diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..7206a3bed5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: Copyright 2024 The SPDX Contributors + +version: 2 +updates: +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 10 +- package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index 672221963f..0000000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,66 +0,0 @@ -on: - push: - branches: [master, development/v2.3] - -jobs: - build_current: - name: Build current - if: github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - container: python:3 - steps: - - uses: actions/checkout@v2 - with: - ref: 'master' - - name: Install pre-requisites - run: pip install -r requirements.txt - - name: Build - run: mkdocs build -v --clean - - name: Schema - run: generate-schema-doc schemas/spdx-schema.json site/spdx-json-schema.html - - name: Upload - uses: actions/upload-artifact@v1 - with: - name: site-current - path: ./site - build_v2-draft: - name: Build v2-draft - if: github.ref == 'refs/heads/development/v2.3' - runs-on: ubuntu-latest - container: python:3 - steps: - - uses: actions/checkout@v2 - with: - ref: 'development/v2.3' - - name: Install pre-requisites - run: pip install -r requirements.txt - - name: Build - run: mkdocs build -v --clean - - name: Schema - run: generate-schema-doc schemas/spdx-schema.json site/spdx-json-schema.html - - name: Upload - uses: actions/upload-artifact@v1 - with: - name: site-v2-draft - path: ./site - publish: - name: Publish - runs-on: ubuntu-latest - needs: [build_current, build_v2-draft] - steps: - - name: Download current - uses: actions/download-artifact@v1 - with: - name: site-current - path: ./site - - name: Download v2-draft - uses: actions/download-artifact@v1 - with: - name: site-v2-draft - path: ./site/v2-draft - - name: Deploy - uses: peaceiris/actions-gh-pages@v3 - with: - DEPLOY_KEY: ${{ secrets.ACTIONS_DEPLOY_KEY }} - PUBLISH_BRANCH: gh-pages - PUBLISH_DIR: ./site diff --git a/.github/workflows/publish_common.yml b/.github/workflows/publish_common.yml deleted file mode 100644 index f28b24fb77..0000000000 --- a/.github/workflows/publish_common.yml +++ /dev/null @@ -1,35 +0,0 @@ -on: - repository_dispatch: - types: - - publish_spec - workflow_dispatch: - inputs: - ref: - description: Branch or tag to publish (e.g. refs/heads/development/v2). - required: true - default: refs/heads/master - aliases: - description: Space-delimited aliases to publish (e.g. latest v2-latest). - required: false -jobs: - build: - runs-on: ubuntu-latest - container: python:3 - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.client_payload.ref || github.event.inputs.ref }} - fetch-depth: 0 # Because we will be pushing the gh-pages branch - token: ${{ secrets.ACTIONS_DEPLOY_KEY }} - - name: Install pre-requisites - run: pip install -r requirements.txt - - name: Install mike - run: pip install mike==1.2.0 - - name: Extract branch or tag name - id: extract-branch-or-tag-name - run: echo "::set-output name=ref_name::${REF##*/}" - with: - ref: ${{ github.event.client_payload.ref || github.event.inputs.ref }} - - name: Build docs - run: mike deploy ${{ steps.outputs.extract-branch-or-tag-name.name }} ${{ github.event.inputs.aliases }} - diff --git a/.github/workflows/publish_v3.yml b/.github/workflows/publish_v3.yml index ec7139a934..1e1cd4dba5 100644 --- a/.github/workflows/publish_v3.yml +++ b/.github/workflows/publish_v3.yml @@ -1,76 +1,359 @@ +# Publish SPDX specification to https://spdx.github.io/spdx-spec/ +# +# There will be this workflow in "main", "develop", and "support" branches. +# Each of them publish to a different URL. +# +# For example, +# the workflow in "main" may publish to https://spdx.github.io/spdx-spec/3.0.1/, +# the workflow in "develop" may publish to https://spdx.github.io/spdx-spec/3.1-dev/, +# the workflow in "support/3.0" may publish to https://spdx.github.io/spdx-spec/3.0.0/. +# +# The workflow should be configured to have an URL without a version number +# specified be redirected to an URL published from "main" branch. +# +# ## Workflow overview +# +# 1) Generate model documents and RDFs from model files in spdx-3-model repo +# 2) Combine the model documents from (1) with the chapters in spdx-spec repo +# 3) Generate a website using files from (2) +# 4) Upload RDFs from (1) and a website from (3) to GitHub Pages +# 5) Make URL redirections as needed +# +# See notes at: +# https://github.com/spdx/spdx-spec/issues/1155 +# https://github.com/spdx/spdx-spec/pull/1146 +# See branch structure at: +# https://github.com/spdx/spdx-spec/blob/develop/README.md#branch-structure + on: push: branches: - - development/v3.0.1 + - develop # This should match with REF_SPEC, + # to automatically publish from a correct branch repository_dispatch: types: - publish_v3_spec - workflow_dispatch: {} + workflow_dispatch: {} # Manually trigger from https://github.com/spdx/spdx-spec/actions jobs: build: runs-on: ubuntu-latest - container: python:3 + env: + REF_SPEC: "develop" # spdx-spec branch: "main" or "develop" or "support/x.y" + REF_MODEL: "main" # spdx-3-model branch: "main" or "develop" or "support/x.y" + REF_PARSER: "main" # spdx-3-model branch: "main" or "develop" or "support/x.y" + # (now we have only "main" for spdx-3-model and spec-parser) + GH_PAGES_BRANCH: "gh-pages" # spdx-spec branch to publish HTML to + VERSION_DEFAULT: "v3.0.1" # Default version: + # - A version to be redirected to from the URL without + # a version number specified + # - Should be a latest stable version from "main" branch + # - VERSION_DEFAULT should be the same in this workflow + # across all branches/tags + # - VERSION_DEFAULT should also match with the + # mike's canonical_version in mkdocs.yml + VERSION: "v3.0.1" # Publishing version, to be publish by this workflow: + # - VERSION can be different from VERSION_DEFAULT; + # For example, if VERSION is a draft/release candidate, + # or if VERSION is a stable version that is behind the + # default version (e.g. v3.0.2 vs v3.1) + # - VERSION from "develop" branch should be indicated with + # a suffix ("-dev", "-draft", etc.). + # The content of this version will constantly change. + # - VERSION should match with the version in the copyright + # text defined in mkdocs.yml + # e.g. "SPDX v3.x.x Copyright (c) 2010-2024, ..." + # - A release candidate (with suffix "-RC") may be published + # from a very short-lived "support" branch. + # The content of this version should be kept unchanged, + # so it can be properly referenced during the review period, + # but the URL of the RC version may subjected to be + # redirected to the release version later. + # For example, v3.0-RC1 was redirected to v3.0 and + # will be redirected to v3.0.1 later. + VERSION_ALIASES: "latest v3.0 v3.0.1-dev v3.0.1-draft v3-draft v3.0-RC1 v3.0-RC2" + # VERSION_ALIASES are names that will be redirected to VERSION + # - Can be empty, can be multiple; separated by space + # - "latest" should be reserved for the latest version + # - Versions like "v3.0" will be expanded to "v3.0 3.0" + GIT_USER_NAME: "ci-bot" # Username for gh-pages commit + GIT_USER_EMAIL: "ci-bot@spdx.dev" # E-mail for gh-pages commit + PARSER_OUT_BASE_DIR: "__parser_out" # Temporary dir for output from spec-parser + PARSER_OUT_RDF_DIR: "rdf" # Contains RDFs and schema; relative to PARSER_OUT_BASE_DIR + PARSER_OUT_MKDOCS_DIR: "mkdocs" # Contains model Markdown files: + # - relative to PARSER_OUT_BASE_DIR + MKDOCS_MODEL_YML: "model-files.yml" # Contains list of model Markdown files: + # - relative to PARSER_OUT_BASE_DIR + MKDOCS_BASE_YML: "mkdocs.yml" # Initial MkDocs configuration; from spdx-spec repo + MKDOCS_FULL_YML: "__mkdocs-full.yml" # MkDocs configuration combined with model list: + # - to be generated from MKDOCS_BASE_YML and MKDOCS_MODEL_YML + REDIRECT_MAP_PATH: "etc/redirect-map.csv" # URL redirect map + REDIRECT_TEMPLATE_PATH: "etc/redirect-template.html" # URL redirect HTML template steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + - name: Expand version aliases to include a version without 'v' prefix + # VERSION: "v3.0.1" + # Original VERSION_ALIASES: "latest v3.0" + # Expanded VERSION_ALIASES: "3.0.1 latest v3.0 3.0" + run: | + echo VERSION: $VERSION + echo Original VERSION_ALIASES: $VERSION_ALIASES + original_aliases="$VERSION_ALIASES" + expanded_aliases="" + + if [[ $VERSION =~ ^v[0-9] ]]; then + expanded_aliases="$expanded_aliases ${VERSION#v}" + fi + + for version in $original_aliases; do + expanded_aliases="$expanded_aliases $version" + if [[ $version =~ ^v[0-9] ]]; then + expanded_aliases="$expanded_aliases ${version#v}" + fi + done + + expanded_aliases=$(echo $expanded_aliases | sed 's/^ *//g') + echo "VERSION_ALIASES=$expanded_aliases" >> $GITHUB_ENV + - name: Check expanded version aliases + run: | + echo Expanded VERSION_ALIASES: $VERSION_ALIASES + - name: Checkout spdx-spec + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: - ref: development/v3.0.1 + ref: ${{ env.REF_SPEC }} path: spdx-spec fetch-depth: 0 # Because we will be pushing the gh-pages branch - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + - name: Checkout spdx-3-model + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + with: + repository: spdx/spdx-3-model + ref: ${{ env.REF_MODEL }} + path: spdx-3-model + - name: Checkout spec-parser + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: repository: spdx/spec-parser - ref: main + ref: ${{ env.REF_PARSER }} path: spec-parser - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + - name: Set up specific Python version + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0 with: - repository: spdx/spdx-3-model - ref: main # for v3.0.1-draft, checkout latest from main (development) - # Once 3.0.1 released, use the following ref to checkout from the release tag - # ref: 3.0.1 # for v3.0.1 final release - path: spdx-3-model + python-version: "3.12" + cache: "pip" - name: Install pre-requisites for spdx-spec run: pip install -r spdx-spec/requirements.txt - name: Install pre-requisites for spec-parser run: pip install -r spec-parser/requirements.txt + - name: Install fake pandoc (to bypass the Tex generation by spec-parser) + run: | + echo "#!/bin/sh" > /usr/local/bin/pandoc + echo "exit 0" >> /usr/local/bin/pandoc + chmod +x /usr/local/bin/pandoc - name: Build model files - run: python3 spec-parser/main.py spdx-3-model/model spdx-spec/docs/model + run: python3 spec-parser/main.py spdx-3-model/model $PARSER_OUT_BASE_DIR + - name: Create directories for model (MkDocs) and RDF files + run: | + mkdir -p spdx-spec/docs/rdf + mkdir -p spdx-spec/docs/model - name: Copy JSON annotations - run: cp spdx-spec/serialization/jsonld/annotations.ttl spdx-spec/docs/model/jsonld-annotations.ttl + # Will be redirected from https://spdx.org/rdf/3.0.x/spdx-json-serialize-annotations.ttl + # and available at https://spdx.github.io/spdx-spec/v3.0.x/rdf/jsonld-annotations.ttl + # Note: When release a new version, update the content of annotations.ttl to match the version + run: | + cp spdx-spec/serialization/jsonld/annotations.ttl spdx-spec/docs/rdf/jsonld-annotations.ttl + cp spdx-spec/serialization/jsonld/annotations.ttl spdx-spec/docs/model/jsonld-annotations.ttl + - name: Copy JSON-LD context and RDFs + # Will be redirected from https://spdx.org/rdf/3.0.x/spdx-context.jsonld, spdx-model.ttl, etc. + # and available at https://spdx.github.io/spdx-spec/v3.0.x/rdf/spdx-context.jsonld + run: | + echo "====================" + echo "Source: $PARSER_OUT_BASE_DIR/$PARSER_OUT_RDF_DIR" + echo "--------------------" + ls $PARSER_OUT_BASE_DIR/$PARSER_OUT_RDF_DIR + echo "====================" + cp $PARSER_OUT_BASE_DIR/$PARSER_OUT_RDF_DIR/spdx-context.jsonld spdx-spec/docs/rdf/ + cp $PARSER_OUT_BASE_DIR/$PARSER_OUT_RDF_DIR/spdx-model.* spdx-spec/docs/rdf/ + cp spdx-spec/docs/rdf/spdx-model.json-ld spdx-spec/docs/rdf/spdx-model.jsonld + echo "====================" + echo "Target (after copy): spdx-spec/docs/rdf" + echo "--------------------" + ls spdx-spec/docs/rdf + echo "====================" + cp $PARSER_OUT_BASE_DIR/$PARSER_OUT_RDF_DIR/spdx-context.jsonld spdx-spec/docs/model/ + cp $PARSER_OUT_BASE_DIR/$PARSER_OUT_RDF_DIR/spdx-model.