRelationship referenced by the Element."@en ; - rdfs:range . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "Provides an IntegrityMethod with which the integrity of an Element can be asserted."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Specifies the SPDX License List version in which this license or exception -identifier was deprecated."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies all the text and metadata associated with a license in the license XML format."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Specifies the SPDX License List version in which this ListedLicense or -ListedLicenseException identifier was first added."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:ObjectProperty ; - rdfs:comment "A license expression participating in a license set."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment """Specifies the licenseId that is preferred to be used in place of a deprecated -License or LicenseAddition."""@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Contains a URL where the License or LicenseAddition can be found in use."@en ; - rdfs:range xsd:anyURI . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies a time when a vulnerability assessment was modified"@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specified the time and date when a vulnerability was withdrawn."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Identifies the full text of a License or Addition."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the time when a vulnerability was published."@en ; - rdfs:range . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provides a numerical (0-10) representation of the severity of a vulnerability."@en ; - rdfs:range xsd:decimal . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Specifies the CVSS vector string for a vulnerability."@en ; - rdfs:range xsd:string . - - a rdf:Property, - owl:DatatypeProperty ; - rdfs:comment "Provide consumers with comments by the creator of the Element about the Element."@en ; - rdfs:range xsd:string . - diff --git a/ontology/ontology.rdf.xml b/ontology/ontology.rdf.xml deleted file mode 100644 index 89cd4563f..000000000 --- a/ontology/ontology.rdf.xml +++ /dev/null @@ -1,3805 +0,0 @@ - - - - - - Describes the type of the given dataset. - - - - - - - A license that is listed on the SPDX License List. - - - - - - - - States if a human is involved in the decisions of the AI software. - - - - - - hasTestCase - Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`) - - - - - - Provides an exploit assessment of a vulnerability. - - - - - - - - - The field describes the availability of a dataset. - - - - - - vulnerabilityExploitabilityAssessment - A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf). - - - - - none - When a CVSS score is 0 - - - - 1 - - - - - bom - Element is a bill of materials - - - - - video - data is video based, such as a collection of movie clips featuring Tom Hanks. - - - - - Specifies the time from which an element is applicable / valid. - - - - - - nuget - A reference to a nuget package. - - - - - - Asbtract ancestor class for all VEX relationships - - - - - - - - categorical - data that is classified into a discrete number of categories, such as the eye color of a population of people. - - - - - other - Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element). - - - - - - Provides information about the fields in the Dataset profile. - - - - - - - - - - - - - - - - - - - other - A relationship has other specific context information necessary to capture that the above set of enumerations does not handle. - - - - - - A reference to a resource outside the scope of SPDX-3.0 content that uniquely identifies an Element. - - - - - - - - - - hasHost - The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. The host that the build runs on) - - - - - endOfSupport - there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact. - - - - - - Abstract class for the portion of an AnyLicenseInfo representing a license. - - - - - - - - - - - - - - 1 - - - - - binaryArtifact - A reference to binary artifacts related to a package. - - - - - Provides the location of an external reference. - - - - - - packageUrl - https://github.com/package-url/purl-spec - - - - - configures - The `from` Element is a configuration applied to each `to` Element during a LifecycleScopeType period - - - - - Categorizes safety risk impact of AI software. - - - - - - Property that describes the digest of the build configuration file used to invoke a build. - - - - - - A buildType is a hint that is used to indicate the toolchain, platform, or infrastructure that the build was invoked on. - - - - - - Describes the anonymization methods used. - - - - - - low - Low/no risk is posed by the AI software. - - - - - urlScheme - the scheme used in order to locate a resource https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml - - - - - - Provides information about the fields in the AI package profile. - - - - - - - - - - - - - - - - - - - - - hasProvidedDependency - The `from` Element has a dependency on each `to` Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period - - - - - cve - An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification as defined by https://csrc.nist.gov/glossary/term/cve_id. - - - - - mailingList - A reference to the mailing list used by the maintainer for a package. - - - - - Captures a limitation of the AI software. - - - - - - - Provides information about the creation of the Element. - - - - - - - - - - vulnerableCodeNotInExecutePath - The affected code is not reachable through the execution of the code, including non-anticipated states of the product. - - - - - Describes methods that can be used to explain the model. - - - - - - kev - CISA's Known Exploited Vulnerability (KEV) Catalog - - - - - A concrete subclass of AnyLicenseInfo used by Individuals in the ExpandedLicensing profile. - - - - - - Describes how the dataset was collected. - - - - - 1 - - - - 1 - 1 - - - - - riskAssessment - A reference to a risk assessment for a package. - - - - - - Describes a certain part of a file. - - - - - - - - 1 - 1 - - - - - - A license exception that is listed on the SPDX Exceptions list. - - - - - - - - syntactic - data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing. - - - - - hasDistributionArtifact - The `from` Element is distributed as an artifact in each Element `to`, (e.g. an RPM or archive file) - - - - 1 - 1 - - - - - hasAssessmentFor - (Security) Relates a `from` Vulnerability and each `to` Element(s) with a security assessment. To be used with `VulnAssessmentRelationship` types - - - - 1 - 1 - - - - - A short description of an Element. - - - - - - module - the Element is a module of a piece of software - - - - - hasPrerequsite - The `from` Element has a prerequsite on each `to` Element, during a LifecycleScopeType period - - - - - - A distinct article or unit within the digital domain. - - - - - - - - - - - - - Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. - - - - - - build - A relationship has specific context implications during an element's build phase, during development. - - - - - modifiedBy - The `from` Element is modified by each `to` Element - - - - - packagedBy - Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`) - - - - - Describes a mechanism to update the dataset. - - - - - - file - the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc) - - - - - email - https://datatracker.ietf.org/doc/html/rfc3696#section-3 - - - - - noSupport - there is no support for the artifact from the supplier, consumer assumes any support obligations. - - - - 1 - - - - - Describes all the preprocessing steps applied to the training data before the model training. - - - - - - - An SPDX version 2.X compatible verification method for software packages. - - - - - - - - Provides information about the type of an SBOM. - - - - - - vulnerableCodeCannotBeControlledByAdversary - The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack. - - - - - testedOn - (AI, Dataset) The `from` Element has been tested on the `to` Element - - - - - - Specifies a vulnerability and its associated information. - - - - - - - - 1 - - - - - This property is used to denote the root Element(s) of a tree of elements contained in an SBOM. - - - - - 1 - - - - 1 - - - - - - Abstract ancestor class for all vulnerability assessments - - - - - - - - - - - Defines the end of a range. - - - - - - Defines the beginning of a range. - - - - - - hasDeclaredLicense - The `from` Software Artifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling. - - - - - securityThreatModel - A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package. - - - - 1 - - - - - Records any relevant background information or additional comments -about the origin of the package. - - - - - - - A mapping between prefixes and namespace partial URIs. - - - - - - - Specifies the time when a vulnerability was published. - - - - - - - Provides a CVSS version 4 assessment for a vulnerability. - - - - - - - - - Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog. - - - - - - - - - Describes the preprocessing steps that were applied to the raw data to create the given dataset. - - - - - - - - - socialMedia - A reference to a social media channel for a package. - - - - 1 - 1 - - - - - Describes if any sensitive personal information is present in the dataset. - - - - - - security - the element follows the Security profile specification - - - - - - Refers to any unit of content that can be associated with a distribution of software. - - - - - - - - - - - Specifies the time an artifact was released. - - - - - 1 - 1 - - - - - Property that describes the time at which a build stops. - - - - - - - Connects a vulnerability and an element designating the element as a product -affected by the vulnerability. - - - - - - - - clickthrough - the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage. - - - - - The name of a relevant standard that may apply to an artifact. - - - - - - blake2b384 - blake2b algorithm with a digest size of 384 https://datatracker.ietf.org/doc/html/rfc7693#section-4 - - - - 1 - - - - - securityFix - A reference to the patch or source code that fixes a vulnerability. - - - - - Records the type of the model used in the AI software. - - - - - - securityOther - Used when there is a security related identifier of unspecified type. - - - - - A buildId is a locally unique identifier used by a builder to identify a unique instance of a build produced by it. - - - - - - deployed - SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment. - - - - - support - A reference to the software support channel or other support information for a package. - - - - 1 - 1 - - - - - structured - data is stored in tabular format or retrieved from a relational database. - - - - - Enumeration of dataset types. - - - - - evidence - the Element is the evidence that a specification or requirement has been fulfilled - - - - - Provides a reference number that can be used to understand how to parse and interpret an Element. - - - - - - Identifies who or what supplied the artifact or VulnAssessmentRelationship referenced by the Element. - - - - - - Gives information about the circumstances or unifying properties -that Elements of the bundle have been assembled under. - - - - - - Specifies the exploit catalog type. - - - - 1 - 1 - - - - - Points to a resource outside the scope of the SPDX-3.0 content -that provides additional characteristics of an Element. - - - - - - componentAnalysisReport - A reference to a Software Composition Analysis (SCA) report. - - - - - Identifies the download Uniform Resource Identifier for the package at the time that the document was created. - - - - - - staticAnalysisReport - A reference to a static analysis report for a package. - - - - - Specifies a time when a vulnerability assessment was modified - - - - - - securityAdversaryModel - A reference to the security adversary model for a package. - - - - - sha3_384 - sha3 with a digest length of 384 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - - A substitute for a URI. - - - - - - A mathematical algorithm that maps data of arbitrary size to a bit string. - - - - - Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance. - - - - - - Provides a detailed description of the Element. - - - - - - ancestorOf - The `from` Element is an ancestor of each `to` Element - - - - - A license addition that is not listed on the SPDX Exceptions List. - - - - - - crystalsKyber - https://pq-crystals.org/kyber/index.shtml - - - - - Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness. - - - - - Specifies the SSVC decision type. - - - - - An individual human being. - - - - - - sensor - data is recorded from a physical sensor, such as a thermometer reading or biometric device. - - - - - hasVariant - Every `to` Element is a variant the `from` Element (`from` hasVariant `to`) - - - - - firmware - the Element provides low level control over a device's hardware - - - - - Specifies the version of the VEX document. - - - - - - - Refers to any object that stores content on a computer. - - - - - - - - Specifies the time from which an element is no longer applicable / valid. - - - - - - hasDataFile - The `from` Element treats each `to` Element as a data file - - - - - simpleLicensing - the element follows the simple Licensing profile specification - - - - - Identifies the text of one or more copyright notices for a software Package, -File or Snippet, if any. - - - - - - yes - Indicates presence of the field. - - - - - A LicenseAddition participating in a 'with addition' model. - - - - - - Provides a place for the SPDX data creator to record the package URL string (in accordance with the [package URL spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst)) for a software Package. - - - - - - Contains a URL where the License or LicenseAddition can be found in use. - - - - - - other - any hashing algorithm that does not exist in this list of entries - - - - - hasRequirement - The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period - - - - 1 - - - - - Specified the time and date when a vulnerability was withdrawn. - - - - - - Identifies all the text and metadata associated with a license in the license XML format. - - - - - 1 - - - - 1 - 1 - - - - - md6 - https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf - - - - - - A tuple of two positive integers that define a range. - - - - - - - hasAddedFile - Every `to` Element is is a file added to the `from` Element (`from` hasAddedFile `to`) - - - - - Enumeration of the valid profiles. - - - - 1 - - - - - hasStaticLink - The `from` Element statically links in each `to` Element, during a LifecycleScopeType period - - - - - - A collection of Elements, not necessarily with unifying context. - - - - - - - - - securityPolicy - A reference to instructions for reporting newly discovered security vulnerabilities for a package. - - - - - Capture the scope of information about a specific relationship between elements. - - - - - - issueTracker - A reference to the issue tracker for a