This is the official Siemens property taxonomy for CycloneDX.
For more information about CycloneDX property taxonomies, refer to their official documentation.
| Property | Description |
|---|---|
| siemens:direct | A flag indicating whether the component is a direct dependency (true) or a transitive
dependency (false).Intended for use in components[]/properties. |
| siemens:filename | The simple file name of the component, without path. For example, the simple name of a JAR file. Intended for use in components[]/properties. |
| siemens:legalRemark | Pass-through free text for legal remarks that need to be included in attribution information. A "legal
remark" is provided by the people creating the SBOM, normally the team behind the product described by
the SBOM. Intended for use in components[]/properties. |
| siemens:primaryLanguage | Indicates the primary programming language the artifact is written in. Intended for use in components[]/properties. |
| siemens:profile | A Siemens-internal declaration which indicates the use case for this SBOM. Depending on the profile,
Siemens-internal validation tooling will expect different fields to be present or not present in the
SBOM. Intended for use in metadata/properties. |
| siemens:thirdPartyNotices | The contents of all third-party notices found for the component, if any. Note that this is not the
path to the notice files, but the actual notice text (which may be quite a lot of text). Third-party
notices are provided by the component's author. Since CycloneDX allows only a single String value for this, we separate different notice files by two consecutive line feeds. Intended for use in components[]/properties. |
| siemens:vcsClean | A flag (true or false) indicating whether the Git workspace was clean when the
SBOM was created, i.e. all changes had been committed.Intended for use in metadata/component/properties or metadata/properties. |
| siemens:vcsRevision | The most recent VCS hash, for example a Git commit hash. Together with siemens:vcsClean, this
additional value allows ensuring accurate reproducibility of the SBOM.Intended for use in metadata/component/properties or metadata/properties. |
The intended properties section(s) given for each of the properties defined above is meant as recommendation only.
These properties are maintained by Siemens. Feel free to raise an issue if you have any questions.
Copyright 2022 Siemens AG.
Licensed under Apache License 2.0.