* spdx-spec/docs/model/ + cp spdx-spec/docs/model/spdx-model.json-ld spdx-spec/docs/model/spdx-model.jsonld + echo "====================" + echo "Target (after copy): spdx-spec/docs/model" + echo "--------------------" + ls spdx-spec/docs/model + echo "====================" - name: Generate JSON schema + # Will be redirected from https://spdx.org/schema/3.0.x/spdx-json-schema.json + # and available at https://spdx.github.io/spdx-spec/v3.0.x/rdf/schema.json + # Note: When release a new version, update URL in --context-url line to match the version run: | shacl2code generate \ - --input spdx-spec/docs/model/spdx-model.ttl \ - --input spdx-spec/docs/model/jsonld-annotations.ttl \ - --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0.1/spdx-context.jsonld \ + --input spdx-spec/docs/rdf/spdx-model.ttl \ + --input spdx-spec/docs/rdf/jsonld-annotations.ttl \ + --context-url spdx-spec/docs/rdf/spdx-context.jsonld https://spdx.org/rdf/3.0.1/spdx-context.jsonld \ jsonschema \ - --output spdx-spec/docs/model/schema.json - - name: Set git identity + --output spdx-spec/docs/rdf/schema.json + cp spdx-spec/docs/rdf/schema.json spdx-spec/docs/model/schema.json + - name: Copy model Markdown files and a model file list for MkDocs + # Will be available at https://spdx.github.io/spdx-spec/v3.0.x/model/* + run: | + cp -R $PARSER_OUT_BASE_DIR/$PARSER_OUT_MKDOCS_DIR/* spdx-spec/docs/model + cp $PARSER_OUT_BASE_DIR/$MKDOCS_MODEL_YML spdx-spec + # mkdir -p spdx-spec/docs/diagram + # cp $PARSER_OUT_BASE_DIR/diagram/model.plantuml spdx-spec/docs/diagram + # mkdir -p spdx-spec/docs/jsondump + # cp $PARSER_OUT_BASE_DIR/jsondump/model.json spdx-spec/docs/jsondump + - name: Set Git identity working-directory: spdx-spec - run: git config user.name ci-bot; git config user.email ci-bot@spdx.dev - - name: Sync gh-pages + run: git config user.name $GIT_USER_NAME; git config user.email $GIT_USER_EMAIL + - name: Sync GitHub Pages working-directory: spdx-spec - run: git checkout gh-pages && git pull && git checkout development/v3.0.1 - - name: Build docs and set aliases + run: git checkout $GH_PAGES_BRANCH && git pull && git checkout $REF_SPEC + - name: Build complete MkDocs configuration + # Combines model file list (MKDOCS_MODEL_YML, generated by spec-parser) + # with the base MkDocs configuration file (MKDOCS_BASE_YML), + # to produce the full MkDocs configuration file (MKDOCS_FULL_YML). + # The script below finds "__MODEL_PLACEHOLDER__" string in + # MKDOCS_BASE_YML, replaces it with the content from MKDOCS_MODEL_YML. + # MKDOCS_FULL_YML will be used by mike in the deploy step. working-directory: spdx-spec run: | - MODEL_YML="docs/model/mkdocs-files.yml" - BASE_MKDOCS_YML="mkdocs.yml" - FINAL_MKDOCS_YML="mkdocs-final.yml" - echo "Build $FINAL_MKDOCS_YML from $BASE_MKDOCS_YML and $MODEL_YML" - sed -e "\|- model.*#.*[MODEL_PLACEHOLDER].*|{ - r $MODEL_YML - a\\ - - d - }" "$BASE_MKDOCS_YML" > "$FINAL_MKDOCS_YML" - echo "=====================" - echo "Start mike deploy" - echo "=====================" - mike deploy --update-aliase --config-file "$FINAL_MKDOCS_YML" --branch gh-pages --push v3.0.1-draft - # Once 3.0.1 released, use the following command to deploy 3.0.1 as latest version - # mike deploy --update-aliase --config-file "$FINAL_MKDOCS_YML" --branch gh-pages --push v3.0.1 latest + echo "Build $MKDOCS_FULL_YML from $MKDOCS_BASE_YML and $MKDOCS_MODEL_YML" + bin/make-mkdocs-config.sh \ + -b "$MKDOCS_BASE_YML" \ + -m "$MKDOCS_MODEL_YML" \ + -f "$MKDOCS_FULL_YML" \ + -p "__MODEL_PLACEHOLDER__" + echo "====================" + echo "Full MkDocs configuration: $MKDOCS_FULL_YML" + echo "--------------------" + cat "$MKDOCS_FULL_YML" + echo "====================" + - name: Deploy and set aliases + # mike is used here to manage multiple versions of MkDocs-powered documentation + # This step does 2 things: + # 1) delete existing aliases (in VERSION_ALIASES), if exists + # 2) deploy as VERSION, with aliases + # If the existing aliases were redirected to other versions, + # it means this VERSION will "steal" the aliases from those versions. + working-directory: spdx-spec + run: | + for alias in $VERSION_ALIASES; do + mike delete --config-file "$MKDOCS_FULL_YML" --branch $GH_PAGES_BRANCH --push --allow-empty "$alias" || true + done + mike deploy --update-aliase --config-file "$MKDOCS_FULL_YML" --branch $GH_PAGES_BRANCH --push $VERSION $VERSION_ALIASES - name: Set default version + # Set default version to VERSION_DEFAULT; + # if not set, the default version will remain the same. + # Should only be done from the "main" branch. + if: github.ref == 'refs/heads/main' + working-directory: spdx-spec + run: | + mike set-default --config-file "$MKDOCS_FULL_YML" --branch $GH_PAGES_BRANCH --push $VERSION_DEFAULT + - name: Copy JSON annotations, JSON schema, JSON-LD context, and RDFs to alias directories + # Fallback for backward compatibility with old URLs before v3.0.1 + # This step creates copies of annotations/schema/RDFs to all alias + # directories, so they can be accessible from all old URLs. + # For example, + # - https://spdx.github.io/spdx-spec/v3.0/model/schema.json (old directory structure) + # - https://spdx.github.io/spdx-spec/v3.0.1/rdf/schema.json (new directory structure) + # will all accessible and have the same content. + # Unlike HTML files, these files have to be a copy, + # since it cannot use the HTML refresh mechanism. working-directory: spdx-spec - run: mike set-default v3.0 - # Once 3.0.1 released, use the following command to set 3.0.1 as default version - # run: mike set-default v3.0.1 + run: | + git checkout $GH_PAGES_BRANCH + dirs="$VERSION_ALIASES" + for dir in $dirs; do + mkdir -p "$dir"/rdf + cp $VERSION/rdf/* "$dir"/rdf + cp $VERSION/rdf/* "$dir"/model + git add "$dir"/rdf/* "$dir"/model/* + done + git commit -m "Copy schema and RDFs to alias directories: $VERSION_ALIASES" + git push origin $GH_PAGES_BRANCH + - name: Make redirections (for renamed model elements and moved annexes) + # Fallback for backward compatibility with old URLs before v3.0.1 + # More redirections can be added in etc/redirect-map.csv (from,to) + # See name changes in model at + # https://github.com/spdx/spdx-3-model/blob/main/CHANGELOG.md + # + # This step creates a HTML files to facilitate additional directions. + # It reads a redirect map from /etc/redirect-map.csv; in the CSV, + # first value is 'from' (source) and second value is 'to' (target). + # + # The 'from' and 'to' values will be inserted into a HTML template at + # from /etc/redirect-template.html, to create a redirect HTML + # page (index.html) under a subdirectory with the name of 'from' + # that will refresh the browser to a URL of 'to'. + # + # For example, given: + # + # VERSION = "v3.0.1" + # VERSION_ALIASES = "latest v3.0" + # from = "model/Core/Properties/imports" + # to = "model/Core/Properties/import" + # + # these HTML files will be created for every aliases: + # + # v3.0.1/model/Core/Properties/imports/index.html + # latest/model/Core/Properties/imports/index.html + # v3.0/model/Core/Properties/imports/index.html + # + # and all of them will redirect to + # + # v3.0.1/model/Core/Properties/import/ + working-directory: spdx-spec + run: | + ALL_VERSIONS=$(echo "$VERSION" "$VERSION_ALIASES") + INDEX_HTML="index.html" + git checkout $REF_SPEC + maps=$(cat "$REDIRECT_MAP_PATH") + template=$(cat "$REDIRECT_TEMPLATE_PATH") + echo "====================" + echo "Redirect map: $REDIRECT_MAP_PATH" + echo "--------------------" + echo "$maps" + echo "====================" + echo "====================" + echo "Redirect HTML template: $REDIRECT_TEMPLATE_PATH" + echo "--------------------" + echo "$template" + echo "====================" + git checkout $GH_PAGES_BRANCH + for alias in $ALL_VERSIONS; do + echo "$maps" | while read -r line; do + from=$(echo "$line" | cut -d',' -f1) + to=$(echo "$line" | cut -d',' -f2) + slash_count=$(echo "$from" | tr -cd '/' | wc -c) + upper_dirs=".." + if [ -n "$from" ]; then + for i in $(seq 0 $slash_count); do + upper_dirs="$upper_dirs/.." + done + fi + escaped_upper=$(echo "$upper_dirs" | sed 's/[\/&]/\\&/g') + escaped_version=$(echo "$VERSION" | sed 's/[\/&]/\\&/g') + html="" + case "$to" in + http://*|https://*) + echo "Redirect: $alias/$from -> $to" + escaped_to=$(echo "$to" | sed 's/[\/&]/\\&/g') + html=$(echo "$template" | sed -e "s|__UPPER__/__VERSION__/__TO__|$escaped_to|g") + ;; + *) + echo "Redirect: $alias/$from -> $VERSION/$to" + escaped_to=$(echo "$to" | sed 's/[\/&]/\\&/g') + html=$(echo "$template" | sed -e "s/__UPPER__/$escaped_upper/g" -e "s/__VERSION__/$escaped_version/g" -e "s/__TO__/$escaped_to/g") + ;; + esac + mkdir -p "$alias/$from" + echo "$html" > "$alias/$from/$INDEX_HTML" + git add "$alias/$from/$INDEX_HTML" + done + done + git commit -m "Add redirections for: $ALL_VERSIONS" + git push origin $GH_PAGES_BRANCH diff --git a/.github/workflows/validate_examples.yml b/.github/workflows/validate_examples.yml index fe9c588eab..6de5e59941 100644 --- a/.github/workflows/validate_examples.yml +++ b/.github/workflows/validate_examples.yml @@ -1,15 +1,27 @@ on: - - pull_request - - push + pull_request: + paths: + - 'examples/**/*.json' + - 'docs/annexes/*.md' + push: + paths: + - 'examples/**/*.json' + - 'docs/annexes/*.md' jobs: validate-examples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - - name: Install python dependencies + - name: Checkout spdx-spec + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - name: Set up specific Python version + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0 + with: + python-version: "3.12" + cache: "pip" + - name: Install Python dependencies run: | - python3 -m pip install pyshacl==0.25.0 check-jsonschema==0.28.1 + python3 -m pip install check-jsonschema==0.31.0 pyshacl==0.29.1 spdx3-validate==0.0.5 - name: Install dependencies run: | sudo apt install -y gawk diff --git a/.github/workflows/validate_pull_request.yml b/.github/workflows/validate_pull_request.yml index 02a4f49ab5..f7449e9c5e 100644 --- a/.github/workflows/validate_pull_request.yml +++ b/.github/workflows/validate_pull_request.yml @@ -4,46 +4,19 @@ jobs: validate: name: Validate build runs-on: ubuntu-latest - container: python:3 steps: - - name: Checkout spdx-spec - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - with: - path: spdx-spec - fetch-depth: 1 - - name: Checkout spdx-3-model - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - with: - repository: spdx/spdx-3-model - ref: main - path: spdx-3-model - - name: Checkout spec-parser - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - with: - repository: spdx/spec-parser - ref: main - path: spec-parser - - name: Install pre-requisites for spdx-spec - run: pip install -r spdx-spec/requirements.txt - - name: Install pre-requisites for spec-parser - run: pip install -r spec-parser/requirements.txt - - name: Build model files - run: python3 spec-parser/main.py spdx-3-model/model spdx-spec/docs/model - - name: Build the site to validate - working-directory: spdx-spec - run: | - MODEL_YML="docs/model/mkdocs-files.yml" - BASE_MKDOCS_YML="mkdocs.yml" - FINAL_MKDOCS_YML="mkdocs-final.yml" - echo "Build $FINAL_MKDOCS_YML from $BASE_MKDOCS_YML and $MODEL_YML" - sed -e "\|- model.*#.*[MODEL_PLACEHOLDER].*|{ - r $MODEL_YML - a\\ - - d - }" "$BASE_MKDOCS_YML" > "$FINAL_MKDOCS_YML" - echo "=====================" - echo "Start mkdocs build" - echo "=====================" - ENABLE_PDF_EXPORT=0 mkdocs build --clean --config-file "$FINAL_MKDOCS_YML" --verbose - # Build without the time-consuming PDF export + - name: Checkout spdx-spec + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + with: + fetch-depth: 1 + - name: Set up specific Python version + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b #v5.3.0 + with: + python-version: "3.12" + cache: "pip" + - name: Install pre-requisites + run: pip install -r requirements.txt + - name: Build the site to validate (use mkdocs.yml, no model files, no PDF export) + run: ENABLE_PDF_EXPORT=0 mkdocs build --clean --verbose + # To validate the PR from within spdx-spec repo, build using mkdocs.yml + # (no model files) and without the time-consuming PDF export diff --git a/.gitignore b/.gitignore index 889f6e603a..229c8b363d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,7 @@ +# Generated files for model +docs/model/ +docs/rdf/ + # GitBook directory and generated docs _book/ *.epub @@ -8,7 +12,7 @@ _book/ dist/ site/ -# Ignore all hidden files/dirs except .gitignore +# Ignore all hidden files/dirs except .gitignore and .github .* !/.gitignore !