package. - - - - - Property describing the parameters used in an instance of a build. - - - - - - Specifies the type of an external identifier. - - - - - Records a hyperparameter used to build the AI model contained in the AI package. - - - - - - license - A reference to additional license information related to an artifact. - - - - - altDownloadLocation - A reference to an alternative download location. - - - - - certificationReport - A reference to a certification report for a package from an accredited/independent body. - - - - - sha3_512 - sha3 with a digest length of 512 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - - directDownload - the dataset is publicly available and can be downloaded directly. - - - - 1 - - - - - Captures the threshold that was used for computation of a metric described in the metric field. - - - - - - - Class that describes a build instance of software/artifacts. - - - - - - - - - - - - - - - Information about the relationship between two Elements. - - - - - - deviceDriver - Element represents software that controls hardware devices - - - - - dataset - the element follows the Dataset profile specification - - - - - - An assertion made in relation to one or more elements. - - - - - - - - - - build - the element follows the Build profile specification - - - - - ai - the element follows the AI profile specification - - - - - productMetadata - A reference to additional product metadata such as reference within organization's product catalog. - - - - 1 - - - - - - Describes a relationship between one or more elements. - - - - - - - - - - - - Agent represents anything with the potential to act on a system. - - - - - - - Provides an SSVC assessment for a vulnerability. - - - - - - - - A collection of SPDX Elements describing a single package. - - - - - - - core - the element follows the Core profile specification - - - - - - Abstract class for additional text intended to be added to a License, but -which is not itself a standalone License. - - - - - - - - - - - - A group of people who work together in an organized way for a shared purpose. - - - - - - - A map of Element identifiers that are used within a Document but defined external to that Document. - - - - - - - - - Identifies the full text of a LicenseAddition, in SPDX templating format. - - - - - - chat - A reference to the instant messaging system used by the maintainer for a package. - - - - 1 - - - - 1 - 1 - - - - - Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf) - - - - - - timeseries - data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day. - - - - 1 - 1 - - - - - Provides a License author's preferred text to indicate that a file is covered -by the License. - - - - - - Describes one a profile which the creator of this ElementCollection intends to conform to. - - - - - - A License participating in a 'with addition' model. - - - - - - - - - - A collection of Elements that have a shared context. - - - - - - - Provides additional purpose information of the software artifact. - - - - - - requirement - the Element provides a requirement needed as input for another Element - - - - - releaseHistory - A reference to a published list of releases for a package. - - - - - - A collection of SPDX Elements that could potentially be serialized. - - - - - - - - - Identifies who or what created the Element. - - - - - - Commentary on an assertion that an annotator has made. - - - - - An Individual Value for License when no assertion can be made about its actual value. - - - - - - - sha384 - secure hashing algorithm with a digest length of 384 https://www.rfc-editor.org/rfc/rfc4634 - - - - - runtime - SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an “Instrumented” or “Dynamic” SBOM. - - - - - noAssertion - No assertion can be made about the completeness of the relationship. - - - - - manifest - the Element is a software manifest - - - - - Provides a place for the SPDX data creator to record acknowledgement text for -a software Package, File or Snippet. - - - - - - green - Dataset can be shared within a community of peers and partners. - - - - - Specifies the level of support associated with an artifact. - - - - - 2 - - - - - affects - (Security/VEX) The `from` vulnerability affect each `to` Element - - - - - extension - the element follows the Extension profile specification - - - - - limitedSupport - the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support. - - - - - privacyAssessment - A reference to a privacy assessment for a package. - - - - - container - the Element is a container image which can be used by a container runtime application - - - - - install - the Element is used to install software on disk - - - - - blake2b512 - blake2b algorithm with a digest size of 512 https://datatracker.ietf.org/doc/html/rfc7693#section-4 - - - - - sha512 - secure hashing algorithm with a digest length of 512 https://www.rfc-editor.org/rfc/rfc4634 - - - - - data - Element is data - - - - - Provides advise on how to mitigate or remediate a vulnerability when a VEX product -is affected by it. - - - - - - Artifact representing a serialization instance of SPDX data containing the definition of a particular Element. - - - - - 1 - 1 - - - - - eolNotice - A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package. - - - - - Links a vulnerability and elements representing products (in the VEX sense) where -a fix has been applied and are no longer affected. - - - - - - source - the Element is a single or a collection of source files - - - - - funding - A reference to funding information related to a package. - - - - 1 - - - - - The result of applying a hash algorithm to an Element. - - - - - - inlineMitigationsAlreadyExist - Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability. - - - - - - Portion of an AnyLicenseInfo representing a License which has additional -text applied to it. - - - - - - - - A probability score between 0 and 1 of a vulnerability being exploited. - - - - - - Specifies whether a license or additional text identifier has been marked as -deprecated. - - - - - - medium - When a CVSS score is between 4 - 6.9 - - - - - design - A relationship has specific context implications during an element's design. - - - - - - A reference to a resource outside the scope of SPDX-3.0 content. - - - - - - - - - reportedBy - (Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent - - - - - Identify the version of a package. - - - - - - Provides information about the primary purpose of the software artifact. - - - - - - hasSpecification - Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period - - - - 1 - 1 - - - - - complete - The relationship is known to be exhaustive. - - - - - swid - https://www.ietf.org/archive/id/draft-ietf-sacm-coswid-21.html#section-2.3 - - - - - runtimeAnalysisReport - A reference to a runtime analysis report for a package. - - - - - act - The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible. - - - - - hasOptionalDependency - The `from` Element optionally depends on each `to` Element during a LifecycleScopeType period - - - - - configuration - Element is configuration data - - - - - generates - The `from` Element generates each `to` Element - - - - 1 - - - - - Defines the byte range in the original host file that the snippet information applies to. - - - - - 1 - 1 - - - - - serious - The highest level of risk posed by an AI software. - - - - 1 - - - - 1 - 1 - - - - - Describes the type of annotation. - - - - - - - - - Identifies an external Element used within a Document but defined external to that Document. - - - - - - Specifies whether the License is listed as approved by the -[Open Source Initiative (OSI)](https://opensource.org). - - - - - 1 - 1 - - - - - vcs - A reference to a version control system related to a software artifact. - - - - - - A key with an associated value. - - - - - - - Specifies whether an additional text identifier has been marked as deprecated. - - - - - - trackStar - (Track* in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines. - - - - 1 - 1 - - - - - republishedBy - (Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s) - - - - 1 - - - - 1 - 1 - - - - - A characterization of some aspect of an Element that is associated with the Element in a generalized fashion. - - - - 1 - 1 - - - - 1 - 1 - - - - - Identifies the full text of a LicenseAddition. - - - - - - trainedOn - (AI, Dataset) The `from` Element has been trained by the `to` Element(s) - - - - - - Base domain class from which all other SPDX-3.0 domain classes derive. - - - - - - - - - - - - - - - Property that describes the URI of the build configuration source file. - - - - - - Specifies the SPDX License List version in which this ListedLicense or -ListedLicenseException identifier was first added. - - - - - - contains - The `from` Element contains each `to` Element - - - - - An element of hardware and/or software utilized to carry out a particular function. - - - - - - platform - Element represents a runtime environment - - - - 1 - 1 - - - - - Describes potentially noisy elements of the dataset. - - - - - - Provides the location for more information regarding an external identifier. - - - - - - Provides a set of values to be used to describe the common types of SBOMs that tools may create. - - - - - application - the Element is a software application - - - - - Records the time when a recommended action was communicated in a VEX statement -to mitigate a vulnerability. - - - - - - blake2b256 - blake2b algorithm with a digest size of 256 https://datatracker.ietf.org/doc/html/rfc7693#section-4 - - - - - Property describing the start time of a build. - - - - - - - Links a vulnerability and one or more elements designating the latter as products -not affected by the vulnerability. - - - - - - - - - Specifies the type of the external identifier. - - - - - - amendedBy - The `from` Element is amended by each `to` Element - - - - - image - data is a collection of images such as pictures of animals. - - - - - Provides relevant information about the AI software, not including the model description. - - - - - - - Provides an EPSS assessment for a vulnerability. - - - - - - - - - build - SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs. - - - - - - An SPDX Element containing an SPDX license expression string. - - - - - - - - - hasTest - Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period - - - - - Provides information about the content type of an Element. - - - - - - usage - the element follows the Usage profile specification - - - - - metrics - A reference to metrics related to package such as OpenSSF scorecards. - - - - 1 - - - - - Defines the original host file that the snippet information applies to. - - - - - - Identifies the full text of a License, in SPDX templating format. - - - - - 1 - 1 - - - - - serializedInArtifact - The `from` SPDXDocument can be found in a serialized form in each `to` Artifact - - - - - graph - data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends. - - - - - model - the Element is a machine learning or artificial intelligence model - - - - - Provides information about the completeness of relationships. - - - - - - query - the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset. - - - - - clear - Dataset may be distributed freely, without restriction. - - - - 1 - - - - - Identifies the full text of a License or Addition. - - - - - - References an Element on the right-hand side of a relationship. - - - - - - vulnerabilityDisclosureReport - A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161](https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final). - - - - - Explains why a VEX product is not affected by a vulnerability. It is an -alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable -justification label. - - - - - - analyzed - SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a “3rd party” SBOM. - - - - - framework - the Element is a software framework - - - - - fixedBy - (Security) Designates a `from` Vulnerability has been fixed by the `to` Agent(s) - - - - - exploitCreatedBy - (Security) The `from` Vulnerability has had an exploit created against it by each `to` Agent - - - - 1 - - - - - Identifies the name of an Element as designated by the creator. - - - - - 1 - - - - - hasDeletedFile - Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`) - - - - - other - Used when the type doesn't match any of the other options. - - - - - - - - hasConcludedLicense - The `from` Software Artifact is concluded by the SPDX data creator to be governed by each `to` license - - - - - hasInputs - The `from` Build has each `to` Elements as an input during a LifecycleScopeType period. - - - - - - A distinct article or unit related to Software. - - - - - - - - - - - Provide consumers with comments by the creator of the Element about the Element. - - - - - - A value used in a generic key-value pair. - - - - - - Provides information about the primary purpose of an Element. - - - - - Abstract class representing a license combination consisting of one or more -licenses (optionally including additional text), which may be combined -according to the SPDX license expression syntax. - - - - - - Identifies when the Element was originally created. - - - - - - no - Indicates absence of the field. - - - - - swhid - SoftWare Hash IDentifier, persistent intrinsic identifiers for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The syntax of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) and they typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. - - - - - source - SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact. - - - - - Records if sensitive personal information is used during model training. - - - - - 1 - - - - - A license that is not listed on the SPDX License List. - - - - - - securityPenTestReport - A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package. - - - - - library - the Element is a software library - - - - - doesNotAffect - (Security/VEX) The `from` Vulnerability has no impact on each `to` Element - - - - - expandsTo - The `from` archive expands out as an artifact described by each `to` Element - - - - - Specifies whether the License is listed as free by the -[Free Software Foundation (FSF)](https://fsf.org). - - - - - - Conveys information about how VEX status was determined. - - - - - - diskImage - the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc. - - - - - noAssertion - data type is not known. - - - - - componentNotPresent - The software is not affected because the vulnerable component is not in the product. - - - - - Provides an ExternalMap of Element identifiers. - - - - - - An entity that is authorized to issue identification credentials. - - - - - 1 - 1 - - - - - amber - Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis. - - - - - Categories of confidentiality level. - - - - 1 - - - - - Describes relevant information about different steps of the training process. - - - - - 1 - - - - - - Portion of an AnyLicenseInfo representing a set of licensing information -where all elements apply. - - - - - - - Property describes the invocation entrypoint of a