/.github @@ -18,3 +22,16 @@ node_modules/ # Ensure deploy SSH key never get committed .travis/deploy-key + +# Operating system files +.DS_Store +._* +Thumbs.db +Thumbs.db:encryptable +*.lnk + +# Build temporary directory +.env +logs/ +__pycache__/ +__mkdocs-full.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 74f26a1126..70575dd26f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,30 @@ All notable changes to this project will be documented in this file. +## 3.0.1 (2024-12-17) + +* Changes in document structure and location. + The following documents are now located in the + [spdx/using](https://github.com/spdx/using/) repository and are no longer + part of the specification. + * [Cross referencing in SPDX 3](https://github.com/spdx/using/blob/main/docs/cross-reference.md) + * [Differences from previous editions](https://github.com/spdx/using/blob/main/docs/diffs-from-previous-editions.md) + * [Getting started writing SPDX 3](https://github.com/spdx/using/blob/main/docs/getting-started.md) + * [Including Security Information in a SPDX document](https://github.com/spdx/using/blob/main/docs/including-security-information-in-SPDX.md) + * [Using SPDX license list short identifiers in source files](https://github.com/spdx/using/blob/main/docs/using-SPDX-short-identifiers-in-source-files.md) + * [Using SPDX to comply with Norms, Standards and Regulation](https://github.com/spdx/using/blob/main/docs/using-SPDX-to-comply-with-industry-guidance.md) +* The following documents are added for the completeness of the specification: + * [Package URL specification v1](./docs/annexes/pkg-url-specification.md) + * [SPDX License List matching guidelines and templates](./docs/annexes/license-matching-guidelines-and-templates.md) +* [SPDX Lite](./docs/annexes/spdx-lite.md) has been updated with more explicit + sections on "Mandatory" and "Recommended" properties. +* See changes in the model from + [the model change log](https://github.com/spdx/spdx-3-model/blob/main/CHANGELOG.md). + +See the 3.0.1 GitHub release notes for changes +[in the spec](https://github.com/spdx/spdx-spec/releases/tag/3.0.1) and +[in the model](https://github.com/spdx/spdx-3-model/releases/tag/3.0.1). + ## 3.0 (2024-04-15) See the v3.0 GitHub release notes for changes @@ -34,7 +58,7 @@ See the [v2.3 GitHub release notes](https://github.com/spdx/spdx-spec/releases/t * Removed support for multi-line license expressions. * Added `swh` as an external reference to support linking to Software Heritage persistent identifiers. * Added clarification on the case sensitivity of license expressions. -* Numerous formatting, gramatical, and spelling fixes. +* Numerous formatting, grammatical, and spelling fixes. See also the [SPDX specification 2.2 release announcement](https://www.linuxfoundation.org/blog/2020/05/spdx-2-2-specification-released/) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2a0af63068..718b1221af 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -39,7 +39,7 @@ following sentence: if applied, this commit will "Subject of the commit". For example : ```text -if applied, this commit will Add chapter on Security Vunerabilities in SPDX +if applied, this commit will Add chapter on Security Vulnerabilities in SPDX if applied, this commit will Delete section with deprecated SPDX attributes if applied, this commit will Fix grammar in Package Version field description ``` @@ -47,26 +47,35 @@ if applied, this commit will Fix grammar in Package Version field description Git itself uses this approach. When you merge something it will generate a commit message like "Merge branch...", or when reverting "Revert...". -### Minor Changes +The appropriate branch for submitting changes depends on the nature of the +changes, following [Semantic Versioning (SemVer)][semver] conventions. -Minor changes such as markup and typo fixes may be submitted directly to this -repository (either as [issues][] or [pull-requests][]) without previous -discussion. +### Patch changes -Please submit all minor changes against the `development/v3.0.1` branch which -is the current development version of the SPDX specification. +Patch-level changes such as markup and typo fixes may be submitted directly +as [issues][] or [pull requests][pull-requests], without previous discussion. -### Major Changes +Please submit all patch changes against the `support/3.0` branch. + +### Minor changes + +Minor changes, including amending, adding, or removing normative and +informative documents, **that do not break backward compatibility,** +can be submitted directly as [issues][] or [pull requests][pull-requests]. +However, prior discussion is always encouraged. + +Please submit all minor changes against the `develop` branch. + +### Major changes Any change that break backwards compatibility or requires significant tooling changes is considered a major change. You may want to discuss major changes on the mailing list first to get design feedback before investing time in a pull request. -Please submit all major changes against the `development/v3.1` which is the -next major version of the specification. +Please submit all major changes against the `develop` branch. -### Target Milestones +### Target milestones When submitting an issue or pull request, please add a suggested release milestone. This will ensure the issue or pull request is reviewed for inclusion @@ -75,10 +84,16 @@ in that release. If your issue or pull request is independent of a release, you can use the `release-independent` milestone. +## Contributing to the model + +Please see [Contributing to the SPDX 3.0 Model][model-contrib] document. + [cla]: https://github.com/spdx/governance/blob/main/0._SPDX_Contributor_License_Agreement.md [issues]: https://github.com/spdx/spdx-spec/issues/ [meetings]: https://github.com/spdx/meetings/ +[model-contrib]: https://github.com/spdx/spdx-3-model/blob/develop/Contributing.md [pull-requests]: https://github.com/spdx/spdx-spec/pulls/ +[semver]: https://semver.org/ [spdx-legal]: https://wiki.spdx.org/view/Legal_Team [spdx-legal-list]: https://lists.spdx.org/mailman/listinfo/spdx-legal [spdx-tech]: https://wiki.spdx.org/view/Technical_Team diff --git a/README.md b/README.md index a1e6d47e67..c556d7489d 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,10 @@ # The System Package Data Exchange (SPDX®) Specification The System Package Data Exchange (SPDX®) specification is an open standard -capable of representing systems with software components in as SBOMs -(Software Bill of Materials) and other AI, data and security references -supporting a range of risk management use cases. +designed to represent systems containing software components as +Software Bill of Materials (SBOMs). +Additionally, SPDX supports AI, data, and security references, +making it suitable for a wide range of risk management use cases. The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across @@ -11,217 +12,101 @@ the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance. -This repository holds under active development version of the specification as: +Current stable version: -- Markdown: - [`development/v3.0.1`](https://github.com/spdx/spdx-spec/tree/development/v3.0.1/docs) - branch -- HTML: `gh-pages` branch, built on every commit to the development branch, - see the workflow in - [`.github/workflows/publish_v3.yml`](.github/workflows/publish_v3.yml) - - Current (3.0): +- The current stable specification is available at: + -The model itself is under active development at -[spdx/spdx-3-model](https://github.com/spdx/spdx-3-model/) -repo (`main` branch). +Next version (work in progress): -See for the official -[releases of the specification](https://spdx.org/specifications) -or additional information also the SPDX website at . +- A preview of the next version, currently under active development, is + available at: + + (This website is automatically updated with each commit to the `develop` + branch). -## Specification structure +Translations of the specification may be available. +English remains the normative language in all cases. -This repository consists of these files and directories: +## Specification development +The specification comprised of documents located in the [`docs/`](./docs/) +directory of this `spdx/spdx-spec` repository, +as well as a model documentation generated from Markdown files within the +[spdx/spdx-3-model](https://github.com/spdx/spdx-3-model/) repository. + +Contributions, including translations, are welcome. +Contributions to this repository are made pursuant to the +[SPDX Community Specification Contributor License Agreement 1.0][cla]. +Please see the contributing guidelines, governance practices, +and build instructions in the +[related documents](#related-documents-and-repositories) section. + +[cla]: https://github.com/spdx/governance/blob/main/0._SPDX_Contributor_License_Agreement.md + +## Repository structure + +This repository consists of these files and directories (partial): + +- `.github/workflow` - Workflow definitions. + - [`publish_v3.yml`](.github/workflows/publish_v3.yml) + The website (HTML) generation workflow. - `bin/` - Scripts for spec generation. - `docs/` - Specification content: - `annexes/` - Annexes for the specification. - `css/` - Style sheets for HTML. + - `front/` - Front matter. - `images/` - Model diagrams. These image files are to be generated from a diagram description file - [model.drawio](https://github.com/spdx/spdx-3-model/blob/main/model.drawio) - in `spdx/spdx-3-model` repo and manually copied here. + [model.drawio](https://github.com/spdx/spdx-3-model/blob/develop/docs/model.drawio) + in the `spdx/spdx-3-model` repo and manually copied here. - `licenses/` - Licenses that used by the SPDX specifications. - - `model/` - Model files*. This subdirectory _is to be created_ by a script + - `model/` - Model files. This subdirectory _is to be created_ by a script from `spdx/spec-parser` repo, using model information from - `spdx/spdx-3-model` repo (see the build instructions below). + `spdx/spdx-3-model` repo (see the [build instructions](./build.md)). - `examples/` - Examples of various SPDX serializations for the current version of the spec. +- `rdf/` - Model RDF files. These ontology files are generated from model + Markdown files in the `spdx/spdx-3-model` repo and manually copied here. - `mkdocs.yml` - MkDocs recipe for the spec documentation generation. The inclusion of model files and the order of chapters are defined here. -The specification consists of documents in the `docs/` directory from this -`spdx/spdx-spec` repository and a model which is generated from Markdown files -in the `spdx/spdx-3-model` repository. - -Note: The model files in the `spdx/spdx-3-model` repository use a constrained -format of Markdown. Only a limited set of headings are allowed to be processed -by the spec-parser. - -## Building the specification - -The specification building flow looks like this: - -```text - +-------------------+ - |[spdx-3-model] | - | | | - | +- model/ ---- Constrained-Markdown files -+ - | | | | - | +- model.drawio -----------------+ | - +-------------------+ | | - | | - | | - +-------------------+ v | - |[spdx-spec] | draw.io | - | | | (manual) | - | +- docs/ | | | - | | | | | - | +- annexes/ | | v - | | | | spec-parser - | +- images/ <---- PNG images --+ | - | | | | - | +- licenses/ | | - | | | | - | +- model/ <----- Processed Markdown files ---+ - | | | - | +- index.md | - | | | - | +- *.md | - +-------------------+ - | - mike & mkdocs - | - v - +-------------------+ - | HTML website | - +-------------------+ -``` - -### Prerequisites - -Apart from Git and Python, you have to have [MkDocs](http://mkdocs.org) -installed on your machine. If you don't have it yet installed please follow -these [installation instructions](http://www.mkdocs.org/#installation). - -[WeasyPrint](https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#installation) -is also required for generating PDF files. To disable PDF generation, comment -out the these lines in your `mkdocs.yml` configuration file: - -```yaml -#- pdf-export: -# combined: true -``` - -### Preparing input files - -Next, you have to prepare the model files, the other specification files, -and the model parser, by cloning these repositoriess: -[`spdx/spdx-3-model`](https://github.com/spdx/spdx-3-model), -[`spdx/spdx-spec`](https://github.com/spdx/spdx-spec), and -[`spdx/spec-parser`](https://github.com/spdx/spec-parser) -to these paths: `spdx-3-model`, `spdx-spec`, and `spec-parser`, respectively: - -```shell -git clone https://github.com/spdx/spdx-3-model.git -git clone https://github.com/spdx/spdx-spec.git -git clone https://github.com/spdx/spec-parser.git -``` - -Install prerequisites for Python: - -```shell -pip3 install -r spdx-spec/requirements.txt -pip3 install -r spec-parser/requirements.txt -``` - -### Generating formatted Markdown files for MkDocs - -Model files in `spdx/spdx-3-model` repo are written in a specific format of -Markdown, with a limited set of allowed headings. The `spec-parser` processes -these model files to generate both ontology and final Markdown files suitable -for MkDocs. - -The `spec-parser` also performs automatic formatting on the resulting Markdown -files. For instance, it converts a list under the "Properties" heading into a -table. - -To check the model files and generate formatted files for MkDocs, run the -following command: - -```shell -python3 spec-parser/main.py spdx-3-model/model spdx-spec/docs/model -``` - -This will create well-formatted model files in the `spdx-spec/docs/model/` -directory. This directory contains two components: - -- Model ontology and diagram files: These files (`model.plantuml`, - `spdx-context.jsonld`, `spdx-model.dot`, `spdx-model.json-ld`, - `spdx-model.pretty-xml`, `spdx-model.ttl`, `spdx-model.xml`) - are ready for immediate use. -- Formatted Makdown files: These files (`.md` extension) are located in various - subdirectories and are intended for processing by MkDocs in the next step. - -If the output directory already exists, the `spec-parser` will not overwrite -it. If you edited a model file and want to regenerate the formatted files, you -have to delete the existing `spdx-spec/docs/model` directory first: - -```shell -rm -rf spdx-spec/docs/model -``` - -### Building HTML - -With all spec and model files prepared, we will use MkDocs to assemble them -into a website. - -In side `spdx-spec/` directory, execute a built-in dev-server that let you -preview the specification: - -```shell -mkdocs serve -``` - -Or building a static HTML site: - -```shell -mkdocs build -``` - -To abort the build immediately when there is a warning, enables strict mode: - -```shell -mkdocs build --strict -``` - -To get debug messages, enables verbose output: - -```shell -mkdocs build --verbose -``` - -## Configuring the website - -Inside `spdx-spec/` directory, there is a file `mkdocs.yml`. This is a -configuration file for MkDocs. - -Files intended for display and linking in the navigation bar should be -included in the `nav:` section. The order of filenames in this section -determines their order on the navigation bar. - -## Specification versions on spdx.github.io/spdx-spec/ - -The SPDX specifications on are built -by using a workflow in -[`.github/workflows/publish_v3.yml`](.github/workflows/publish_v3.yml). -This workflow uses [mike](https://github.com/jimporter/mike) to publish -multiple versions of MkDocs-powered documentation. - -The published versions, their titles, and aliases are listed in the file -[versions.json](https://github.com/spdx/spdx-spec/blob/gh-pages/versions.json) -located in the `gh-pages` branch. These versions populate the version selector -dropdown on the website. The line `run: mike deploy` in the GitHub workflow -file determines the title and alias. - -mike is not needed for local testing of a specific spec version. +## Branch structure + +The SPDX spec repo follows the [Gitflow][gitflow] workflow with the addition of support branches. + +[gitflow]: https://gist.github.com/HeratPatel/271b5d2304de2e2cd1823b9b62bf43e0 + +The branches in use are: + +- `main` - This will always be the latest released specification. +- `develop` - This branch will be where the active development for the next + major or minor version takes place. + Once released, the `develop` branch will be merged into the `main` branch. +- `support/x.y` - These branches will be long-lived and contain any updates to + a minor version of the specification. + `x.y` represents the MAJOR.MINOR version, following Semantic Versioning + (SemVer) conventions. + Once any changes are accepted and released, the support branch will be tagged + and merged into both `develop` and `main` branches. +- General feature or fix branches - there may be feature branches made for + specific enhancements or fixes to the spec. + These will be short-lived and merged into either a `support` branch or the + `develop` branch. +- `gh-pages` - This branch hosts generated HTML websites for all versions of + the specification. It is primarily managed by an automated workflow. + +## Related documents and repositories + +| Documentation | Link | +|---------|------| +| Changes between versions | [CHANGELOG.md](./CHANGELOG.md) | +| Contributing guidelines | [CONTRIBUTING.md](./CONTRIBUTING.md) | +| Building the specification website (for testing purpose) | [build.md](build.md) | +| Governance practices | [spdx/governance](https://github.com/spdx/governance/) | +| SPDX 3 model development | [spdx/spdx-3-model](https://github.com/spdx/spdx-3-model/) | +| Model specification parser | [spdx/spec-parser](https://github.com/spdx/spec-parser/) | +| How to use the specification | [spdx/using](https://github.com/spdx/using/) | +| Use cases and scenarios | [spdx/spdx-examples](https://github.com/spdx/spdx-examples/) | +| SPDX website, with more information about the specification | | +| Official releases of the specification, including PDFs | | diff --git a/bin/check-examples.sh b/bin/check-examples.sh index 1a1eeca620..7adeb7a870 100755 --- a/bin/check-examples.sh +++ b/bin/check-examples.sh @@ -4,60 +4,91 @@ # documentation # # SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: Copyright 2024 The SPDX Contributors set -e -THIS_DIR=$(dirname $0) - -for f in examples/jsonld/*.json; do - echo "Checking $f" - - check-jsonschema \ - -v \ - --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ - $f - - pyshacl \ - -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - $f -done - -T=$(mktemp -d) +THIS_DIR="$(dirname "$0")" +MD_DIR=docs/annexes +JSON_DIR=examples/jsonld + +SPDX_VERSION="3.0.1" +SCHEMA_URL="https://spdx.org/schema/${SPDX_VERSION}/spdx-json-schema.json" +RDF_URL="https://spdx.org/rdf/${SPDX_VERSION}/spdx-model.ttl" +CONTEXT_URL="https://spdx.org/rdf/${SPDX_VERSION}/spdx-context.jsonld" + +# print validation setup +echo "Checking examples in" +echo "Snippets : $MD_DIR" +echo "Files : $JSON_DIR" +echo "SPDX version : $SPDX_VERSION" +echo "Schema : $SCHEMA_URL" +echo "Schema resolved : $(curl -I "$SCHEMA_URL" 2>/dev/null | grep -i "location:" | awk '{print $2}')" +echo "RDF : $RDF_URL" +echo "RDF resolved : $(curl -I "$RDF_URL" 2>/dev/null | grep -i "location:" | awk '{print $2}')" +echo "Context : $CONTEXT_URL" +echo "Context resolved : $(curl -I "$CONTEXT_URL" 2>/dev/null | grep -i "location:" | awk '{print $2}')" +echo "$(check-jsonschema --version)" +echo -n "$(pyshacl --version)" +echo "spdx3-validate version: $(spdx3-validate --version)" +echo "" check_schema() { + echo "Checking schema (check-jsonschema): $1" check-jsonschema \ - -v \ - --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ + --verbose \ + --schemafile $SCHEMA_URL \ "$1" } check_model() { + echo "Checking model (pyschacl): $1" pyshacl \ - -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ - -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ + --shacl $RDF_URL \ + --ont-graph $RDF_URL \ "$1" } +check_spdx() { + echo "SPDX 3 Validating (spdx3-validate): $1" + spdx3-validate --json $1 +} + +# Check examples in JSON files in examples/jsonld/ +if [ "$(ls $THIS_DIR/../$JSON_DIR/*.json 2>/dev/null)" ]; then + for f in $THIS_DIR/../$JSON_DIR/*.json; do + check_schema $f + echo "" + check_model $f + echo "" + check_spdx $f + echo "" + done +fi -for f in $THIS_DIR/../docs/annexes/*.md; do +# Check examples in inline code snippets in Markdown files in docs/annexes/ +TEMP=$(mktemp -d) +for f in $THIS_DIR/../$MD_DIR/*.md; do if ! grep -q '^```json' $f; then continue fi - echo "Checking $f" - DEST=$T/$(basename $f) + echo "Extract snippets from $f" + DEST=$TEMP/$(basename $f) mkdir -p $DEST + # Read inline code snippets and save them in separate, numbered files. cat $f | awk -v DEST="$DEST" 'BEGIN{flag=0} /^```json/, $0=="```" { if (/^---$/){flag++} else if ($0 !~ /^```.*/ ) print $0 > DEST "/doc-" flag ".spdx.json"}' - echo "[" > $DEST/combined.json + # Combine all JSON code snippets into a single file, with SPDX context and creation info. + COMBINED_JSON = $DEST/__combined.jso + echo "[" > $COMBINED_JSON for doc in $DEST/*.spdx.json; do if ! grep -q '@context' $doc; then mv $doc $doc.fragment cat >> $doc <> $doc @@ -65,7 +96,7 @@ HEREDOC { "type": "CreationInfo", "@id": "_:creationInfo", - "specVersion": "3.0.0", + "specVersion": "$SPDX_VERSION", "created": "2024-04-23T00:00:00Z", "createdBy": [ { @@ -80,13 +111,15 @@ HEREDOC HEREDOC fi check_schema $doc - cat $doc >> $DEST/combined.json - echo "," >> $DEST/combined.json + echo "" + cat $doc >> $COMBINED_JSON + echo "," >> $COMBINED_JSON done - echo "{}]" >> $DEST/combined.json + echo "{}]" >> $COMBINED_JSON - check_model $DEST/combined.json + check_model $COMBINED_JSON + echo "" + check_spdx $COMBINED_JSON + echo "" done - - diff --git a/bin/make-mkdocs-config.sh b/bin/make-mkdocs-config.sh new file mode 100755 index 0000000000..5747ac63b3 --- /dev/null +++ b/bin/make-mkdocs-config.sh @@ -0,0 +1,59 @@ +#! /bin/sh +# +# SPDX-License-Identifier: MIT +# +# Finds MODEL_PLACEHOLDER string in BASE_YML, +# replaces it with the content from MODEL_YML. + +usage() { + echo "Make MkDocs config" + echo "" + echo "Combines model file list (MODEL_YML)" + echo "with the base MkDocs configuration file (BASE_YML)," + echo "to produce the full MkDocs configuration file (FULL_YML)." + echo "" + echo "Usage: $0 -b -m -f [-p ]" + echo "" + echo "Inputs:" + echo " BASE_YML : a base MkDocs configuration file (usually, it is 'mkdocs.yml')." + echo " MODEL_YML : a model file list ('mkdocs-files.yml' from spec-parser)." + echo "" + echo "Output:" + echo " FULL_YML : a full MkDocs configuration, combining BASE_YML and MODEL_YML." + echo "" + echo "Option:" + echo " MODEL_PLACEHOLDER : a string inside BASE_YML that will be replaced by" + echo " a content from MODEL_YML. Default: '__MODEL_PLACEHOLDER__'" + echo "" + exit 1 +} + +while getopts "b:p:m:f:" opt; do + case $opt in + b) BASE_YML="$OPTARG" ;; + m) MODEL_YML="$OPTARG" ;; + f) FULL_YML="$OPTARG" ;; + p) MODEL_PLACEHOLDER="$OPTARG" ;; + *) usage ;; + esac +done + +# Set default value for MODEL_PLACEHOLDER if not provided +if [ -z "$MODEL_PLACEHOLDER" ]; then + MODEL_PLACEHOLDER="__MODEL_PLACEHOLDER__" +fi + +if [ -z "$BASE_YML" ] || [ -z "$MODEL_PLACEHOLDER" ] || [ -z "$MODEL_YML" ] || [ -z "$FULL_YML" ]; then + usage +fi + +sed -e "\|- model.*#.*$MODEL_PLACEHOLDER.