build. - - - - - - - - - high - The second-highest level of risk posed by an AI software. - - - - - Specifies the media type of an Element or Property. - - - - - - critical - When a CVSS score is between 9.0 - 10.0 - - - - - foundBy - (Security) Designates a `from` Vulnerability was originally discovered by the `to` Agent(s) - - - - - Abstract class representing a License or an OrLaterOperator. - - - - - 1 - - - - 1 - 1 - - - - - hasMetadata - Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`) - - - - - high - When a CVSS score is between 7.0 - 8.9 - - - - - other - the Element doesn't fit into any of the other categories - - - - 1 - 1 - - - - - hasExample - Every `to` Element is an example for the `from` Element (`from` hasExample `to`) - - - - - test - A relationship has specific context implications during an element's testing phase, during development. - - - - - - - - scrapingScript - the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data. - - - - - A software agent. - - - - - - sha256 - secure hashing algorithm with a digest length of 256 https://www.rfc-editor.org/rfc/rfc4634 - - - - - - - - hasOutputs - The `from` Build element generates each `to` Element as an output during a LifecycleScopeType period. - - - - 1 - - - - An Individual Value for License where the SPDX data creator determines that no license is present. - - - - - - 1 - 1 - - - - - Identifies the tooling that was used during the creation of the Element. - - - - - - sourceArtifact - A reference to an artifact containing the sources for a package. - - - - 1 - - - - - npm - A reference to an npm package. - - - - - other - Other exploit catalogs - - - - - - Provides a CVSS version 3 assessment for a vulnerability. - - - - - - - - - securityAdvisory - A reference to a published security advisory (where advisory as defined per ISO 29147:2018) that may affect one or more elements, e.g., vendor advisories or specific NVD entries. - - - - - Maps a LicenseRef or AdditionRef string for a Custom License or a Custom License Addition to its URI ID. - - - - - 1 - - - - - Describes what the given dataset should be used for. - - - - - 1 - - - - - invokedBy - The `from` Element was invoked by the `to` Agent during a LifecycleScopeType period (for example, a Build element that describes a build step) - - - - - dependsOn - The `from` Element depends on each `to` Element during a LifecycleScopeType period. - - - - 1 - - - - - - Portion of an AnyLicenseInfo representing a set of licensing information -where only any one of the elements applies. - - - - - - - hasAssociatedVulnerability - (Security) Used to associate a `from` Artifact with each `to` Vulnerability - - - - - - - 1 - 1 - - - - 1 - - - - 1 - - - - - copiedTo - The `from` Element has been copied to each `to` Element - - - - - blake3 - https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf - - - - - - Provides an independently reproducible mechanism that permits verification of a specific Element. - - - - - - - - - Provides information about the creation of the Element. - - - - - 1 - - - - - Specifies an Extension characterization of some aspect of an Element. - - - - - - The percentile of the current probability score. - - - - - 1 - 1 - - - - - - - 2 - - - - - Defines the line range in the original host file that the snippet information applies to. - - - - - - Specifies the algorithm used for calculating the hash value. - - - - - - hasDocumentation - The `from` Element is documented by each `to` Element - - - - - development - A relationship has specific context implications during development phase of an element. - - - - - medium - The third-highest level of risk posed by an AI software. - - - - - sha3_256 - sha3 with a digest length of 256 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - - audio - data is audio based, such as a collection of music from the 80s. - - - - 1 - - - - - A key used in a generic key-value pair. - - - - - - availableFrom - The `from` Element is available from the additional supplier described by each `to` Element - - - - - Provides a numerical (0-10) representation of the severity of a vulnerability. - - - - - - Property describing the session in which a build is invoked. - - - - - - registration - the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms. - - - - - Describes a sensor used for collecting the data. - - - - - - Specifies the exploit catalog type. - - - - - - delegatedTo - The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. the `to` invokedBy Relationship is being done on behalf of `from`) - - - - - A string in the license expression format. - - - - - 1 - 1 - - - - - hasDynamicLink - The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period. - - - - - usesTool - The `from` Element uses each `to` Element as a tool during a LifecycleScopeType period. - - - - - - A mathematically calculated representation of a grouping of data. - - - - - - - 1 - - - - 1 - - - - - red - Data points in the dataset are highly confidential and can only be shared with named recipients. - - - - - bower - A reference to a bower package. - - - - - Captures the domain in which the AI package can be used. - - - - - - The version of the SPDX License List used in the license expression. - - - - - - Captures a standard that is being complied with. - - - - - - hasEvidence - (Dataset) Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`) - - - - - - - 1 - 1 - - - - - exportControlAssessment - A reference to a export control assessment for a package. - - - - - - - 1 - - - - - Provides a reference to a resource outside the scope of SPDX-3.0 content -that uniquely identifies an Element. - - - - - - development - the artifact is in active development and is not considered ready for formal support from the supplier. - - - - 1 - - - - - Designates elements as products where the impact of a vulnerability is being -investigated. - - - - - 1 - 1 - - - - - Provides the location of an exploit catalog. - - - - - - describes - The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used. - - - - - buildMeta - A reference build metadata related to a published package. - - - - - fixedIn - (Security/VEX) A `from` Vulnerability has been fixed in each of the `to` Element(s) - - - - - low - When a CVSS score is between 0 - 3.9 - - - - - track - The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines. - - - - 1 - - - - - sha1 - https://datatracker.ietf.org/doc/html/rfc3174 - - - - - crystalsDilithium - https://pq-crystals.org/dilithium/index.shtml - - - - - patch - Element contains a set of changes to update, fix, or improve another Element - - - - - sha224 - secure hashing algorithm with a digest length of 224 https://datatracker.ietf.org/doc/html/draft-ietf-pkix-sha224-01 - - - - - md4 - https://datatracker.ietf.org/doc/html/rfc1186 - - - - - Identifies an Element to be referenced by other Elements. - - - - - - Specifies the CVSS vector string for a vulnerability. - - - - - 1 - - - - 1 - - - - - Provides the license under which the SPDX documentation of the Element can be used. - - - - - 1 - - - - - Specifies the CVSS base, temporal, threat, or environmental severity type. - - - - - qualityAssessmentReport - A reference to a quality assessment for a package. - - - - - vulnerableCodeNotPresent - The product is not affected because the code underlying the vulnerability is not present in the product. - - - - 1 - - - - - The relative file name of a file to be excluded from the `PackageVerificationCode`. - - - - - - altWebPage - A reference to an alternative web page. - - - - - coordinatedBy - (Security) The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent) - - - - - buildSystem - A reference build system used to create or publish the package. - - - - 1 - - - - - Categories of presence or absence. - - - - 1 - 1 - - - - - Information about the relationship between two Elements. - - - - - - Provide context for a relationship that occurs in the software lifecycle. - - - - - - - Impact justification label to be used when linking a vulnerability to an element -representing a VEX product with a VexNotAffectedVulnAssessmentRelationship -relationship. - - - - - - - - - - - - numeric - data consists only of numeric entries. - - - - - Provides an IntegrityMethod with which the integrity of an Element can be asserted. - - - - - - Timestamp of impact statement. - - - - - - publishedBy - (Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent - - - - - A container for a grouping of SPDX-3.0 content characterizing details -(provenence, composition, licensing, etc.) about a product. - - - - - 1 - - - - - filesystemImage - the Element is a file system image that can be written to a disk (or virtual) partition - - - - 1 - 1 - - - - - gitoid - https://www.iana.org/assignments/uri-schemes/prov/gitoid Gitoid stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) and a gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent the software [Artifact ID](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-id) or the [OmniBOR Identifier](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-identifier) for the software artifact's associated [OmniBOR Document](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#omnibor-document); this ambiguity exists because the OmniBOR Document is itself an artifact, and the gitoid of that artifact is its valid identifier. Omnibor is a minimalistic schema to describe software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/main/spec/SPEC.md#artifact-dependency-graph-adg). Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's ContentIdentifier property. Gitoids calculated on the OmniBOR Document (OmniBOR Identifiers) should be recorded in the SPDX 3.0 Element's ExternalIdentifier property. - - - - - Specifies the type of an annotation. - - - - - documentation - A reference to the documentation for a package. - - - - 1 - 1 - - - - - md2 - https://datatracker.ietf.org/doc/rfc1319/ - - - - - Identifies from where or whom the Element originally came. - - - - - 1 - - - - - falcon - https://falcon-sign.info/falcon.pdf - - - - - - - 1 - 1 - - - - 1 - 1 - - - - 1 - - - - - timestamp - data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends. - - - - 1 - - - - - operatingSystem - the Element is an operating system - - - - - A license expression participating in a license set. - - - - - - dynamicAnalysisReport - A reference to a dynamic analysis report for a package. - - - - - mavenCentral - A reference to a maven repository artifact. - - - - - hasOptionalComponent - Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent` `to`) - - - - 1 - 1 - - - - - noAssertion - no assertion about the type of support is made. This is considered the default if no other support type is used. - - - - - design - SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact. - - - - - Specifies the SPDX License List version in which this license or exception -identifier was deprecated. - - - - - 1 - - - - - descendantOf - The `from` Element is a descendant of each `to` Element - - - - - Specifies the licenseId that is preferred to be used in place of a deprecated -License or LicenseAddition. - - - - - - runtime - A relationship has specific context implications during the execution phase of an element. - - - - - documentation - Element is documentation - - - - - Describes the confidentiality level of the data points contained in the dataset. - - - - - - - - - support - the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support. - - - - - Provides an unambiguous mechanism for conveying a URI fragment portion of an ElementID. - - - - - - other - data is of a type not included in this list. - - - - - patchedBy - Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`) - - - - 1 - - - - - Specifies the time an artifact was built. - - - - - - Captures the size of the dataset. - - - - - - Uniquely identifies an external element. - - - - - 1 - - - - - Specifies the type of an external reference. - - - - 1 - - - - 1 - 1 - - - - - Indicates the amount of energy consumed to build the AI package. - - - - - - other - Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless) - - - - - Provides an indication of where to retrieve an external Element. - - - - - 1 - - - - - noAssertion - Makes no assertion about the field. - - - - - secureSoftwareAttestation - A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF)](https://csrc.nist.gov/publications/detail/sp/800-218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/sites/default/files/2023-04/secure-software-self-attestation_common-form_508.pdf). - - - - 1 - 1 - - - - 1 - 1 - - - - 1 - - - - 1 - - - - - cpe22 - https://cpe.mitre.org/files/cpe-specification_2.2.pdf - - - - - Specifies an element contained in a piece of software where a vulnerability was -found. - - - - - - purchaseOrder - A reference to a purchase order for a package. - - - - 1 - - - - - Specifies the type of the external reference. - - - - - 1 - - - - - Categories of safety risk impact of the application. - - - - - device - the Element refers to a chipset, processor, or electronic board - - - - 1 - - - - - - - - Records the biases that the dataset is known to encompass. - - - - - - test - The Element is a test used to verify functionality on an software element - - - - - other - Used when the type doesn't match any of the other options. - - - - - - - - Specifies until when the artifact can be used before its usage needs to be reassessed. - - - - - - - - - - expandedLicensing - the element follows the expanded Licensing profile specification - - - - - References the Element on the left-hand side of a relationship. - - - - - 1 - - - - 1 - - - - 1 - - - - - cpe23 - https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf - - - - - If true, denotes the Element is a directory. - - - - - - text - data consists of unstructured text, such as a book, wikipedia article (without images), or transcript. - - - - 1 - - - - - software - the element follows the Software profile specification - - - - - Used to record the artifact’s gitoid: a canonical, unique, immutable identifier that can be used for software integrity verification. - - - - - - md5 - https://datatracker.ietf.org/doc/html/rfc1321 - - - - 1 - - - - - - A license or addition that is not listed on the SPDX License List. - - - - - - - archive - the Element is an archived collection of one or more files (.tar, .zip, etc) - - - - - securityOther - A reference to related security information of unspecified type. - - - - 1 - - - - - sha3_224 - sha3 with a digest length of 224 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf - - - - - - Provides a CVSS version 2.0 assessment for a vulnerability. - - - - - - - - underInvestigationFor - (Security/VEX) The `from` Vulnerability impact is being investigated for each `to` Element - - - - 1 - - - - - - - - executable - Element is an Artifact that can be run on a computer - - - - 1 - - - - 1 - 1 - - - - - - - - Refers to one or more Elements that are part of an ElementCollection. - - - - - - - Portion of an AnyLicenseInfo representing this version, or any later version, -of the indicated License. - - - - - - - releaseNotes - A reference to the release notes for a package. - - - - 2 - - - - - - - - incomplete - The relationship is known not to be exhaustive. - - - - - hasDependencyManifest - The `from` Element has manifest files that contain dependency information in each `to` Element - - - - - - - 1 - - - - - - - - - - - specification - the Element is a plan, guideline or strategy how to create, perform or analyse an application - - - - - Provide an enumerated set of software lifecycle phases that can provide context to relationships. - - - - 1 - - - - - attend - The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines. - - - - 1 - 1 - - - - 1 - - - - - - - 1 - - - - 1 - - - - - A License participating in an 'or later' model. - - - - - 1 - - - - - A place for the SPDX document creator to record a website that serves as the package's home page. - - - - - - Records the measurement of prediction quality of the AI model. - - - - - - - - 1 - 1 - - - - 1 - - - - 1 - - - - - - - - - - - - - 1 - - - - - An Element an annotator has made an assertion about. - - - - - 1 - - - - - - - - Specifies the VEX justification type. - - - - 1 - - - - - Indicates the type of support that is associated with an artifact. - - - - - - - - - - - Availability of dataset - - - - 1 - - - - 1 - - - - 1 - - - - - - - 1 - - - - - - - - review - Used when someone reviews the Element. - - - - - - - - - - - - - 1 - - - - 1 - - - - 1 - - - - - - - - - - 1 - - - - - - - - From 051c3e8c52331af03093c5e1510a3482fd2e6afd Mon Sep 17 00:00:00 2001 From: Joshua Watt Date: Tue, 23 Apr 2024 07:20:29 -0600 Subject: [PATCH 09/26] docs: annex: getting-started: Add missing reference Signed-off-by: Joshua Watt Signed-off-by: Marc-Etienne Vargenau --- docs/annexes/getting-started.