*|{ + r $MODEL_YML + a\\ + + d +}" "$BASE_YML" > "$FULL_YML" + +TEMP_FILE=$(mktemp) +sed "/$MODEL_PLACEHOLDER/d" "$FULL_YML" > "$TEMP_FILE" +mv "$TEMP_FILE" "$FULL_YML" diff --git a/bin/pull-license-list.py b/bin/pull-license-list.py index 6be0628ad0..1e1a361880 100755 --- a/bin/pull-license-list.py +++ b/bin/pull-license-list.py @@ -5,7 +5,7 @@ # # usage: ./bin/pull-license.py # -# Script licensed under SPDX-License-Identifier: MIT +# SPDX-License-Identifier: MIT import codecs import itertools diff --git a/build.md b/build.md new file mode 100644 index 0000000000..6cf1e74ba1 --- /dev/null +++ b/build.md @@ -0,0 +1,214 @@ +--- +SPDX-License-Identifier: Community-Spec-1.0 +SPDX-FileCopyrightText: Copyright 2024 The SPDX Contributors +--- + +# Building the specification website + +The specification website building flow looks like this: + +```text + +-------------------+ + |[spdx-3-model] | + | +- model/ ---- Constrained-Markdown files -+ + | +- model.drawio -----------------+ | + +-------------------+ | | + | | + +-------------------+ v | + |[spdx-spec] | draw.io | + | +- docs/ | (manual) v + | | +- annexes/ | | spec-parser + | | +- front/ | | | + | | +- images/ <---- PNG images --+ | + | | +- licenses/ | | + | | +- model/ <----- Processed Markdown files ---+ + | | +- rdf/ <----- RDF files ------------------+ + | | +- *.md | + | | +- index.md | + | +- mkdocs.yml | + +-------------------+ + | + mkdocs + | + v + +-------------------+ + | HTML website | + | +- annexes/ | + | +- ... | + | +- *.md | + | +- index.html | + +-------------------+ +``` + +## 1. Prerequisites + +Apart from Git and Python, you have to have [MkDocs](http://mkdocs.org) +installed on your machine. If you don't have it yet installed please follow +these [installation instructions](http://www.mkdocs.org/#installation). + +`mkdocs.yml` is the configuration file for MkDocs. + + + +## 2. Getting input files + +Next, you have to get the model files, the other specification files +(main chapters, annexes, front matter, and licenses), +and the model parser, by cloning these repositories: +[`spdx/spdx-3-model`](https://github.com/spdx/spdx-3-model), +[`spdx/spdx-spec`](https://github.com/spdx/spdx-spec), and +[`spdx/spec-parser`](https://github.com/spdx/spec-parser) +to these paths: `spdx-3-model`, `spdx-spec`, and `spec-parser`, respectively: + +```shell +git clone https://github.com/spdx/spdx-3-model.git +git clone https://github.com/spdx/spdx-spec.git +git clone https://github.com/spdx/spec-parser.git +``` + +Install their Python prerequisites: + +```shell +pip3 install -r spdx-spec/requirements.txt +pip3 install -r spec-parser/requirements.txt +``` + +## 3. Processing model files (Markdown and RDF) + +*If you only want to review the non-model parts of the specification* +*(e.g., chapters and annexes), you can skip to [step 4](#4-building-html).* + +Model files in `spdx/spdx-3-model` repository are written in a constrained +Markdown format, with a limited set of allowed headings. +The `spec-parser` processes these model files to generate both ontology files +and final Markdown files suitable for MkDocs. + +The `spec-parser` also performs automatic formatting on the resulting Markdown +files. For instance, it converts a list under the "Properties" heading into a +table. + +### 3.1 Generating model files with spec-parser + +To verify the formatting of pre-processed model files and +prepare them for MkDocs, run the following command: + +```shell +python3 spec-parser/main.py spdx-3-model/model parser_output +``` + +*(If `parser_output` already exists, the `spec-parser` will not overwrite it.)* + +The command will create files in the `parser_output` directory. +Among its subdirectories, we're particularly interested in: + +- `parser_output/mkdocs` - Processed Markdown files for MkDocs: + These files (`.md` extension) are located in various + subdirectories and are intended for processing by MkDocs in the next step. +- `parser_output/rdf` - Ontology (RDF) files: + These files (`spdx-context.jsonld`, `spdx-model.json-ld`, `spdx-model.n3`, + `spdx-model.pretty-xml`,`spdx-model.ttl`, `spdx-model.xml`, etc.) + are ready for immediate use. + +- `parser_output/mkdocs`: Processed Markdown files (`.md`) for MkDocs. + These files will be used by MkDocs in the next step. +- `parser_output/rdf`: Ontology (RDF) files, including + `spdx-context.jsonld`, `spdx-model.json-ld`, `spdx-model.ttl`, etc. + These files are ready for immediate use. + +Additionally, a `parser_output/model-files.yml` file will be generated. +It contains a list of the files within `parser_output/mkdocs` +and will be used for MkDocs configuration later. + +### 3.2 Copying the generated files + +Copy the processed Markdown files and ontology files to the `docs/` directory: + +```shell +mkdir -p spdx-spec/docs/model +mkdir -p spdx-spec/docs/rdf +cp -R parser_output/mkdocs/* spdx-spec/docs/model +cp -R parser_output/rdf/* spdx-spec/docs/rdf +``` + +### 3.3 Generate a complete MkDocs configuration file + +To ensure MkDocs recognizes the new Markdown files, +insert the model file list from `parser_output/model-files.yml` +into the MkDocs configuration file in `spdx-spec/mkdocs.yml`. + +```shell +spdx-spec/bin/make-mkdocs-config.sh \ + -b spdx-spec/mkdocs.yml \ + -m parser_output/model-files.yml \ + -f spdx-spec/mkdocs-full.yml +``` + +The complete MkDocs configuration will be at `spdx-spec/mkdocs-full.yml`. + +## 4. Building HTML + +With all specification and model files prepared, +we will use MkDocs to assemble them into a website. + +*Note: all the commands below use the configuration file* +*with the model file list, `mkdocs-full.yml`,* +*generated in [step 3.3](#33-generate-a-complete-mkdocs-configuration-file).* +*If you only want to review the non-model part of the specification* +*(have skipped step 3), please use `mkdocs.yml` instead.* + +These following commands should run inside the `spdx-spec/` directory. + +- To preview the specification in a web browser: + + ```shell + mkdocs serve --config-file mkdocs-full.yml + ``` + +- To build a static HTML site: + + ```shell + mkdocs build --config-file mkdocs-full.yml + ``` + +- To get debug messages, enables verbose output: + + ```shell + mkdocs build --verbose --config-file mkdocs-full.yml + ``` + +## 5. Configuring the website + +To make additional adjustments to the website, +you can modify the configuration file at `spdx-spec/mkdocs.yml`. + +For example, you can customize website details like the site name +and main URL (canonical URL) in this file. + +To include a page in the navigation bar, list its filename under the `nav:` +section. The order of filenames in this section determines the order of the +page in the navigation bar. + +After you have modified the configuration file, you may need to rerun +[step 3.3](#33-generate-a-complete-mkdocs-configuration-file) +to incorporate the changes into the complete configuration file. + +## 6. Specification versions on spdx.github.io + +The SPDX specifications on are built +by using a workflow in +[`.github/workflows/publish_v3.yml`](.github/workflows/publish_v3.yml). +This workflow uses [mike](https://github.com/jimporter/mike) to publish +multiple versions of MkDocs-powered documentation. + +The published versions, their titles, and aliases are listed in the file +[versions.json](https://github.com/spdx/spdx-spec/blob/gh-pages/versions.json) +located in the `gh-pages` branch. +These versions populate the version selector dropdown on the website. +The step `name: Deploy and set aliases` in the GitHub workflow file +determines the title and alias. + +mike is not needed for local testing of a specific spec version. diff --git a/docs/ISO_foreword.md b/docs/ISO_foreword.md deleted file mode 100644 index 6a5dafaaca..0000000000 --- a/docs/ISO_foreword.md +++ /dev/null @@ -1,15 +0,0 @@ -# Foreword - -ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. - -The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see [https://www.iso.org/directives](https://www.iso.org/directives)). - -Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see [https://www.iso.org/patents](https://www.iso.org/patents)). - -Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. - -For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see [https://www.iso.org/iso/foreword.html](https://www.iso.org/iso/foreword.html). - -This document was prepared by the Joint Development Foundation. This document was adopted, under the PAS procedure, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its approval by the national bodies of ISO and IEC. - -Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at [https://www.iso.org/members.html](https://www.iso.org/members.html). diff --git a/docs/annexes/RDF-object-model-and-identifier-syntax.md b/docs/annexes/RDF-object-model-and-identifier-syntax.md deleted file mode 100644 index d6d6d41516..0000000000 --- a/docs/annexes/RDF-object-model-and-identifier-syntax.md +++ /dev/null @@ -1,38 +0,0 @@ -# Annex B: RDF object model and identifier syntax (Normative) - -## B.1 Introduction - -SPDX ® Vocabulary Specification Version: 3.0.1 - -[SPDX 3.0.1 Model SHACL](https://spdx.org/rdf/3.0.1/spdx-model.ttl) - -### Core and Software Profiles - -[![SPDX 3.0 Core and Software Profiles diagram][fig_core_software]][fig_core_software] - -### AI Profile - -[![SPDX 3.0 AI Profile diagram][fig_ai]][fig_ai] - -### Build Profile - -[![SPDX 3.0 Build Profile diagram][fig_build]][fig_build] - -### Dataset Profile - -[![SPDX 3.0 Dataset Profile diagram][fig_dataset]][fig_dataset] - -### Licensing Profile - -[![SPDX 3.0 Licensing Profile diagram][fig_licensing]][fig_licensing] - -### Security Profile - -[![SPDX 3.0 Security Profile diagram][fig_security]][fig_security] - -[fig_core_software]: ../images/model-core-software.png "SPDX 3.0 Core and Software Profiles diagram" -[fig_ai]: ../images/model-ai.png "SPDX 3.0 AI Profile diagram" -[fig_build]: ../images/model-build.png "SPDX 3.0 Build Profile diagram" -[fig_dataset]: ../images/model-dataset.png "SPDX 3.0 Dataset Profile diagram" -[fig_licensing]: ../images/model-licensing.png "SPDX 3.0 Licensing Profile diagram" -[fig_security]: ../images/model-security.png "SPDX 3.0 Security Profile diagram" diff --git a/docs/annexes/SPDX-Lite.md b/docs/annexes/SPDX-Lite.md deleted file mode 100644 index f326241b54..0000000000 --- a/docs/annexes/SPDX-Lite.md +++ /dev/null @@ -1,133 +0,0 @@ -# Annex H: SPDX Lite - -## H.1 Definition of the Lite profile - -The Lite profile is designed to make it quick and easy to start a Software Bill of Materials in situations where a company may have limited capacity for introducing new items into its process. -The Lite profile captures the minimum set of information required for license compliance in the software supply chain. It contains information about the creation of the SBOM, package lists with licensing and other related items, and their relationships. - -All elements in Lite profile are essential for complying with licenses. It is easy to use a SPDX document with the Lite profile for anyone who does not have enough knowledge about licensing information and easy to import license information from former versions of SPDX Lite format files. -The Lite profile offers the flexibility to be used either alone or in combination with other SPDX profiles as a SPDX document in the software supply chain. - -## H.2 Table of the Lite profile elements - -A SPDX document with the Lite profile must include properties for each class listed in **Table H.1**. And ```Cardinality 1..``` means a **REQUIRED** element, and the others **SHOULD** be filled in as much as possible if necessary. - -**Table H.1 — the Lite profile elements** - -1. For a /Core/SpdxDocument to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Core/SpdxDocument/spdxId | 1..1 | | - | 2 | /Core/SpdxDocument/name | 0..1 | | - | 3 | /Core/SpdxDocument/comment | 0..1 | | - | 4 | /Core/SpdxDocument/creationInfo | 1..1 | | - | 5 | /Core/SpdxDocument/verifiedUsing | 0..* | This should be objects of /Core/Hash | - | 6 | /Core/SpdxDocument/element | 1..* | MUST have at least one /Core/Sbom object | - | 7 | /Core/SpdxDocument/rootElement | 1..* | This should be objects of /Core/Sbom | - | 8 | /Core/SpdxDocument/namespaceMap | 0..* | | - | 9 | /Core/SpdxDocument/dataLicense | 0..1 | | - -2. For a /Core/NameSpaceMap to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Core/NameSpaceMap/prefix | 1..1 | | - | 2 | /Core/NameSpaceMap/namespace | 1..1 | | - -3. For a /Software/Sbom to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Software/Sbom/spdxId | 1..1 | | - | 2 | /Software/Sbom/creationInfo | 1..1 | | - | 3 | /Software/Sbom/element | 1..* | MUST have at least one /Software/Package object | - | 4 | /Software/Sbom/rootElement | 1..* | This should be objects of /Software/Package | - | 5 | /Software/Sbom/sbomType | 0..* | | - -4. For a /Core/CreationInfo to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Core/CreationInfo/specVersion | 1..1 | This should be a fixed string, “3.0.0”. | - | 2 | /Core/CreationInfo/comment | 0..1 | | - | 3 | /Core/CreationInfo/created | 1..1 | | - | 4 | /Core/CreationInfo/createdBy | 1..* | This should be objects of /Core/Agent | - -5. For a /Core/Agent (createdBy, suppliedBy, originatedBy) to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Core/Agent/spdxId | 1..1 | | - | 2 | /Core/Agent/name | 1..1 | | - | 3 | /Core/Agent/creationInfo | 1..1 | This should be “BlankNode” | - | 4 | /Core/Agent/externalIdentifier | 0..* | | - -6. For a /Core/ExternalIdentifier to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Core/ExternalIdentifier/externalIdentifierType | 1..1 | | - | 2 | /Core/ExternalIdentifier/identifier | 1..1 | | - -7. For a /Software/Package to be conformant with this profile, the following has to hold: -And all /Software/Package objects MUST have “downloadLocation” OR “packageUrl” if present. - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Software/Package/spdxId | 1..1 | | - | 2 | /Software/Package/name | 1..1 | | - | 3 | /Software/Package/comment | 0..1 | | - | 4 | /Software/Package/creationInfo | 1..1 | | - | 5 | /Software/Package/verifiedUsing | 0..* | This should be objects of /Core/Hash | - | 6 | /Software/Package/originatedBy | 0..* | This should be objects of /Core/Agent | - | 7 | /Software/Package/suppliedBy | 1..1 | This should be an object of /Core/Agent | - | 8 | /Software/Package/builtTime | 0..1 | | - | 9 | /Software/Package/releaseTime | 0..1 | | - | 10 | /Software/Package/validUntilTime | 0..1 | | - | 11 | /Software/Package/supportLevel | 0..* | | - | 12 | /Software/Package/copyrightText | 1..1 | | - | 13 | /Software/Package/attributionText | 0..* | | - | 14 | /Software/Package/packageVersion | 1..1 | | - | 15 | /Software/Package/downloadLocation | 0..1 | | - | 16 | /Software/Package/packageUrl | 0..1 | | - | 17 | /Software/Package/homepage | 0..1 | | - -8. For a /Core/Hash to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Core/Hash/algorithm | 1..1 | | - | 2 | /Core/Hash/hashValue | 1..1 | | - | 3 | /Core/Hash/comment | 0..1 | | - -9. For a /Core/Relationship to be conformant with this profile, the following has to hold: - - 1. for every /Software/Package object MUST exist exactly one /Core/Relationship object of type ```concludedLicense``` having that element as its ```from``` property and an /SimpleLicensing/AnyLicenseInfo as its ```to``` property. - 2. for every /Software/Package object MUST exist exactly one /Core/Relationship object of type ```declaredLicense``` having that element as its ```from``` property and /SimpleLicensing/AnyLicenseInfo object as its ```to``` property. - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /Core/Relationship/spdxId | 1..1 | | - | 2 | /Core/Relationship/creationInfo | 1..1 | | - | 3 | /Core/Relationship/from | 1..1 | | - | 4 | /Core/Relationship/to | 1..* | | - | 5 | /Core/Relationship/relationshipType | 1..1 | | - -10. For a /SimpleLicensing/LicenseExpression to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /SimpleLicensing/LicenseExpression/spdxId | 1..1 | | - | 2 | /SimpleLicensing/LicenseExpression/creationInfo | 1..1 | | - | 3 | /SimpleLicensing/LicenseExpression/licenseExpression | 1..1 | | - | 4 | /SimpleLicensing/LicenseExpression/licenseListVersion | 0..1 | | - -11. For a /SimpleLicensing/SimpleLicensingText to be conformant with this profile, the following has to hold: - - | # | Property Name | Cardinality | Comments | - |:-:|:--|:--|:--| - | 1 | /SimpleLicensing/SimpleLicensingText/spdxId | 1..1 | | - | 2 | /SimpleLicensing/SimpleLicensingText/creationInfo | 1..1 | | - | 3 | /SimpleLicensing/SimpleLicensingText/licenseText | 1..1 | | - | 4 | /SimpleLicensing/SimpleLicensingText/comment | 0..1 | | diff --git a/docs/annexes/cross-reference.md b/docs/annexes/cross-reference.md deleted file mode 100644 index 936fc2faa6..0000000000 --- a/docs/annexes/cross-reference.md +++ /dev/null @@ -1,247 +0,0 @@ -# Annex I: Cross referencing in SPDX 3 (Informative) - -This document will walk though how to refer to SPDX Elements across documents -(e.g. cross reference). - -If you do would like to construct the complete example documents from this -Markdown file, use the following command: - -```shell -cat cross-reference.md | awk 'BEGIN{flag=0} /^```json/, $0=="```" { if (/^---$/){flag++} else if ($0 !~ /^```.*/ ) print $0 > "doc-" flag ".spdx.json"}' -``` - -## Linking via spdxId - -It is frequently desired (and necessary) to reference an SPDX 3 -[Element][Class_Element] that lives in one document from another. Since SPDX -documents are valid [JSON-LD][JSON_LD] documents, linking elements together can -be as simple as referencing the spdxId of one element from another (in the same -way that doing so within a document links Elements together. For example, -assume we have this document that contains a [Person][Class_Person] we want to -reference in another document: - -```json -{ - "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", - "@graph": [ - { - "type": "Person", - "spdxId": "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f", - "creationInfo": "_:creationinfo", - "name": "Joshua Watt", - "externalIdentifier": [ - { - "type": "ExternalIdentifier", - "externalIdentifierType": "email", - "identifier": "JPEWhacker@gmail.com" - } - ] - }, - { - "type": "CreationInfo", - "@id": "_:creationinfo", - "specVersion": "3.0.0", - "createdBy": [ - "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" - ], - "created": "2024-03-06T00:00:00Z" - }, - { - "type": "SpdxDocument", - "spdxId": "https://spdx.org/spdxdocs/Document1-7bd25aaf-64b7-4ccc-aa85-84695cef4c17", - "creationInfo": "_:creationinfo", - "profileConformance": [ - "core" - ], - "rootElement": [ - "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" - ] - } - ] -} -``` - -Now, in our new document we can reference the "Joshua Watt" person by simply -referring to it by its spdxId. For example, to indicate that this new document -was also written by the same person, we can reference it in the creation info -(note the [createdBy][Property_createdBy] property): - -```json ---- -{ - "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", - "@graph": [ - { - "type": "CreationInfo", - "@id": "_:creationinfo1", - "specVersion": "3.0.0", - "createdBy": [ - "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" - ], - "created": "2024-05-08T00:00:00Z" - }, -``` - -## Imports - -This is sufficient to link documents in JSON-LD, but it is missing some useful -information that SPDX requires you to specify. Namely, since spdxIds are _not_ -necessarily resolvable URLs, this gives no indication as to where the -[Person][Class_Person] can be found. In order to provide this information, SPDX -requires that all externally referenced spdxIds be enumerated in the -[imports][Property_imports] property of the local -[SpdxDocument][Class_SpdxDocument]. Lets start by writing the preamble for the -SpdxDocument: - -```json - { - "type": "SpdxDocument", - "spdxId": "https://spdx.org/spdxdocs/Document2-72d52ac3-3642-47be-9f83-8fbef6a962b4", - "creationInfo": "_:creationinfo1", - "profileConformance": [ - "core", - "software" - ], - "imports": [ -``` - -The [imports][Property_imports] property is a list of -[ExternalMap][Class_ExternalMap] objects, one for each external spdxId being -referenced. The class has one required property called -[externalSpdxId][Property_externalSpdxId] which is the external spdxId being -described: - -```json - { - "type": "ExternalMap", - "externalSpdxId": "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f", - -``` - -In addition to this, there are a few optional fields. The first is the -[locationHint][Property_locationHint] property which is a URI that indicates -where the document that contains the external spdxId may be located. Since this -is an actual resolvable URI, consumers of the document can use locate the -unresolved spdxId. While optional, this field is recommended: - -```json - "locationHint": "http://downloads.example.com/Document1.spdx.json", -``` - -In addition to the location, the [verifiedUsing][Property_verifiedUsing] -property indicates how a user can verify the integrity of the external document -to ensure it has not been tampered with. It can be 0 or more -[IntegrityMethod][Class_IntegrityMethod] objects. While also optional, it is -recommended to include at least one: - -```json - "verifiedUsing": [{ - "type": "Hash", - "algorithm": "sha256", - "hashValue": "3ba8c249c1ba1b6fe20582de88a5123b317632a5a94ba27199d01724df4eb149" - }], -``` - -Finally, the [definingArtifact][Property_definingArtifact] allows a much richer -expression of information about the document that contains the external spdxId -by linking to a complete [Artifact][Class_Artifact] element. This field is also -optional, but if you need the impressive expressive power of the `Artifact` -class, it is also recommended: - -```json - "definingArtifact": "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577" -``` - -It should be noted that it is reasonable for the `definingArtifact` itself to -be an external spdxId, as long as it also has the relevant entry in `imports`. - -We also need to add an import for the [SpdxDocument][Class_SpdxDocument] that -contains the author, as we will be referencing it later, so lets do that now: - -```json - }, - { - "type": "ExternalMap", - "externalSpdxId": "https://spdx.org/spdxdocs/Document1-7bd25aaf-64b7-4ccc-aa85-84695cef4c17", - "locationHint": "http://downloads.example.com/Document1.spdx.json", - "verifiedUsing": [{ - "type": "Hash", - "algorithm": "sha256", - "hashValue": "3ba8c249c1ba1b6fe20582de88a5123b317632a5a94ba27199d01724df4eb149" - }], - "definingArtifact": "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577" - } -``` - -And that is it! By providing this information you are explaining to consumer of -the document how they can resolve the external spdxIds. - -Lets close out our SpdxDocument - -```json - ] - }, -``` - -Since we are using an [Artifact][Class_Artifact] that describes the SpdxDocument -containing the external spdxId, we need to write that now: - -```json - { - "type": "software_File", - "spdxId": "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577", - "creationInfo": "_:creationinfo1", - "software_fileKind": "file", - "software_primaryPurpose": "file", - "software_contentType": "application/spdx+json", - "verifiedUsing": [{ - "type": "Hash", - "algorithm": "sha256", - "hashValue": "3ba8c249c1ba1b6fe20582de88a5123b317632a5a94ba27199d01724df4eb149" - }], - "originatedBy": [ - "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f" - ], - "suppliedBy": "https://spdx.org/spdxdocs/Person/JoshuaWatt-0ef7e15a-5628-4bd9-8485-a3eace6dcc4f", - "releaseTime": "2024-03-06T00:00:00Z", - "builtTime": "2024-03-06T00:00:00Z" - }, -``` - -Finally, since we are using an [Artifact][Class_Artifact], we need to add a -[Relationship][Class_Relationship] with type `serailizedInArtifact` to link the -artifact and the serialized [SpdxDocument][Class_SpdxDocument]. Note that this -is where the `spdxId` of the `SpdxDocument` is referenced which is why we -needed to import it earlier: - -```json - { - "spdxId": "https://spdx.org/spdxdocs/Relationship/serializedInArtifact-141ec767-40f2-4aad-9658-ac2703f3a7d9", - "type": "Relationship", - "creationInfo": "_:creationinfo1", - "relationshipType": "serializedInArtifact", - "from": "https://spdx.org/spdxdocs/Document1-7bd25aaf-64b7-4ccc-aa85-84695cef4c17", - "to": [ - "https://spdx.org/spdxdocs/Artifact-4762f4c5-3362-47e9-9595-5182235ef577" - ] - } - ] -} -``` - -Happy Linking! - -[Class_Artifact]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Artifact -[Class_Element]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Element -[Class_ExternalMap]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/ExternalMap -[Class_IntegrityMethod]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/IntegrityMethod -[Class_Person]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Person -[Class_SpdxDocument]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/SpdxDocument -[Class_Relationship]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Relationship -[JSON_LD]: https://json-ld.org/ -[Property_createdBy]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/createdBy -[Property_definingArtifact]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/definingArtifact -[Property_externalSpdxId]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/externalSpdxId -[Property_imports]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/imports -[Property_verifiedUsing]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/verifiedUsing -[Property_locationHint]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/locationHint diff --git a/docs/annexes/diffs-from-previous-editions.md b/docs/annexes/diffs-from-previous-editions.md deleted file mode 100644 index c55187192e..0000000000 --- a/docs/annexes/diffs-from-previous-editions.md +++ /dev/null @@ -1,927 +0,0 @@ -# Annex A: Differences from previous editions (Informative) - -## A.1 Differences between V3.0 and V2.3 - -### SPDX meaning - -In previous editions