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/annexes/getting-started.md b/docs/annexes/getting-started.md index acf79870e..2a1392432 100644 --- a/docs/annexes/getting-started.md +++ b/docs/annexes/getting-started.md @@ -720,6 +720,7 @@ walk through has been instructive and you are ready to get started with SPDX! [Property_creationInfo]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/creationInfo [Property_element]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/element [Property_externalIdentifier]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/externalIdentifier +[Property_externalIdentifierType]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/externalIdentifierType [Property_from]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/from [Property_identifier]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/identifier [Property_name]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/name From 65a018293fe2d8b754108715c065356eeac7d029 Mon Sep 17 00:00:00 2001 From: Joshua Watt Date: Tue, 23 Apr 2024 09:03:30 -0600 Subject: [PATCH 10/26] doc: annex: Validate documentation examples Updates the security information Annex to conform to the SPDX 3.0 schema and model. In addition, the CI workflow is updated to use a standalone script to do the validation (making it easier to validate locally). When validation documentation files, the script will now detect if the documentation is a complete document or just fragements of a document. In the latter case, a wrapper is made around the JSON from the documentation to make it a valid document for validation (e.g. "@context", "@graph", and a CreationInfo). Signed-off-by: Joshua Watt Signed-off-by: Marc-Etienne Vargenau --- .github/workflows/validate_examples.yml | 32 +-- bin/check-examples.sh | 76 ++++++ .../including-security-information-in-SPDX.md | 255 ++++++++++-------- 3 files changed, 223 insertions(+), 140 deletions(-) create mode 100755 bin/check-examples.sh diff --git a/.github/workflows/validate_examples.yml b/.github/workflows/validate_examples.yml index 004880def..fe9c588ea 100644 --- a/.github/workflows/validate_examples.yml +++ b/.github/workflows/validate_examples.yml @@ -13,35 +13,7 @@ jobs: - name: Install dependencies run: | sudo apt install -y gawk - - name: Check files - run: | - set -e - for f in examples/jsonld/*.json; do - echo "Checking $f" - - check-jsonschema \ - -v \ - --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ - $f - pyshacl \ - -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - $f - done - - - name: Check documentation examples + - name: Check examples run: | - for f in docs/annexes/getting-started.md; do - echo "Checking $f" - cat $f | awk '/^```json/, $0=="```" {if ($0 !~ /^```.*/ ) print}' > temp.json - check-jsonschema \ - -v \ - --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ - temp.json - - pyshacl \ - -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - temp.json - done + ./bin/check-examples.sh diff --git a/bin/check-examples.sh b/bin/check-examples.sh new file mode 100755 index 000000000..29b0c9e6b --- /dev/null +++ b/bin/check-examples.sh @@ -0,0 +1,76 @@ +#! /bin/bash +# +# Validates SPDX example, both in separate files and inline in the +# documentation +# +# SPDX-License-Identifier: MIT + +set -e + +THIS_DIR=$(dirname $0) + +for f in examples/jsonld/*.json; do + echo "Checking $f" + + check-jsonschema \ + -v \ + --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ + $f + + pyshacl \ + -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ + -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ + $f +done + +T=$(mktemp -d) + +for f in $THIS_DIR/../docs/annexes/*.md; do + if ! grep -q '```json' $f; then + continue + fi + echo "Checking $f" + echo "" > $T/temp.json + + if ! grep -q '@context' $f; then + cat >> $T/temp.json <> $T/temp.json + + if ! grep -q '@context' $f; then + cat >> $T/temp.json < Date: Wed, 8 May 2024 17:28:22 -0600 Subject: [PATCH 11/26] Add annex describing how to cross reference documents Adds a markdown document with examples that explains how to refer to elements across documents Signed-off-by: Joshua Watt Signed-off-by: Marc-Etienne Vargenau --- bin/check-examples.sh | 54 ++++--- docs/annexes/cross-reference.md | 247 ++++++++++++++++++++++++++++++++ docs/annexes/getting-started.md | 2 +- mkdocs.yml | 1 + 4 files changed, 284 insertions(+), 20 deletions(-) create mode 100644 docs/annexes/cross-reference.md diff --git a/bin/check-examples.sh b/bin/check-examples.sh index 29b0c9e6b..1a1eeca62 100755 --- a/bin/check-examples.sh +++ b/bin/check-examples.sh @@ -25,25 +25,43 @@ done T=$(mktemp -d) +check_schema() { + check-jsonschema \ + -v \ + --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ + "$1" +} + +check_model() { + pyshacl \ + -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ + -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ + "$1" +} + + for f in $THIS_DIR/../docs/annexes/*.md; do - if ! grep -q '```json' $f; then + if ! grep -q '^```json' $f; then continue fi echo "Checking $f" - echo "" > $T/temp.json + DEST=$T/$(basename $f) + mkdir -p $DEST + + cat $f | awk -v DEST="$DEST" 'BEGIN{flag=0} /^```json/, $0=="```" { if (/^---$/){flag++} else if ($0 !~ /^```.*/ ) print $0 > DEST "/doc-" flag ".spdx.json"}' - if ! grep -q '@context' $f; then - cat >> $T/temp.json < $DEST/combined.json + + for doc in $DEST/*.spdx.json; do + if ! grep -q '@context' $doc; then + mv $doc $doc.fragment + cat >> $doc <> $T/temp.json - - if ! grep -q '@context' $f; then - cat >> $T/temp.json <> $doc + cat >> $doc <> $DEST/combined.json + echo "," >> $DEST/combined.json + done - check-jsonschema \ - -v \ - --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ - $T/temp.json + echo "{}]" >> $DEST/combined.json - pyshacl \ - -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - $T/temp.json + check_model $DEST/combined.json done diff --git a/docs/annexes/cross-reference.md b/docs/annexes/cross-reference.md new file mode 100644 index 000000000..936fc2faa --- /dev/null +++ b/docs/annexes/cross-reference.md @@ -0,0 +1,247 @@ +# Annex I: Cross referencing in SPDX 3 (Informative) + +This document will walk though how to refer to SPDX Elements across documents +(e.g. cross reference). + +If you do would like to construct the complete example documents from this +Markdown file, use the following command: + +```shell +cat cross-reference.md | awk 'BEGIN{flag=0} /^```json/, $0=="```" { if (/^---$/){flag++} else if ($0 !~ /^```.*/ ) print $0 > "doc-" flag ".spdx.json"}' +``` + +## Linking via spdxId + +It is frequently desired (and necessary) to reference an SPDX 3 +[Element][Class_Element] that lives in one document from another. Since SPDX +documents are valid [JSON-LD][JSON_LD] documents, linking elements together can +be as simple as referencing the spdxId of one element from another (in the same +way that doing so within a document links Elements together. For example, +assume we have this document that contains a [Person][Class_Person] we want to +reference in another document: + +```json +{ + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@graph": [ + { + "type": "Person", + "spdxId": "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f", + "creationInfo": "_:creationinfo", + "name": "Joshua Watt", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "JPEWhacker@gmail.com" + } + ] + }, + { + "type": "CreationInfo", + "@id": "_:creationinfo", + "specVersion": "3.0.0", + "createdBy": [ + "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" + ], + "created": "2024-03-06T00:00:00Z" + }, + { + "type": "SpdxDocument", + "spdxId": "https://spdx.org/spdxdocs/Document1-7bd25aaf-64b7-4ccc-aa85-84695cef4c17", + "creationInfo": "_:creationinfo", + "profileConformance": [ + "core" + ], + "rootElement": [ + "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" + ] + } + ] +} +``` + +Now, in our new document we can reference the "Joshua Watt" person by simply +referring to it by its spdxId. For example, to indicate that this new document +was also written by the same person, we can reference it in the creation info +(note the [createdBy][Property_createdBy] property): + +```json +--- +{ + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@graph": [ + { + "type": "CreationInfo", + "@id": "_:creationinfo1", + "specVersion": "3.0.0", + "createdBy": [ + "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" + ], + "created": "2024-05-08T00:00:00Z" + }, +``` + +## Imports + +This is sufficient to link documents in JSON-LD, but it is missing some useful +information that SPDX requires you to specify. Namely, since spdxIds are _not_ +necessarily resolvable URLs, this gives no indication as to where the +[Person][Class_Person] can be found. In order to provide this information, SPDX +requires that all externally referenced spdxIds be enumerated in the +[imports][Property_imports] property of the local +[SpdxDocument][Class_SpdxDocument]. Lets start by writing the preamble for the +SpdxDocument: + +```json + { + "type": "SpdxDocument", + "spdxId": "https://spdx.org/spdxdocs/Document2-72d52ac3-3642-47be-9f83-8fbef6a962b4", + "creationInfo": "_:creationinfo1", + "profileConformance": [ + "core", + "software" + ], + "imports": [ +``` + +The [imports][Property_imports] property is a list of +[ExternalMap][Class_ExternalMap] objects, one for each external spdxId being +referenced. The class has one required property called +[externalSpdxId][Property_externalSpdxId] which is the external spdxId being +described: + +```json + { + "type": "ExternalMap", + "externalSpdxId": "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f", + +``` + +In addition to this, there are a few optional fields. The first is the +[locationHint][Property_locationHint] property which is a URI that indicates +where the document that contains the external spdxId may be located. Since this +is an actual resolvable URI, consumers of the document can use locate the +unresolved spdxId. While optional, this field is recommended: + +```json + "locationHint": "http://downloads.example.com/Document1.spdx.json", +``` + +In addition to the location, the [verifiedUsing][Property_verifiedUsing] +property indicates how a user can verify the integrity of the external document +to ensure it has not been tampered with. It can be 0 or more +[IntegrityMethod][Class_IntegrityMethod] objects. While also optional, it is +recommended to include at least one: + +```json + "verifiedUsing": [{ + "type": "Hash", + "algorithm": "sha256", + "hashValue": "3ba8c249c1ba1b6fe20582de88a5123b317632a5a94ba27199d01724df4eb149" + }], +``` + +Finally, the [definingArtifact][Property_definingArtifact] allows a much richer +expression of information about the document that contains the external spdxId +by linking to a complete [Artifact][Class_Artifact] element. This field is also +optional, but if you need the impressive expressive power of the `Artifact` +class, it is also recommended: + +```json + "definingArtifact": "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577" +``` + +It should be noted that it is reasonable for the `definingArtifact` itself to +be an external spdxId, as long as it also has the relevant entry in `imports`. + +We also need to add an import for the [SpdxDocument][Class_SpdxDocument] that +contains the author, as we will be referencing it later, so lets do that now: + +```json + }, + { + "type": "ExternalMap", + "externalSpdxId": "https://spdx.org/spdxdocs/Document1-7bd25aaf-64b7-4ccc-aa85-84695cef4c17", + "locationHint": "http://downloads.example.com/Document1.spdx.json", + "verifiedUsing": [{ + "type": "Hash", + "algorithm": "sha256", + "hashValue": "3ba8c249c1ba1b6fe20582de88a5123b317632a5a94ba27199d01724df4eb149" + }], + "definingArtifact": "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577" + } +``` + +And that is it! By providing this information you are explaining to consumer of +the document how they can resolve the external spdxIds. + +Lets close out our SpdxDocument + +```json + ] + }, +``` + +Since we are using an [Artifact][Class_Artifact] that describes the SpdxDocument +containing the external spdxId, we need to write that now: + +```json + { + "type": "software_File", + "spdxId": "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577", + "creationInfo": "_:creationinfo1", + "software_fileKind": "file", + "software_primaryPurpose": "file", + "software_contentType": "application/spdx+json", + "verifiedUsing": [{ + "type": "Hash", + "algorithm": "sha256", + "hashValue": "3ba8c249c1ba1b6fe20582de88a5123b317632a5a94ba27199d01724df4eb149" + }], + "originatedBy": [ + "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" + ], + "suppliedBy": "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f", + "releaseTime": "2024-03-06T00:00:00Z", + "builtTime": "2024-03-06T00:00:00Z" + }, +``` + +Finally, since we are using an [Artifact][Class_Artifact], we need to add a +[Relationship][Class_Relationship] with type `serailizedInArtifact` to link the +artifact and the serialized [SpdxDocument][Class_SpdxDocument]. Note that this +is where the `spdxId` of the `SpdxDocument` is referenced which is why we +needed to import it earlier: + +```json + { + "spdxId": "https://spdx.org/spdxdocs/Relationship/serializedInArtifact-141ec767-40f2-4aad-9658-ac2703f3a7d9", + "type": "Relationship", + "creationInfo": "_:creationinfo1", + "relationshipType": "serializedInArtifact", + "from": "https://spdx.org/spdxdocs/Document1-7bd25aaf-64b7-4ccc-aa85-84695cef4c17", + "to": [ + "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577" + ] + } + ] +} +``` + +Happy Linking! + +[Class_Artifact]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Artifact +[Class_Element]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Element +[Class_ExternalMap]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/ExternalMap +[Class_IntegrityMethod]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/IntegrityMethod +[Class_Person]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Person +[Class_SpdxDocument]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/SpdxDocument +[Class_Relationship]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Relationship +[JSON_LD]: https://json-ld.org/ +[Property_createdBy]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/createdBy +[Property_definingArtifact]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/definingArtifact +[Property_externalSpdxId]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/externalSpdxId +[Property_imports]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/imports +[Property_verifiedUsing]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/verifiedUsing +[Property_locationHint]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/locationHint diff --git a/docs/annexes/getting-started.md b/docs/annexes/getting-started.md index 2a1392432..f792a6d7c 100644 --- a/docs/annexes/getting-started.md +++ b/docs/annexes/getting-started.md @@ -16,7 +16,7 @@ If you do would like to construct the complete example from this Markdown file, use the following command: ```shell -cat getting-started.md | awk '/^```json/, $0=="```" {if ($0 !~ /^```.*/ ) print}' +cat getting-started.md | awk 'BEGIN{flag=0} /^```json/, $0=="```" { if (/^---$/){flag++} else if ($0 !~ /^```.*/ ) print $0 > "doc-" flag ".spdx.json"}' ``` Please note that all descriptions of properties, classes, etc. are diff --git a/mkdocs.yml b/mkdocs.yml index c94bc0dd4..27b6852f2 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -334,6 +334,7 @@ nav: - 'Using SPDX to comply with norms, standards and regulation': annexes/using-SPDX-to-comply-with-industry-guidance.md - 'Including Security Information in SPDX': annexes/including-security-information-in-SPDX.md - 'SPDX Lite': annexes/SPDX-Lite.md + - 'Cross-referencing in SPDX 3': annexes/cross-reference.md - licenses: - 'Creative Commons Attribution License 3.0 Unported': licenses/CC-BY-3.0.md - 'Community Specification License 1.0': licenses/Community-Spec-1.0.md From 3b9b79bb36798c29b0f17f1624586f0018be9018 Mon Sep 17 00:00:00 2001 From: Alexios Zavras Date: Thu, 9 May 2024 12:40:27 +0200 Subject: [PATCH 12/26] Fixes ABNF for license expressions Signed-off-by: Alexios Zavras Signed-off-by: Marc-Etienne Vargenau --- docs/annexes/SPDX-license-expressions.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/annexes/SPDX-license-expressions.md b/docs/annexes/SPDX-license-expressions.md index fb02edf72..07cc45081 100644 --- a/docs/annexes/SPDX-license-expressions.md +++ b/docs/annexes/SPDX-license-expressions.md @@ -6,7 +6,7 @@ Often a single license can be used to represent the licensing terms of a source SPDX License Expressions provide a way for one to construct expressions that more accurately represent the licensing terms typically found in open source software source code. A license expression could be a single license identifier found on the SPDX License List; a user defined license reference denoted by the LicenseRef-`[idString]`; a license identifier combined with an SPDX exception; or some combination of license identifiers, license references and exceptions constructed using a small set of defined operators (e.g., `AND`, `OR`, `WITH` and `+`). We provide the definition of what constitutes a valid SPDX License Expression in this section. -The exact syntax of license expressions is described below in [ABNF](http://tools.ietf.org/html/rfc5234). +The exact syntax of license expressions is described below in ABNF, as defined in [RFC5234](http://tools.ietf.org/html/rfc5234) and expanded in [RFC7405](http://tools.ietf.org/html/rfc7405). ```text idstring = 1*(ALPHA / DIGIT / "-" / "." ) @@ -15,9 +15,9 @@ license-id = license-exception-id = -license-ref = ["DocumentRef-"(idstring)":"]"LicenseRef-"(idstring) +license-ref = [%s"DocumentRef-"(idstring)":"]%s"LicenseRef-"(idstring) -addition-ref = ["DocumentRef-"(idstring)":"]"AdditionRef-"(idstring) +addition-ref = [%s"DocumentRef-"(idstring)":"]%s"AdditionRef-"(idstring) simple-expression = license-id / license-id"+" / license-ref @@ -25,11 +25,11 @@ addition-expression = license-exception-id / addition-ref compound-expression = (simple-expression / - simple-expression ( "WITH" / "with" ) addition-expression / + simple-expression ( %s"WITH" / %s"with" ) addition-expression / - compound-expression ( "AND" / "and" ) compound-expression / + compound-expression ( %s"AND" / %s"and" ) compound-expression / - compound-expression ( "OR" / "or" ) compound-expression / + compound-expression ( %s"OR" / %s"or" ) compound-expression / "(" compound-expression ")" ) @@ -74,8 +74,7 @@ LicenseRef-MIT-Style-1 DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2 ``` -The current set of valid license identifiers can be found in [spdx.org/licenses](https:/ -/spdx.org/licenses). +The current set of valid license identifiers can be found in [spdx.org/licenses](https://spdx.org/licenses). ## D.4 Composite license expressions From 90c37d1cac20d4a1fd31e37d37eb897c5bb04a4a Mon Sep 17 00:00:00 2001 From: stefan6419846 <96178532+stefan6419846@users.noreply.github.com> Date: Tue, 28 May 2024 16:36:34 +0200 Subject: [PATCH 13/26] Fix typo in TOC entry for Lite profile Signed-off-by: stefan6419846 <96178532+stefan6419846@users.noreply.github.com> Signed-off-by: Marc-Etienne Vargenau --- mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 27b6852f2..1b55e4fac 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -314,7 +314,7 @@ nav: - model/Build/Properties/environment.md - model/Build/Properties/parameters.md - Lite: - - 'Descrption': model/Lite/Lite.md + - 'Description': model/Lite/Lite.md - Extension: - 'Description': model/Extension/Extension.md - Classes: From 0b3ba0b14fe932f38c4a7dfef1d78faea3d4c4cf Mon Sep 17 00:00:00 2001 From: Joshua Watt Date: Tue, 21 May 2024 13:15:20 -0600 Subject: [PATCH 14/26] annexes: getting started: Fix SPDX IDs The SPDX IDs used in the example are fabricated, but not good examples to follow for users trying understand how to write their own documents. Fix this by using the "https://spdx.org/spdxdocs/" prefix and using a UUID at the end Signed-off-by: Joshua Watt Signed-off-by: Marc-Etienne Vargenau --- docs/annexes/getting-started.md | 38 ++++++++++++++++----------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/annexes/getting-started.md b/docs/annexes/getting-started.md index f792a6d7c..f7e076f00 100644 --- a/docs/annexes/getting-started.md +++ b/docs/annexes/getting-started.md @@ -76,7 +76,7 @@ say this is a [Person][Class_Person]. Next, we need to name our object: ```json - "spdxId": "http://spdx.example.com/Person/JoshuaWatt", + "spdxId": "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9", ``` Most objects can have some sort of "ID" property that gives it a name. In the @@ -96,7 +96,7 @@ are considered to be the same object, and any references to this URI is a reference to this _specific_ object we are creating. If you work for a company, own a domain, etc. it is encouraged to use that (or -some subdomain of it) in place of `spdx.example.com`. +some subdomain of it) in place of `spdx.org/spdxdocs`. In practice, many `spdxId` values will have some sort of hash or random UUID-like string incorporated to make them unique. @@ -231,7 +231,7 @@ who (or what) created the elements that are linked to this ```json "createdBy": [ - "http://spdx.example.com/Person/JoshuaWatt" + "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" ], ``` @@ -271,7 +271,7 @@ do that now: ```json { "type": "SpdxDocument", - "spdxId": "http://spdx.example.com/Document1", + "spdxId": "https://spdx.org/spdxdocs/Document1-d078aed9-384d-4a64-87cb-99c79647c8c9", "creationInfo": "_:creationinfo", ``` @@ -307,7 +307,7 @@ Element) references. Add this now and close our our ```json "rootElement": [ - "http://spdx.example.com/BOM1" + "https://spdx.org/spdxdocs/BOM-e2e955f5-c50e-4a3a-8c69-db152f0f4615" ] }, ``` @@ -365,7 +365,7 @@ Lets define our package: ```json { "type": "software_Package", - "spdxId": "http://spdx.example.com/amazing-widget", + "spdxId": "https://spdx.org/spdxdocs/Package-d1db6e61-aebe-4b13-ae73-d0f66018dbe0", "creationInfo": "_:creationinfo", ``` This should be familiar by now. Note the reuse of our previous @@ -425,7 +425,7 @@ property: ```json "originatedBy": [ - "http://spdx.example.com/Person/JoshuaWatt" + "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" ], ``` @@ -472,7 +472,7 @@ Lets get started with our first file, the program executable: ```json { "type": "software_File", - "spdxId": "http://spdx.example.com/amazing-widget/main", + "spdxId": "https://spdx.org/spdxdocs/File-8f79956e-4089-4166-9a71-457de77e4846", "creationInfo": "_:creationinfo", "name": "/usr/bin/amazing-widget", "verifiedUsing": [ @@ -484,7 +484,7 @@ Lets get started with our first file, the program executable: ], "builtTime": "2024-03-05T00:00:00Z", "originatedBy": [ - "http://spdx.example.com/Person/JoshuaWatt" + "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" ], ``` @@ -527,7 +527,7 @@ program: ```json { "type": "software_File", - "spdxId": "http://spdx.example.com/amazing-widget/config", + "spdxId": "https://spdx.org/spdxdocs/File-77808a5c-7a1b-43d1-9fa9-410a309ca9f3", "creationInfo": "_:creationinfo", "name": "/etc/amazing-widget.cfg", "verifiedUsing": [ @@ -539,7 +539,7 @@ program: ], "builtTime": "2024-03-05T00:00:00Z", "originatedBy": [ - "http://spdx.example.com/Person/JoshuaWatt" + "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" ], "software_primaryPurpose": "configuration" }, @@ -564,7 +564,7 @@ new one: ```json { "type": "Relationship", - "spdxId": "http://spdx.example.com/amazing-widet-contains", + "spdxId": "https://spdx.org/spdxdocs/Relationship/contains-6b0b7ce4-a069-406d-9088-9e91f65b79f0", "creationInfo": "_:creationinfo", ``` @@ -592,10 +592,10 @@ with them: you can think of them as an arrow pointing from their express this: ```json - "from": "http://spdx.example.com/amazing-widget", + "from": "https://spdx.org/spdxdocs/Package-d1db6e61-aebe-4b13-ae73-d0f66018dbe0", "to": [ - "http://spdx.example.com/amazing-widget/config", - "http://spdx.example.com/amazing-widget/main" + "https://spdx.org/spdxdocs/File-8f79956e-4089-4166-9a71-457de77e4846", + "https://spdx.org/spdxdocs/File-77808a5c-7a1b-43d1-9fa9-410a309ca9f3" ], ``` @@ -631,7 +631,7 @@ This is done by creating a [software_Sbom][Class_software_Sbom] object: ```json { "type": "software_Sbom", - "spdxId": "http://spdx.example.com/BOM1", + "spdxId": "https://spdx.org/spdxdocs/BOM-e2e955f5-c50e-4a3a-8c69-db152f0f4615", "creationInfo": "_:creationinfo", ``` @@ -647,7 +647,7 @@ of the SBOM, which is our [software_Package][Class_software_Package]: ```json "rootElement": [ - "http://spdx.example.com/amazing-widget" + "https://spdx.org/spdxdocs/Package-d1db6e61-aebe-4b13-ae73-d0f66018dbe0" ], ``` @@ -661,8 +661,8 @@ included: ```json "element": [ - "http://spdx.example.com/amazing-widget/main", - "http://spdx.example.com/amazing-widget/config" + "https://spdx.org/spdxdocs/File-8f79956e-4089-4166-9a71-457de77e4846", + "https://spdx.org/spdxdocs/File-77808a5c-7a1b-43d1-9fa9-410a309ca9f3" ], ``` From ef31947aa018bb8458ab3a0b26925c0c17af6bd3 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 10 Jun 2024 20:25:06 +0100 Subject: [PATCH 15/26] Add build instruction and flow diagram Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- README.md | 207 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 190 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 94f91e296..a8dd912eb 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,206 @@ # The System Package Data Exchange (SPDX®) Specification -The System Package Data Exchange (SPDX®) specification is an open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases. +The System Package Data Exchange (SPDX®) specification is an open standard +capable of representing systems with software components in as SBOMs +(Software Bill of Materials) and other AI, data and security references +supporting a range of risk management use cases. -The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance. +The SPDX standard helps facilitate compliance with free and open source +software licenses by standardizing the way license information is shared across +the software supply chain. SPDX reduces redundant work by providing a common +format for companies and communities to share important data about software +licenses and copyrights, thereby streamlining and improving compliance. This repository holds under active development version of the specification as: -* [MarkDown](https://github.com/spdx/spdx-spec/tree/master/chapters) (`master` branch) -* HTML (gh-pages branch, built on every commit to `master` and `development/` branches) - * [Current](https://spdx.github.io/spdx-spec/v3.0/) +- Markdown: + [`development/v3.0.1`](https://github.com/spdx/spdx-spec/tree/development/v3.0.1/docs) + branch +- HTML: `gh-pages` branch, built on every commit to the development branch, + see the workflow in + [`.github/workflows/publish_v3.yml`](/.github/workflows/publish_v3.yml) + - Current (3.0): -See for the official [releases of the specification](https://spdx.org/specifications) or additional information also the [SPDX website](https://spdx.org). +The model itself is under active development at +[spdx/spdx-3-model](https://github.com/spdx/spdx-3-model/) +repo (`main` branch). -## Specification Structure +See for the official +[releases of the specification](https://spdx.org/specifications) +or additional information also the SPDX website at . -The specification consists of a model which is generated from the [spdx-3-model](https://github.com/spdx/spdx-3-model) repository and additional information in the `docs` directory. +## Specification structure -The `examples` directory contains examples of various SPDX serializations for the current version of the spec. +This repository consists of these files and directories: -# Building the specification +- `bin/` - Scripts for spec generation. +- `docs/` - Specification content: + - `annexes/` - Annexes for the specification. + - `css/` - Style sheets for HTML. + - `images/` - Model diagrams. These image files are to be generated from a + diagram description file + [model.drawio](https://github.com/spdx/spdx-3-model/blob/main/model.drawio) + in `spdx/spdx-3-model` repo and manually copied here. + - `licenses/` - Licenses that used by the SPDX specifications. + - `model/` - Model files*. This subdirectory _is to be created_ by a script + from `spdx/spec-parser` repo, using model