of the specification, SPDX meant "Software Package Data Exchange". - -Starting with V3.0, the scope of SPDX has expanded beyond software and now means "System Package Data Exchange". - -### Structural Differences - -These are the most significant breaking changes requiring a change in logic to handle a different model or structure for the information. Each structural difference will describe the change, describe an approach to translate from 2.3 to 3.0, and provide a rationale for the change. - -#### External Document Reference - -##### Description of Change - -The purpose of the SPDX 2.3 structure “ExternalDocumentRef” is now covered by two separate structures: - -- NamespaceMap which maps short identifiers used in serializations to full namespace URI’s to support terseness in serialization of element identifiers -- ExternalMap which maps an element identifier for an element defined externally to verification and location information - -The externalDocumentRef property on the SpdxDocument has been replaced by import property and namespace property. - -Another change is the SPDX document checksum field has been replaced with a “verifiedUsing” property on the ElementCollection. The “verifiedUsing” which has 0 or more “IntegrityMethod” which should be the checksum of the SPDX document. - -##### Translating from 2.3 to 3.0 - -Each ExternalDocumentRef instance will translate as follows: - -- An entry would be created in the Namespace map for the external document namespace - - The value of the DocumentRef-[idstring] would be used for the prefix property in the NamespaceMap. - - The value of the documentNamespace appended with a “#” would be used for the namespace in the NamespaceMap. -- An entry would be created in the ExternalMap for the external document ref - - A string identifier consisting of the DocumentRef-[idstring] (the same value as the prefix in the NamespaceMap) concatenated with a “:” and then concatenated with “SPDXRef-DOCUMENT” would be used for the externalSpdxId in the ExternalMap. - - An integrity method of “Hash” will be created with the same information as the checksum property and will be referenced using the “verifiedUsing” property on the ExternalMap entry. -- An entry would be created in the ExternalMap for each element referenced in the current SpdxDocument that is originally specified in the referenced SpdxDocument. - - A string identifier consisting of the DocumentRef-[idstring] (the same value as the prefix in the NamespaceMap) concatenated with a “:” and then concatenated with the local portion of the element identifier would be used for the externalSpdxId in the ExternalMap - - A “definingDocument” property would be specified containing a string identifier consisting of the DocumentRef-[idstring] concatenated with a “:” and then concatenated with “SPDXRef-DOCUMENT”. This is a shortcut linkage to tie the referenced element to its defining SpdxDocument for verification and location information. - -##### Rationale - -A key difference between SPDX 2.3 and SPDX 3.0 is that in SPDX 2.3 elements are always expressed within or referenced in relation to a single enclosing SpdxDocument while in SPDX 3.0 a key design principle is that all elements may be expressed and referenced independent of any other element including SpdxDocument. This independence is required to support a variety of content exchange and analysis use cases. - -For example, in SPDX 2.3 if you wish to express even a single package you specify it within an SpdxDocument and its identifier namespace is restricted to the namespace of the SpdxDocument. In SPDX 3.0 you could specify a single package within an SpdxDocument element (or any other subclass of ElementCollection such as Bundle, Bom, Sbom, etc.) but you could also simply specify it on its own without any enclosing collection element. In addition, in SPDX 3.0 the identifier of the package may share a namespace with an enclosing collection element such as SpdxDocument if desired but it is equally valid for it to have any namespace desired unconstrained by any other element namespace whether it is expressed within a collection element such as SpdxDocument or not. - -In this example, in SPDX 2.3 if you referenced the package within the same SpdxDocument that it is defined in you would utilize the local portion of its identifier and presume that the namespace is the same as the SpdxDocument namespace. If you referenced it from an SpdxDocument other than the one it is defined in you would use an ExternalDocumentRef to specify a prefix name for the other SpdxDocument to be used within the current SpdxDocument, the URI namespace/identifier for the other SpdxDocument, and a checksum for the other SpdxDocument. To reference the package you would then use an identifier combining the external document ref prefix and the local portion of the identifier. - -The ExternalDocumentRef structure in SPDX 2.3 is based on the presumptions that elements are always defined within SpdxDocuments, that external elements can always be referenced via a containing SpdxDocument and that element identifiers have a namespace from their original containing SpdxDocument. None of these three presumptions hold true for SPDX 3.0 so a slightly modified structure is necessary to support the two use cases previously covered by ExternalDocumentRef in SPDX 2.3: 1) the ability to specify identifier namespace prefixes and accompanying namespaces for SPDX elements to support more terse serialized expression of content with integrity across serialization forms, 2) the ability to specify which elements in the current subclass of ElementCollection (e.g., SpdxDocument) are only referenced from that collection and defined elsewhere, along with details regarding their verification and location. - -The Namespace map structure in SPDX 3.0 fully supports the namespace prefixing use case for SpdxDocuments previously covered by ExternalDocumentRef but also equally covers the same use case capability for all element types and for any number of element identifier namespaces (in SPDX 3.0 all elements within an SpdxDocument are not required to have the same namespace and can actually be any desired mix of namespaces) to support this capability required in SPDX 3.0. - -The ExternalMap structure in SPDX 3.0 fully supports the external element (including SpdxDocument elements) referencing use case for SpdxDocuments previously covered by ExternalDocumentRef but also equally covers the same use case capability for any elements whether they were originally defined within an SpdxDocument or not to support this capability required in SPDX 3.0. The ExternalMap structure in SPDX 3.0 provides the ability to specify verification and location details for any element, not just SpdxDocuments, if appropriate but also provides simple linkage, using the “definingDocument'' property, from element entries in the ExternalMap to SpdxDocument entries in the ExternalMap where the elements were defined within the SpdxDocument and verification of the elements can be achieved via proxy to the SpdxDocument “verifiedUsing” information (this is how the SPDX 2.3 ExternalDocumentRef structure currently works). - -#### Agent - -##### Description of Change - -The creator property in SPDX 2.3 has been replaced by createdBy and createdUsing properties with a type Agent and Tool resp. The supplier property has been replaced by a property suppliedBy with a type Agent. Additional suppliers can be provided with a a relationship to an availableFrom relationship. The originator property type has been replaced with the originatedBy property with a type Agent. - -An Agent can be a Person, Organization, or Software Agent. It can also just be an Agent if it is not known what specific type an Agent is. - -##### Translating from 2.3 to 3.0 - -The SPDX 2.3 creator string would be parsed and the appropriate Person, Organization or Tool would be created depending on if the prefix is “Person: ”, “Organization:” or “Tool: ” resp. The required createdBy field for Agent or Tool may point to itself if no other information is available. The createdUsing property would be used for Tool whereas the createdBy property would be used for Person and Organization. The name would map to the “name” property. If an email address is present, it would translate to an external identifier. - -Note that in 3.0 the createdBy is a required field. There will be situations where only a Tool is provided. In that case, createdBy should point to a SoftwareAgent should be created using the same information as the Tool. - -##### Rationale - -The 3.0 format is more machine readable and structured (e.g. you do not need to parse the type from the string value). It is also more flexible in that an Agent can be used even if it is not known what the Agent type is. - -#### File Type - -##### Description of Change - -The FileType enumeration has been replaced by two fields, the [media type](https://www.iana.org/assignments/media-types/media-types.xhtml) string as maintained by IANA for the content of the file and an enumeration of SoftwarePurpose for the purpose of the file. - -The property name fileType has been replaced by a property name contentType. - -##### Translating from 2.3 to 3.0 - -##### Rationale - -One of the things that we identified is that `FileType` was being used for two things: - -1. Describing the purpose of the file. -2. Describing the type of content in the file. - -For SPDX 3.0 we split this into two properties: - -- `SoftwarePurpose` to capture the purpose (which is of type `SoftwarePurpose`). -- `ContentType` to capture the type of content (which is of type `MediaType`). - -The name `ContentType` was chosen to mirror the Content-Type header in HTTP (which is also of type MediaType) and to express that this is describing the type of content (as opposed to metadata, headers, or something else). For example, if (and not saying we would) we extended `File` in the future to be able to capture the type of executable header a file has (e.g. ELF), that could also be of type `MediaType` but the property name might be `ExecutableHeaderType`. - -An example conversion table from SPDX 2.3 `FileType` to SPDX 3.0 `ContentType` or `SoftwarePurpose` can look like this: - -| SPDX 2 File Type | SPDX 3 Software Purpose | SPDX 3 Content Type | -|------------------|-------------------------|---------------------| -| ARCHIVE | Archive | | -| BINARY | | application/octet-stream | -| SOURCE | Source | | -| TEXT | | text/plain | -| APPLICATION | Application | | -| AUDIO | | audio/* | -| IMAGE | | image/* | -| VIDEO | | video/* | -| DOCUMENTATION | Documentation | | -| SPDX | | text/spdx | -| OTHER | Other | | - -#### Package File Name - -##### Description of Change - -The packageFileName property and packageChecksum property has been replaced by a relationship from a Package to a File. A relationship type of hasDistributionArtifact should be used. - -##### Translating from 2.3 to 3.0 - -Create an SPDX File with the name from the packageFileName and a verifiedUsing value from the packageChecksum for a single file. If the packageFileName is a directory, then the SPDX File is created with the directory name and is verified using the contentIdentifier property on the File and a fileKind of directory. Create a hasDistributionArifact relationship from the SPDX Package to the SPDX File. - -##### Rationale - -Providing a File relationship to the download location will include more detailed and complete information about the package file name used. - -#### External Identifiers - -##### Description of Change - -In SPDX 3.0, a properties externalIdentifier and contentIdentifier with types ExternalIdentifier and ContentIdentifier were introduced. This is in addition to retaining the ExternalRef property and classes. - -In SPDX 2.3, both identifiers and references were captured in the externalRef property for packages. - -In addition to the structural changes, the “url” ExternalRef type was removed and is replaced by the “securityOther” ExternalRef type. - -##### Translating from 2.3 to 3.0 - -The following ExternalRef Types should be converted to ExternalIdentifiers: - -- cpe22Type -- cpe23Type -- swid -- purl - -The following ExternalRef Types should be converted to ContentIdentifers: - -- gitoid -- swh - -All other ExternalRef types should remain as ExternalRef’s. - -The