information from + `spdx/spdx-3-model` repo (see the build instructions below). +- `examples/` - Examples of various SPDX serializations for the current version + of the spec. +- `mkdocs.yml` - MkDocs recipe for the spec documentation generation. The + inclusion of model files and the order of chapters are defined here. -## Prerequisites +The specification consists of documents in the `docs/` directory from this +`spdx/spdx-spec` repository and a model which is generated from Markdown files +in the `spdx/spdx-3-model` repository. -You have to [MkDocs](http://mkdocs.org) installed on your machine. If you don't have it yet installed please follow these [installation instructions](http://www.mkdocs.org/#installation). +Note: The model Markdown files in the `spdx/spdx-3-model` repository use a +constrained format. Only a limited set of headings are allowed for processing +by the spec-parser. -## Building HTML +## Building the specification - # Execute built-in dev-server that lets you preview the specification - $ mkdocs serve +The specification building flow looks like this: - # Building static HTML site - $ mkdocs build +```text + +-------------------+ + |[spdx-3-model] | + | | | + | +- model/ ---- Constrained-Markdown files -+ + | | | | + | +- model.drawio -----------------+ | + +-------------------+ | | + | | + | | + +-------------------+ v | + |[spdx-spec] | draw.io | + | | | (manual) | + | +- docs/ | | | + | | | | | + | +- annexes/ | | v + | | | | spec-parser + | +- images/ <---- PNG images --+ | + | | | | + | +- licenses/ | | + | | | | + | +- model/ <----- Processed Markdown files ---+ + | | | + | +- index.md | + | | | + | +- *.md | + +-------------------+ + | + mike & mkdocs + | + v + +-------------------+ + | HTML website | + +-------------------+ +``` + +### Prerequisites + +Apart from Git and Python, you have to have [MkDocs](http://mkdocs.org) +installed on your machine. If you don't have it yet installed please follow +these [installation instructions](http://www.mkdocs.org/#installation). + +[WeasyPrint](https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#installation) +is also required for generating PDF files. To disable PDF generation, comment +out the these lines in your `mkdocs.yml` configuration file: + +```yaml +#- pdf-export: +# combined: true +``` + +### Preparing input files + +Next, you have to prepare the model files, the other specification files, +and the model parser, by cloning these repositoriess: +[`spdx/spdx-3-model`](https://github.com/spdx/spdx-3-model), +[`spdx/spdx-spec`](https://github.com/spdx/spdx-spec), and +[`spdx/spec-parser`](https://github.com/spdx/spec-parser) +to these paths: `spdx-3-model`, `spdx-spec`, and `spec-parser`, respectively: + +```shell +git clone https://github.com/spdx/spdx-3-model.git +git clone https://github.com/spdx/spdx-spec.git +git clone https://github.com/spdx/spec-parser.git +``` + +Install prerequisites for Python: + +```shell +pip3 install -r spdx-spec/requirements.txt +pip3 install -r spec-parser/requirements.txt +``` + +### Generating formatted Markdown files for MkDocs + +Model files in `spdx/spdx-3-model` repo are written in a specific format of +Markdown, with a limited set of allowed headings. The `spec-parser` processes +these model files to generate both ontology and final Markdown files suitable +for MkDocs. + +The `spec-parser` also performs automatic formatting on the resulting Markdown +files. For instance, it converts a list under the "Properties" heading into a +table. + +To check the model files and generate formatted files for MkDocs, run the +following command: + +```shell +python3 spec-parser/main.py spdx-3-model/model spdx-spec/docs/model +``` + +This will create well-formatted model files in the `spdx-spec/docs/model/` +directory. This directory contains two components: + +- Model ontology and diagram files: These files (`model.plantuml`, + `spdx-context.jsonld`, `spdx-model.dot`, `spdx-model.json-ld`, + `spdx-model.pretty-xml`, `spdx-model.ttl`, `spdx-model.xml`) + are ready for immediate use. +- Formatted Makdown files: These files (`.md` extension) are located in various + subdirectories and are intended for processing by MkDocs in the next step. + +### Building HTML + +With all spec and model files prepared, we will use MkDocs to assemble them +into a website. + +In side `spdx-spec/` directory, execute a built-in dev-server that let you +preview the specification: + +```shell +mkdocs serve +``` + +Or building a static HTML site: + +```shell +mkdocs build +``` + +## Configuring the website + +Inside `spdx-spec/` directory, there is a file `mkdocs.yml`. This is a +configuration file for MkDocs. + +Files intended for display and linking in the navigation bar should be +included in the `nav:` section. The order of filenames in this section +determines their order on the navigation bar. + +## Specifications on spdx.github.io/spdx-spec/ + +The SPDX specifications on are built +by using a workflow in +[`.github/workflows/publish_v3.yml`](/.github/workflows/publish_v3.yml). +This workflow uses [mike](https://github.com/jimporter/mike) to deploy multiple +versions of MkDocs-powered documentation. + +Deployed versions, their titles, and their aliases, can be seen in the file +[versions.json](https://github.com/spdx/spdx-spec/blob/gh-pages/versions.json) +in the `gh-pages` branch. + +mike is not required for local testing of a specific version of the +specification. From c72af4a422fed76c39c0e17dbb4096b34ba7721f Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 10 Jun 2024 20:48:51 +0100 Subject: [PATCH 16/26] Add info about version selector Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- README.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index a8dd912eb..77646b4fc 100644 --- a/README.md +++ b/README.md @@ -190,17 +190,18 @@ Files intended for display and linking in the navigation bar should be included in the `nav:` section. The order of filenames in this section determines their order on the navigation bar. -## Specifications on spdx.github.io/spdx-spec/ +## Specification versions on spdx.github.io/spdx-spec/ The SPDX specifications on are built by using a workflow in [`.github/workflows/publish_v3.yml`](/.github/workflows/publish_v3.yml). -This workflow uses [mike](https://github.com/jimporter/mike) to deploy multiple -versions of MkDocs-powered documentation. +This workflow uses [mike](https://github.com/jimporter/mike) to publish +multiple versions of MkDocs-powered documentation. -Deployed versions, their titles, and their aliases, can be seen in the file +The published versions, their titles, and aliases are listed in the file [versions.json](https://github.com/spdx/spdx-spec/blob/gh-pages/versions.json) -in the `gh-pages` branch. +located in the `gh-pages` branch. These versions populate the version selector +dropdown on the website. The line `run: mike deploy` in the GitHub workflow +file determines the title and alias. -mike is not required for local testing of a specific version of the -specification. +mike is not needed for local testing of a specific spec version. From aadcb3f02da26f4afb57a1971c6efe421c8f998a Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 10 Jun 2024 21:20:08 +0100 Subject: [PATCH 17/26] Add info about existing model output directory Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 77646b4fc..cf5df04bc 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,14 @@ directory. This directory contains two components: - Formatted Makdown files: These files (`.md` extension) are located in various subdirectories and are intended for processing by MkDocs in the next step. +If the output directory already exists, the `spec-parser` will not overwrite +it. If you edited a model file and want to regenerate the formatted files, you +have to delete the existing `spdx-spec/docs/model` directory first: + +```shell +rm -rf spdx-spec/docs/model +``` + ### Building HTML With all spec and model files prepared, we will use MkDocs to assemble them From e5fff7f3dffdad35e599dd2ee8012e5184f4c9a0 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Tue, 11 Jun 2024 07:45:16 +0100 Subject: [PATCH 18/26] Add strict mode and debug info Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index cf5df04bc..a01c3aeb8 100644 --- a/README.md +++ b/README.md @@ -189,6 +189,18 @@ Or building a static HTML site: mkdocs build ``` +To abort the build immediately when there is a warning, enables strict mode: + +```shell +mkdocs build --strict +``` + +To get debug messages, enables verbose output: + +```shell +mkdocs build --verbose +``` + ## Configuring the website Inside `spdx-spec/` directory, there is a file `mkdocs.yml`. This is a From d7c6dbd90a4187ad215698462e4250bef50c1a42 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Tue, 11 Jun 2024 16:55:12 +0100 Subject: [PATCH 19/26] Use relative path Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a01c3aeb8..a1e6d47e6 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ This repository holds under active development version of the specification as: branch - HTML: `gh-pages` branch, built on every commit to the development branch, see the workflow in - [`.github/workflows/publish_v3.yml`](/.github/workflows/publish_v3.yml) + [`.github/workflows/publish_v3.yml`](.github/workflows/publish_v3.yml) - Current (3.0): The model itself is under active development at @@ -54,8 +54,8 @@ The specification consists of documents in the `docs/` directory from this `spdx/spdx-spec` repository and a model which is generated from Markdown files in the `spdx/spdx-3-model` repository. -Note: The model Markdown files in the `spdx/spdx-3-model` repository use a -constrained format. Only a limited set of headings are allowed for processing +Note: The model files in the `spdx/spdx-3-model` repository use a constrained +format of Markdown. Only a limited set of headings are allowed to be processed by the spec-parser. ## Building the specification @@ -214,7 +214,7 @@ determines their order on the navigation bar. The SPDX specifications on are built by using a workflow in -[`.github/workflows/publish_v3.yml`](/.github/workflows/publish_v3.yml). +[`.github/workflows/publish_v3.yml`](.github/workflows/publish_v3.yml). This workflow uses [mike](https://github.com/jimporter/mike) to publish multiple versions of MkDocs-powered documentation. From f2380787b74eec5ca64448ecebf15c01fd8092f1 Mon Sep 17 00:00:00 2001 From: Alexios Zavras Date: Sat, 1 Jun 2024 10:53:29 +0200 Subject: [PATCH 20/26] Adds a new annex on license matching Signed-off-by: Alexios Zavras Signed-off-by: Marc-Etienne Vargenau --- ...cense-matching-guidelines-and-templates.md | 223 ++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 224 insertions(+) create mode 100644 docs/annexes/license-matching-guidelines-and-templates.md diff --git a/docs/annexes/license-matching-guidelines-and-templates.md b/docs/annexes/license-matching-guidelines-and-templates.md new file mode 100644 index 000000000..bb7f5611f --- /dev/null +++ b/docs/annexes/license-matching-guidelines-and-templates.md @@ -0,0 +1,223 @@ +# Annex C License matching guidelines and templates (Informative) + +## C.1 SPDX license list matching guidelines + +The SPDX License List Matching Guidelines provide guidelines to be used for the purposes of matching licenses and license exceptions against those included on the SPDX License List. There is no intent here to make a judgment or interpretation, but merely to ensure that when one SPDX user identifies a license as "BSD-3-Clause," for example, it is indeed the same license as what someone else identifies as "BSD-3-Clause" and the same license as what is listed on the SPDX License List. As noted here, some of the matching guidelines are implemented in the XML files of the SPDX License List repository. + +## C.2 How these guidelines are applied + +### C.2.1 Purpose + +To ensure consistent results by different SPDX document creators when matching license information that will be included in the License Information in File field. SPDX document creators or tools may match on the license or exception text itself, the official license header, or the SPDX License List short identifier. + +### C.2.2 Guideline: official license headers + +The matching guidelines apply to license and exception text, as well as official license headers. Official license headers are defined by the SPDX License List as specific text specified within the license itself to be put in the header of files. (see [explanation of SPDX License List fields](https://github.com/spdx/license-list-XML/blob/master/DOCS/license-fields.md) for more info). + +The following XML tag is used to implement this guideline: `` + +## C.3 Substantive text + +### C.3.1 Purpose + +To ensure that when matching licenses and exceptions to the SPDX License List, there is an appropriate balance between matching against the substantive text and disregarding parts of the text that do not alter the substantive text or legal meaning. Further guidelines of what can be disregarded or considered replaceable for purposes of matching are listed below here and in the subsequent specific guidelines. A conservative approach is taken in regard to rules relating to disregarded or replaceable text. + +### C.3.2 Guideline: verbatim text + +License and exception text should be the same verbatim text (except for the guidelines stated here). The text should be in the same order, e.g., differently ordered paragraphs would not be considered a match. + +### C.3.3 Guideline: no additional text + +Matched text should only include that found in the vetted license or exception text. Where a license or exception found includes additional text or clauses, this should not be considered a match. + +### C.3.4 Guideline: replaceable text + +Some licenses include text that refers to the specific copyright holder or author, yet the rest of the license is exactly the same. The intent here is to avoid the inclusion of a specific name in one part of the license resulting in a non-match where the license is otherwise an exact match to the legally substantive terms (e.g., the third clause and disclaimer in the BSD licenses, or the third, fourth, and fifth clauses of Apache-1.1). In these cases, there should be a positive license match. + +The text indicated as such can be replaced with similar values (e.g., a different name or generic term; different date) and still be considered a positive match. This rule also applies to text-matching in official license headers (see Guideline: official license headers). + +The following XML tag is used to implement this guideline. `` with 2 attributes: + +* `match` - a POSIX extended regular expression (ERE) to match the replaceable text +* `name` - an identifier for the variable text unique to the license XML document + +The original text is enclosed within the beginning and ending alt tags. + +For example: `Copyright Linux Foundation` + +The original replaceable text appears on the SPDX License List webpage in red text. + +### C.3.5 Guideline: omittable text + +Some licenses have text that can simply be ignored. The intent here is to avoid the inclusion of certain text that is superfluous or irrelevant in regards to the substantive license text resulting in a non-match where the license is otherwise an exact match (e.g., directions on how to apply the license or other similar exhibits). In these cases, there should be a positive license match. + +The license should be considered a match if the text indicated is present and matches OR the text indicated is missing altogether. + +The following XML tag is used to implement this guideline: `` + +For example: `Apache License Version 2.0, January 2004 http://www.apache.org/licenses/` + +Omittable text appears on the SPDX License List webpage in blue text. + +## C.4 Whitespace + +### C.4.1 Purpose + +To avoid the possibility of a non-match due to different spacing of words, line breaks, or paragraphs. + +### C.4.2 Guideline + +All whitespace should be treated as a single blank space. + +XML files do not require specific markup to implement this guideline. + +## C.5 Capitalization + +### C.5.1 Purpose + +To avoid the possibility of a non-match due to lowercase or uppercase letters in otherwise the same words. + +### C.5.2 Guideline + +All uppercase and lowercase letters should be treated as lowercase letters. + +XML files do not require specific markup to implement this guideline. + +## C.6 Punctuation + +### C.6.1 Purpose + +Because punctuation can change the meaning of a sentence, punctuation needs to be included in the matching process. + +XML files do not require specific markup to implement this guideline, unless to indicate an exception to the guideline. + +### C.6.2 Guideline: punctuation + +Punctuation should be matched, unless otherwise stated in these guidelines or unless specific markup is added. + +### C.6.3 Guideline: hyphens, dashes + +Any hyphen, dash, en dash, em dash, or other variation should be considered equivalent. + +### C.6.4 Guideline: Quotes + +Any variation of quotations (single, double, curly, etc.) should be considered equivalent. + +## C.7 Code Comment Indicators or Separators + +### C.7.1 Purpose + +To avoid the possibility of a non-match due to the existence or absence of code comment indicators placed within the license text, e.g., at the start of each line of text, or repetitive characters to establish a separation of text, e.g., ---, ===, ___, or ***. + +### C.7.2 Guideline + +Any kind of code comment indicator or prefix which occurs at the beginning of each line in a matchable section should be ignored for matching purposes. + +XML files do not require specific markup to implement this guideline. + +### C.7.3 Guideline + +A non-letter character repeated 3 or more times to establish a visual separation should be ignored for matching purposes. + +XML files do not require specific markup to implement this guideline. + +## C.8 Bullets and numbering + +### C.8.1 Purpose + +To avoid the possibility of a non-match due to the otherwise same license using bullets instead of numbers, number instead of letter, or no bullets instead of bullet, etc., for a list of clauses. + +### C.8.2 Guideline + +Where a line starts with a bullet, number, letter, or some form of a list item (determined where list item is followed by a space, then the text of the sentence), ignore the list item for matching purposes. + +The following XML tag is used to implement this guideline: `` + +For example: `1.0` + +## C.9 Varietal word spelling + +### C.9.1 Purpose + +English uses different spelling for some words. By identifying the spelling variations for words found or likely to be found in licenses, we avoid the possibility of a non-match due to the same word being spelled differently. This list is not meant to be an exhaustive list of all spelling variations, but meant to capture the words most likely to be found in open source software licenses. + +### C.9.2 Guideline + +The words in each line of the text file available at are considered equivalent and interchangeable. + +XML files do not require specific markup to implement this guideline. + +## C.10 Copyright symbol + +### C.10.1 Purpose + +By having a rule regarding the use of "©", "(c)", or "copyright", we avoid the possibility of a mismatch based on these variations. + +### C.10.2 Guideline + +"©", "(c)", or "Copyright" should be considered equivalent and interchangeable. + +XML files do not require specific markup to implement this guideline. The copyright symbol is part of the copyright notice, see implementation of that guideline below. + +## C.11 Copyright notice + +### C.11.1 Purpose + +To avoid a license mismatch merely because the copyright notice (usually found above the actual license or exception text) is different. The copyright notice is important information to be recorded elsewhere in the SPDX document, but for the purposes of matching a license to the SPDX License List, it should be ignored because it is not part of the substantive license text. + +### C.11.2 Guideline + +Ignore copyright notices. A copyright notice consists of the following elements, for example: "2012 Copyright, John Doe. All rights reserved." or "(c) 2012 John Doe." + +The following XML tag is used to implement this guideline: `` + +For example: `Copyright 2022 Linux Foundation` + +## C.12 License name or title + +### C.12.1 Purpose + +To avoid a license mismatch merely because the name or title of the license is different than how the license is usually referred to or different than the SPDX full name. This also avoids a mismatch if the title or name of the license is simply not included. + +### C.12.2 Guideline + +Ignore the license name or title for matching purposes, so long as what ignored is the title only and there is no additional substantive text added here. + +The following XML tag is used to implement this guideline: `` + +For example: `Attribution Assurance License` + +## C.13 Extraneous text at the end of a license + +### C.13.1 Purpose + +To avoid a license mismatch merely because extraneous text that appears at the end of the terms of a license is different or missing. This also avoids a mismatch if the extraneous text merely serves as a license notice example and includes a specific copyright holder's name. + +### C.13.2 Guideline + +Ignore any text that occurs after the obvious end of the license and does not include substantive text of the license, for example: text that occurs after a statement such as, "END OF TERMS AND CONDITIONS," or an exhibit or appendix that includes an example or instructions on to how to apply the license to your code. Do not apply this guideline or ignore text that is comprised of additional license terms (e.g., permitted additional terms under GPL-3.0, section 7). + +To implement this guideline, use the `` XML element tag as described in section C.3.5. + +## C.14 HTTP Protocol + +### C.14.1 Purpose + +To avoid a license mismatch due to a difference in a hyperlink protocol (e.g. http vs. https). + +### C.14.2 Guideline + +HTTP:// and HTTPS:// should be considered equivalent. + +XML files do not require specific markup to implement this guideline. + +## C.15 SPDX License list + +### C.15.1 Template access + +The license XML can be accessed in the license-list-data repository under the license-list-XML directory. Although the license list XML files can also be found in the [license-list-XML](https://github.com/spdx/license-list-XML) repo, users are encouraged to use the published versions in the [license-list-data](https://github.com/spdx/license-list-data) repository. The license-list-data repository is tagged by release. Only tagged released versions of the license list are considered stable. + +### C.15.2 License List XML format + +A full schema for the License List XML can be found at https://github.com/spdx/license-list-XML/blob/master/schema/ListedLicense.xsd. + diff --git a/mkdocs.yml b/mkdocs.yml index 1b55e4fac..d0b088f7b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -330,6 +330,7 @@ nav: - 'Getting started with SPDX 3': annexes/getting-started.md - 'RDF Object Model and Identifier Syntax': annexes/RDF-object-model-and-identifier-syntax.md - 'SPDX License Expressions': annexes/SPDX-license-expressions.md + - 'SPDX license list matching guidelines': annexes/license-matching-guidelines-and-templates.md - 'Using SPDX short identifiers in Source Files': annexes/using-SPDX-short-identifiers-in-source-files.md - 'Using SPDX to comply with norms, standards and regulation': annexes/using-SPDX-to-comply-with-industry-guidance.md - 'Including Security Information in SPDX': annexes/including-security-information-in-SPDX.md From 6d622231ab6842128ee16eb7c0388ae5fec54bdb Mon Sep 17 00:00:00 2001 From: Alexios Zavras Date: Sun, 2 Jun 2024 00:26:32 +0200 Subject: [PATCH 21/26] Adds pkg-url spec as an annex Signed-off-by: Alexios Zavras Signed-off-by: Marc-Etienne Vargenau --- docs/annexes/pkg-url-specification.md | 375 ++++++++++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 376 insertions(+) create mode 100644 docs/annexes/pkg-url-specification.md diff --git a/docs/annexes/pkg-url-specification.md b/docs/annexes/pkg-url-specification.md new file mode 100644 index 000000000..cfd13da3d --- /dev/null +++ b/docs/annexes/pkg-url-specification.md @@ -0,0 +1,375 @@ +# Annex E: Package URL specification v1 (Normative) + +## E.1 Introduction + +The Package URL core specification defines a versioned and formalized +format, syntax, and rules used to represent and validate package URLs. + +A package URL or _purl_ is an attempt to standardize existing approaches +to reliably identify the location of software packages. + +A _purl_ is a URL string used to identify the location of a +software package in a mostly universal and uniform way across +programming languages, package managers, packaging conventions, tools, +APIs and databases. + +Such a package URL is useful to reliably reference the same software +package using a simple and expressive syntax and conventions based on +familiar URLs. + +## E.2 Syntax definition + +_purl_ stands for **package URL**. + +A _purl_ is a URL composed of seven components: + + scheme:type/namespace/name@version?qualifiers#subpath + +Components are separated by a specific character for unambiguous parsing. + +The definition for each components is: + +- **scheme**: this is the URL scheme with the constant value of "`pkg`". One of the primary reason for this single scheme is to facilitate the future official registration of the "`pkg`" scheme for package URLs. Required. +- **type**: the package type or package protocol such as maven, npm, nuget, gem, pypi, etc. Required. +- **namespace**: some name prefix such as a Maven groupid, a Docker image owner, a GitHub user or organization. Optional and type-specific. +- **name**: the name of the package. Required. +- **version**: the version of the package. Optional. +- **qualifiers**: extra qualifying data for a package such as an OS, architecture, a distribution, etc. Optional and type-specific. +- **subpath**: extra subpath within a package, relative to the package root. Optional. + +Components are designed such that they form a hierarchy from the most +significant on the left to the least significant components on the right. + +A _purl_ is a valid URL and URI that conforms to the URL definitions +and specifications in RFC 3986 . + +A _purl_ must not contain a URL Authority i.e. there is no +support for username, password, host and port components. +A `namespace` segment may sometimes look like a host +but its interpretation is specific to a type. + +The _purl_ components are mapped to the following URL components: + +- _purl_ scheme: this is a URL scheme with a constant value: `pkg` +- _purl_ type, namespace, name and version components: these are collectively mapped to a URL path +- _purl_ qualifiers: this maps to a URL query +- _purl_ subpath: this is a URL fragment + +## E.3 Character encoding + +For clarity and simplicity a _purl_ is always an ASCII string. +To ensure that there is no ambiguity when parsing a _purl_, +separator characters and non-ASCII characters must be encoded in UTF-8, +and then percent-encoded as defined in RFC 3986 . + +Use these rules for percent-encoding and decoding _purl_ components: + +- the type must NOT be encoded and must NOT contain separators +- the `#`, `?`, `@` and `:` characters must NOT be encoded when used as separators. They may need to be encoded elsewhere +- the `:` scheme and type separator does not need to and must NOT be encoded. It is unambiguous unencoded everywhere +- the `/` used as type/namespace/name and subpath segments separator does not need to and must NOT be percent-encoded. It is unambiguous unencoded everywhere +- the `@` version separator must be encoded as `%40` elsewhere +- the `?` qualifiers separator must be encoded as `%3F` elsewhere +- the `=` qualifiers key/value separator must NOT be encoded +- the `#` subpath separator must be encoded as `%23` elsewhere +- All non-ASCII characters must be encoded as UTF-8 and then percent-encoded + +It is OK to percent-encode any _purl_ components, except for the type. +Producers and consumers of _purl_ data +must always percent-decode and percent-encode +components and component segments +as explained in the "How to produce and consume _purl_ data" section. + +## E.4 Rules for each component + +A _purl_ string is an ASCII URL string composed of seven components. + +Some components are allowed to use other characters beyond ASCII: these +components must then be UTF-8-encoded strings and percent-encoded as +defined in the "Character encoding" section. + +The rules for each component are: + +### E.4.1 Rules for scheme + +- The scheme is a constant with the value "`pkg`" +- Since a _purl_ never contains a URL Authority, its scheme must not be suffixed with double slash as in `pkg://` and should use instead `pkg:`. +- _purl_ parsers must accept URLs such as 'pkg://' and must ignore the '//'. +- _purl_ builders must not create invalid URLs with such double slash '//'. +- The scheme is followed by a ':' separator. +- For example, the two purls `pkg:gem/ruby-advisory-db-check@0.12.4` and `pkg://gem/ruby-advisory-db-check@0.12.4` are strictly equivalent. The first is in canonical form while the second is an acceptable _purl_ but is an invalid URI/URL per RFC3986. + +### E.4.2 Rules for type + +- The package type is composed only of ASCII letters and numbers, `.`, `+` and `-` (period, plus, and dash). +- The type cannot start with a number. +- The type cannot contain spaces. +- The type must not be percent-encoded. +- The type is case insensitive, with the canonical form being lowercase. + +### E.4.3 Rules for namespace + +- The optional namespace contains zero or more segments, separated by slash `/`. +- Leading and trailing slashes `/` are not significant and should be stripped in the canonical form. They are not part of the namespace. +- Each namespace segment must be a percent-encoded string. +- When percent-decoded, a segment must not contain a slash `/` and must not be empty. +- A URL host or Authority must NOT be used as a namespace. Use instead a `repository_url` qualifier. Note however that for some types, the namespace may look like a host. + +### E.4.4 Rules for name + +- The name is prefixed by a slash `/` separator when the namespace is not empty. +- This slash `/` is not part of the name. +- A name must be a percent-encoded string. + +### E.4.5 Rules for version + +- The version is prefixed by a at-sign `@` separator when not empty. +- This at-sign `@` is not part of the version. +- A version must be a percent-encoded string. +- A version is a plain and opaque string. Some package types use versioning conventions such as semver for NPMs or nevra conventions for RPMS. A type may define a procedure to compare and sort versions, but there is no reliable and uniform way to do such comparison consistently. + +### E.4.6 Rules for qualifiers + +- The qualifiers string is prefixed by a `?` separator when not empty. +- This `?` is not part of the qualifiers. +- This is a string composed of zero or more key=value pairs each separated by an ampersand `&`. A key and value are separated by an equal `=` character. +- These `&` are not part of the key=value pairs. +- Each key must be unique within the keys of the qualifiers string. +- A value cannot be an empty string; a key=value pair with an empty value is the same as no key/value at all for this key. +- Each key must be composed only of ASCII letters and numbers, `.`, `-` and `\_` (period, dash and underscore). +- A key cannot start with a number. +- A key must NOT be percent-encoded. +- A key is case insensitive, with the canonical form being lowercase. +- A key cannot contain spaces. +- A value must be a percent-encoded string. +- The `=` separator is neither part of the key nor of the value. + +### E.4.7 Rules for subpath + +- The subpath string is prefixed by a `#` separator when not empty. +- This `#` is not part of the subpath. +- The subpath contains zero or more segments, separated by slash `/`. +- Leading and trailing slashes `/` are not significant and should be stripped in the canonical form. +- Each subpath segment must be a percent-encoded string. +- When percent-decoded, a segment must not contain a `/`, must not be any of `..` or `.`, and must not be empty. +- The subpath must be interpreted as relative to the root of the package. + +## E.5 Known types + +There are several known _purl_ package type definitions. +The current list of known types is: +`alpm`, +`apk`, +`bitbucket`, +`bitnami`, +`cargo`, +`cocoapods`, +`composer`, +`conan`, +`conda`, +`cpan`, +`cran`, +`deb`, +`docker`, +`gem`, +`generic`, +`github`, +`golang`, +`hackage`, +`hex`, +`huggingface`, +`luarocks`, +`maven`, +`mlflow`, +`npm`, +`nuget`, +`oci`, +`pub`, +`pypi`, +`qpkg`, +`rpm`, +`swid`, and +`swift`. + +The list, with definitions for each type, +is maintained in the file named `PURL-TYPES.rst` +in the online repository +https://github.com/package-url/purl-spec. + +## E.6 Known qualifiers key/value pairs + +Qualifiers should be limited to the bare minimum +for proper package identification, +to ensure that a _purl_ stays compact and readable in most cases. +Separate external attributes stored outside of a _purl_ +are the preferred mechanism to convey extra long and optional information. +API, database or web form. + +The following keys are valid for use in all package types: + +- `repository_url` is an extra URL for an alternative, non-default package repository or registry. + The default repository or registry of each type is documented in the "Known types" section. +- `download_url` is an extra URL for a direct package web download URL. +- `vcs_url` is an extra URL for a package version control system URL. +- `file_name` is an extra file name of a package archive. +- `checksum` is a qualifier for one or more checksums stored as a comma-separated list. + Each item in the list is in form of algorithm:hex\_value (all lowercase), + such as `sha1:ad9503c3e994a4f611a4892f2e67ac82df727086`. + +## E.7 How to produce and consume _purl_ data + +The following provides rules to be followed +when building or deconstructing _purl_ instances. + +### E.7.1 How to build _purl_ string from its components + +Building a _purl_ ASCII string works from left to right, from type to subpath. + +To build a _purl_ string from its components: + +1. Start a _purl_ string with the "`pkg:`" scheme as a lowercase ASCII string +1. Append the type string to the _purl_ as a lowercase ASCII string +1. Append `/` to the _purl_ +1. If the namespace is not empty: + + 1. Strip the namespace from leading and trailing `/` + 1. Split on `/` as segments + 1. Apply type-specific normalization to each segment, if needed + 1. Encode each segment in UTF-8-encoding + 1. Percent-encode each segment + 1. Join the segments with `/` + 1. Append this to the _purl_ + 1. Append `/` to the _purl_ + +1. Strip the name from leading and trailing `/` +1. Apply type-specific normalization to the name, if needed +1. Encode the name in UTF-8-encoding +1. Percent-encode the name +1. Append the percent-encoded name to the _purl_ +1. If the version is not empty: + + 1. Append `@` to the _purl_ + 1. Encode the version in UTF-8-encoding + 1. Percent-encode the version + 1. Append the percent-encoded version to the _purl_ + +1. If the qualifiers are not empty and not composed only of key/value pairs where the value is empty: + + 1. Append `?` to the _purl_ + 1. Discard any pair where the value is empty + 1. Encode each value in UTF-8-encoding + 1. If the key is `checksum` and there are more than one checksums, join the list with `,` to create the qualifier value + 1. Create each qualifier string by joining the lowercased key, the equal `=` sign, and the percent-encoded value + 1. Sort this list of qualifier strings lexicographically + 1. Join this list of sorted qualifier strings with `&` + 1. Append this string to the _purl_ + +1. If the subpath is not empty and not composed only of empty, `.`, and `..` segments: + + 1. Append `#` to the _purl_ + 1. Strip the subpath from leading and trailing `/` + 1. Split the subpath on `/` as a list of segments + 1. Discard empty, `.`, and `..` segments + 1. Encode each segment in UTF-8-encoding + 1. Percent-encode each segment + 1. Join the segments with `/` + 1. Append this string to the _purl_ + +### E.7.2 How to parse a _purl_ string to its components + +Parsing a _purl_ ASCII string into its components works +by splitting the string on different characters. + +To parse a _purl_ string in its components: + +1. Split the _purl_ string once from right on `#`, if present; the left side is the remainder. +1. If the right side is not empty, it contains subpath information: + + 1. Strip it from leading and trailing `/`. + 1. Split this on `/` in a list of segments. + 1. Discard empty, `.`, and `..` segments. + 1. Percent-decode each segment. + 1. UTF-8-decode each of these. + 1. Join segments with `/`. + 1. This is the subpath. + +1. Split the remainder once from right on `?`, if present; the left side is the remainder. +1. If the right side is not empty, it contains qualifiers information: + + 1. Split it on `&` in a list of key=value pairs. + 1. Split each pair once from left on `=` in key and value parts. + 1. The key is the lowercase left side. + 1. Percent-decode the right side. + 1. UTF-8-decode this to get the value. + 1. Discard any key/value pairs where the value is empty. + 1. If the key is `checksum`, split the value on `,` to create a list of checksums. + 1. This list of keys/values is the qualifiers. + +1. Split the remainder once from left on `:`; the right side is the remainder. +1. The left side lowercased is the scheme. It should be exactly "`pkg:`". +1. Strip the remainder from leading and trailing `/`. +1. Split this once from left on `/`; the right side is the remainder. +1. The left side lowercased is the type. +1. Split the remainder once from right on `@`, if present; the left side is the remainder. +1. If the right side is not empty, it contains version information: + + 1. Percent-decode the string. + 1. UTF-8-decode this. + 1. This is the version. + +1. Split the remainder once from right on `/`, if present; the left side is the remainder. +1. The right side contains name information. +1. Percent-decode the name string. +1. UTF-8-decode this. +1. Apply type-specific normalization, if needed. +1. This is the name. +1. If the remainder is not empty, it contains namespace information: + + 1. Split the remainder on `/` to a list of segments. + 1. Discard any empty segment. + 1. Percent-decode each segment. + 1. UTF-8-decode each of these. + 1. Apply type-specific normalization to each segment, if needed. + 1. Join segments with `/`. + 1. This is the namespace. + +## E.8 Examples + +The following list includes some valid _purl_ examples: + +- `pkg:bitbucket/birkenfeld/pygments-main@244fd47e07d1014f0aed9c` +- `pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessie` +- `pkg:gem/ruby-advisory-db-check@0.12.4` +- `pkg:github/package-url/purl-spec@244fd47e07d1004f0aed9c` +- `pkg:golang/google.golang.org/genproto#googleapis/api/annotations` +- `pkg:maven/org.apache.xmlgraphics/batik-anim@1.9.1?packaging=sources` +- `pkg:npm/foobar@12.3.1` +- `pkg:nuget/EnterpriseLibrary.Common@6.0.1304` +- `pkg:pypi/django@1.11.1` +- `pkg:rpm/fedora/curl@7.50.3-1.fc25?arch=i386&distro=fedora-25` + +## E.9 Original license + +This specification is based on the texts published +in the https://github.com/package-url/purl-spec online repository. +The original license and attribution are reproduced below: + +Copyright (c) the purl authors + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/mkdocs.yml b/mkdocs.yml index d0b088f7b..3a73c97b4 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -336,6 +336,7 @@ nav: - 'Including Security Information in SPDX': annexes/including-security-information-in-SPDX.md - 'SPDX Lite': annexes/SPDX-Lite.md - 'Cross-referencing in SPDX 3': annexes/cross-reference.md + - 'Package URL specification': annexes/pkg-url-specification.md - licenses: - 'Creative Commons Attribution License 3.0 Unported': licenses/CC-BY-3.0.md - 'Community Specification License 1.0': licenses/Community-Spec-1.0.md From 7c5027826828768e9bf935e0f28cd5a2001038ab Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 28 Apr 2024 23:51:36 +0100 Subject: [PATCH 22/26] Update publish_v3.yml to alias "v3.0" as "latest" Update `alias` argument for `mike deploy` to have `v3.0` as the `latest` `v3.0` was aliased as `v3-draft`, so `v2.3` still keep the `latest` alias. Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- .github/workflows/publish_v3.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_v3.yml b/.github/workflows/publish_v3.yml index 28f0b4ea6..561506881 100644 --- a/.github/workflows/publish_v3.yml +++ b/.github/workflows/publish_v3.yml @@ -49,5 +49,5 @@ jobs: run: git checkout gh-pages && git pull && git checkout development/v3.0 working-directory: spdx-spec - name: Build docs - run: mike deploy v3.0 v3-draft -b gh-pages -p + run: mike deploy v3.0 latest -b gh-pages -p working-directory: spdx-spec From eaca8842ddf11fb71c6f2094cf5fcd6e7e7ed61d Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 28 Apr 2024 23:56:34 +0100 Subject: [PATCH 23/26] Set mike canonical_version Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- mkdocs.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mkdocs.yml b/mkdocs.yml index 3a73c97b4..a59722dbf 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -4,6 +4,8 @@ use_directory_urls: true theme: readthedocs plugins: - search +- mike: + canonical_version: latest - pdf-export: combined: true extra_css: From 71b559a9ec50b32ac5eaedb2b8d3f5f93854d66a Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 6 May 2024 09:04:36 +0800 Subject: [PATCH 24/26] Update CI to build from and generate 3.0.1 Co-authored-by: Jeff Licquia Signed-off-by: Arthit Suriyawongkul Signed-off-by: Marc-Etienne Vargenau --- .github/workflows/publish_v3.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish_v3.yml b/.github/workflows/publish_v3.yml index 561506881..1db952c30 100644 --- a/.github/workflows/publish_v3.yml +++ b/.github/workflows/publish_v3.yml @@ -1,7 +1,7 @@ on: push: branches: - - development/v3.0 + - development/v3.0.1 repository_dispatch: types: - publish_v3_spec @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: - ref: development/v3.0 + ref: development/v3.0.1 path: spdx-spec fetch-depth: 0 # Because we will be pushing the gh-pages branch - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 @@ -39,15 +39,15 @@ jobs: shacl2code generate \ --input spdx-spec/docs/model/spdx-model.ttl \ --input spdx-spec/docs/model/jsonld-annotations.ttl \ - --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0.0/spdx-context.jsonld \ + --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0.1/spdx-context.jsonld \ jsonschema \ --output spdx-spec/docs/model/schema.json - name: Set git identity run: git config user.name ci-bot; git config user.email ci-bot@spdx.dev working-directory: spdx-spec - name: Sync gh-pages - run: git checkout gh-pages && git pull && git checkout development/v3.0 + run: git checkout gh-pages && git pull && git checkout development/v3.0.1 working-directory: spdx-spec - name: Build docs - run: mike deploy v3.0 latest -b gh-pages -p + run: mike deploy v3.0.1 latest -b gh-pages -p working-directory: spdx-spec From b4670b6884a5eef163460dc6ddff3e85e2e99238 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Tue, 16 Jul 2024 17:19:30 +0100 Subject: [PATCH 25/26] Update .github/workflows/publish_v3.yml Signed-off-by: Arthit Suriyawongkul Co-authored-by: Alexios Zavras (zvr) Signed-off-by: Marc-Etienne Vargenau --- .github/workflows/publish_v3.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_v3.yml b/.github/workflows/publish_v3.yml index 1db952c30..8160d59dc 100644 --- a/.github/workflows/publish_v3.yml +++ b/.github/workflows/publish_v3.yml @@ -39,7 +39,7 @@ jobs: shacl2code generate \ --input spdx-spec/docs/model/spdx-model.ttl \ --input spdx-spec/docs/model/jsonld-annotations.ttl \ - --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0.1/spdx-context.jsonld \ + --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0/spdx-context.jsonld \ jsonschema \ --output spdx-spec/docs/model/schema.json - name: Set git identity From 6a8614b74f21b592a0022ec3ac1d188e6edc54c3 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Tue, 16 Jul 2024 17:34:19 +0100 Subject: [PATCH 26/26] Use 3.0.1 for now Signed-off-by: Arthit Suriyawongkul Co-authored-by: Alexios Zavras (zvr) Signed-off-by: Marc-Etienne Vargenau --- .github/workflows/publish_v3.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish_v3.yml b/.github/workflows/publish_v3.yml index 8160d59dc..1db952c30 100644 --- a/.github/workflows/publish_v3.yml +++ b/.github/workflows/publish_v3.yml @@ -39,7 +39,7 @@ jobs: shacl2code generate \ --input spdx-spec/docs/model/spdx-model.ttl \ --input spdx-spec/docs/model/jsonld-annotations.ttl \ - --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0/spdx-context.jsonld \ + --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0.1/spdx-context.jsonld \ jsonschema \ --output spdx-spec/docs/model/schema.json - name: Set git identity