url ExternalRef type should be converted to a “securityOther”. - -##### Rationale - -Distinguishing identifiers from references is key to several integrity and provenance use cases. Creating a separate property and type enables easier identification of identifiers. - -#### Package URL - -##### Description of Change - -In SPDX 3.0, Package URL is a new property for Artifact which is a superclass of Package. - -Package URL is an External Ref type in SPDX 2.3. - -##### Translating from 2.3 to 3.0 - -If there is a single ExternalReference of type purl without the optional ExternalRef comment property, place that in the packageUrl property. - -##### Rationale - -Package URL is a very common method of identifying software packages. Moving this to a property makes it significantly simpler to find and correlate Package URL identifiers. - -#### Annotation - -##### Description of Change - -Annotations are now subclasses of Element, so it inherits a number of new optional properties including names, annotations, and its own relationships. - -Annotations are no longer a property of an Element. It is now a standalone element with a “subject” field which points to the Element being annotated. - -##### Translating from 2.3 to 3.0 - -A new Annotation element would be created for every annotation property in an element (Package, File or Snippet). The subject property would point to the Element which has the Annotation as a property. - -The annotator from SPDX 2.3 should be translated to one of the creators for the creationInfo for the Annotation and the annotationDate should be translated to the created field in the same creationInfo. The creationInfo for the Annotation should be the creationInfo of the SPDX 2.3 document. - -The SPDX 2.3 “comment” should use the statement field in SPDX 3.0. - -##### Rationale - -Changing from a property to a standalone element allows for relationships to exist outside the element itself (e.g. you can now create an amended SPDX document which has a new annotation for an element defined in the original document). This also supports third parties' ability to assert Annotations on Elements that they did not create. - -#### Relationship - -##### Description of Change - -The structure of the Relationship class has changed to have a single direction and allow more than one related SPDX Elements. Relationships are now subclasses of Element, so it inherits a number of new optional properties including names, annotations, and its own relationships. - -Relationships are no longer a property of an Element. It is now a standalone element with a “from” and “to” field. - -A new property “completeness' ' complements the use of NONE and NOASSERTION for the related SPDX elements. - -##### Translating from 2.3 to 3.0 - -The “from” property would be populated by the SPDX Element which has the relationship property. The “to” property will be the relatedSpdxElement. - -When translating the relationshipType, the “from” and “to” may need to be swapped - the table below will have a “Y” in the “Swap to and from?” column when this is necessary. - -The completeness property would be constructed based on the following: - -- “to” value is NONE: complete -- “to” value is NOASSERTION: noAssertion -- “to” value is an SPDX element: No value for the completeness - uses the default - -The following table reflects the translation for relationship types from SPDX 2.3 to SPDX 3.0: - -| SPDX 2.3 Relationship Type | SPDX 3.0 Relationship Type | Swap to and from? | LifecycleScopeType | -|----------------------------|----------------------------|-------------------|--------------------| -| AMENDS | amendedBy | Y | | -| ANCESTOR_OF | ancestorOf | | | -| BUILD_DEPENDENCY_OF | dependsOn | Y | build | -| BUILD_TOOL_OF | usesTool | Y | build | -| CONTAINED_BY | contains | Y | | -| CONTAINS | contains | | | -| COPY_OF | copiedTo | Y | | -| DATA_FILE_OF | hasDataFile | Y | | -| DEPENDENCY_MANIFEST_OF | hasDependencyManifest | Y | | -| DEPENDENCY_OF | dependsOn | Y | various lifecycle scope | -| DEPENDS_ON | dependsOn | | various lifecycle scope | -| DESCENDANT_OF | descendantOf | | | -| DESCRIBED_BY | describes | Y | | -| DESCRIBES | describes | | | -| DEV_DEPENDENCY_OF | dependsOn | Y | development | -| DEV_TOOL_OF | usesTool | Y | development | -| DISTRIBUTION_ARTIFACT | hasDistributionArtifact | | | -| DOCUMENTATION_OF | hasDocumentation | Y | | -| DYNAMIC_LINK | hasDynamicLink | Y | build, runtime | -| EXAMPLE_OF | hasExample | Y | | -| EXPANDED_FROM_ARCHIVE | expandsTo | Y | | -| FILE_ADDED | hasAddedFile | Y | | -| FILE_DELETED | hasDeletedFile | Y | | -| FILE_MODIFIED | modifiedBy | | | -| GENERATED_FROM | generates | Y | | -| GENERATES | generates | | | -| HAS_PREREQUISITE | hasPrerequisite | | various lifecycle scope | -| METAFILE_OF | hasMetadata | Y | | -| OPTIONAL_COMPONENT_OF | hasOptionalComponent | Y | | -| OPTIONAL_DEPENDENCY_OF | hasOptionalDependency | Y | various lifecycle scope | -| OTHER | other | | | -| PACKAGE_OF | packagedBy | Y | | -| PATCH_FOR | patchedBy | Y | | -| PATCH_APPLIED | patchedBy | Y | | -| PREREQUISITE_FOR | hasPrerequisite | Y | various lifecycle scope | -| PROVIDED_DEPENDENCY_OF | hasProvidedDependency | Y | various lifecycle scope | -| REQUIREMENT_DESCRIPTION_FOR | hasRequirement | Y | various lifecycle scope | -| RUNTIME_DEPENDENCY_OF | dependsOn | Y | runtime | -| SPECIFICATION_FOR | hasSpecification | Y | various lifecycle scope | -| STATIC_LINK | hasStaticLink | | various lifecycle scope | -| TEST_CASE_OF | hasTestCase | Y | | -| TEST_DEPENDENCY_OF | dependsOn | Y | test | -| TEST_OF | hasTest | Y | various lifecycle scope | -| TEST_TOOL_OF | usesTool | Y | test | -| VARIANT_OF | hasVariant | Y | | - -##### Rationale - -The addition of the completeness attribute is clearer than the use of NONE and NOASSERTION. - -Changing from a property to a standalone element allows for relationships to exist outside the element itself (e.g. you can now create an amended SPDX document which has a new relationship for an element defined in the original document). This enables primary Element creating parties as well as third parties to express significantly greater contextual detail among content they create as well as content created by others. - -#### Snippet - -##### Description of Change - -Byte and line range types have been changed from a StartEndPointer type to a PositiveIntegerRange. Byte range is now optional. - -##### Translating from 2.3 to 3.0 - -Iterate through the “ranges” property. Any startPointer and endPointer with a property of “offset” would be translated to a snippetByteRange property. Any startPointer and endPointer with a property of “lineNumber” would translate to a snippetLineRange property. - -A new Relationship would be created with the “from” pointing to the snippetFromFile and the “to” pointing to the Snippet. They relationshipType would be CONTAINS. - -##### Rationale - -Using the W3C Pointer standard introduced significant complexity in the SPDX 2.X specification. Although there may be some benefit in using a published standard, we have not found any instances where the W3C Pointer ontology was useful for SPDX use cases. - -Changing the snippetFromFile from a property to a relationship [to be filled in]. - -#### SpecVersion - -##### Description of Change - -The type of SpecVersion is changed from a simple string without constraints to a SemVer string which must follow the [Semantic Versioning format](https://semver.org/). - -This adds a constraint where a patch version is required. Previous usage of the SpecVersiononly included the major and minor version. - -##### Translating from 2.3 to 3.0 - -Add a patch version of “0” to any previous spec version. - -##### Rationale - -#### The additional constraints align with best practices for versioning strings - -#### LicenseListVersion - -##### Description of Change - -The type of LicenseListVersion is changed from a simple string without constraints to a SemVer string which must follow the [Semantic Versioning format](https://semver.org/). - -This adds a constraint where a patch version is required. Previous usage of the SPDX license list only included the major and minor version. - -##### Translating from 2.3 to 3.0 - -Add a patch version of “0” to any previous license list version. - -##### Rationale - -The additional constraints align with best practices for versioning strings. - -### Properties Removed - -Below is a list of properties present in 2.3 and not present in 3.0. The Range / Where used is where the property was used in the SPDX 2.3 model. - -#### example - -##### SPDX 2.3 Model Name - -example - -##### Tag/Value Name - -Not used - -##### Range / Where Used - -LicenseException - -##### Rationale - -This field has not been used. - -#### LicenseInfoInFiles - -##### SPDX 2.3 Model Name - -licenseInfoInFiles - -##### Tag/Value Name - -LicenseInfoInFiles - -##### Range / Where Used - -Package - -##### Rationale - -This field is redundant with the declaredLicense property in the Files contained in the Package. It is recommended that the licenseInfoInFiles can be added as an Annotation to the Package in the format: “SPDX 2.X LicenseInfoInFiles: [expression1], [expression2]” where the [expressions] are the string representation of the license expressions. - -#### FilesAnalyzed - -##### SPDX 2.3 Model Name - -filesAnalyzed - -##### Tag/Value Name - -FilesAnalyzed - -##### Range / Where Used - -Package - -##### Rationale - -Many users of the SPDX 2.X spec reported this property as very confusing. - -NOTE: There is no longer a way to specific checksums are required for files. This is being tracked in [Issue #84](https://github.com/spdx/spdx-3-model/issues/84). - -### Naming Differences - -Below is a list of properties and classes where the name has been changed from 2.3 to 3.0. The Range / Where used is where the property was used in the SPDX 2.3 model. - -#### Release Date - -##### SPDX 2.3 Model Name - -releaseDate - -##### Tag/Value Name - -ReleaseDate - -##### New Name - -releaseTime - -##### Range / Where Used - -Package - -##### Rationale - -Better reflects the granularity of the field. - -#### Build Date - -##### SPDX 2.3 Model Name - -buildDate - -##### Tag/Value Name - -BuildDate - -##### New Name - -buildTime - -##### Range / Where Used - -Package - -##### Rationale - -Better reflects the granularity of the field. - -#### Valid Until Date - -##### SPDX 2.3 Model Name - -validUntilDate - -##### Tag/Value Name - -ValidUntilDate - -##### New Name - -validUntilTime - -##### Range / Where Used - -Package - -##### Rationale - -Better reflects the granularity of the field. - -#### External Document Reference - -##### SPDX 2.3 Model Name - -externalDocumentRef - -##### Tag/Value Name - -ExternalDocumentRef - -##### New Name - -import - -##### Range / Where Used - -SpdxDocument (Creation Information) - -##### Rationale - -Feedback from SPDX 2.X usage is that externalDocumentRef is confusing due to the similar externalRef property. - -NOTE: See structural changes related to this property - -#### Checksum Class / Data Type - -##### SPDX 2.3 Model Name - -Checksum class name and checksum property name - -##### Tag/Value Name - -FileChecksum, PackageChecksum - -##### New Name - -verifiedUsing property and Hash class - -##### Range / Where Used - -Package, File - -##### Rationale - -More general concept allowing for different verification algorithms for different scenarios. - -#### Checksum Algorithm - -##### SPDX 2.3 Model Name - -checksumAlgorithm - -##### Tag/Value Name - -N/A - parsed from a string following the Checksum: keyword. - -##### New Name - -hashAlgorithm - -##### Range / Where Used - -Package, File - -##### Rationale - -The term “hash” better represents the intent of this property which is to validate the integrity of the data whereas the term “checksum” is typically for the purpose of error checking. - -#### Name - -##### SPDX 2.3 Model Name - -packageName, fileName - -##### Tag/Value Name - -PackageName, FileName - -##### New Name - -name - -##### Range / Where Used - -Package, File - -##### Rationale - -In the SPDX 2.3 RDF Ontology, both spdx:fileName and spdx:packageName are sub-properties of spdx:name. The OWL has a restriction that spdx:File has exactly one spdx:fileName and spdx:Package has exactly one spdx:packageName. - -Changing these restrictions to just spdx:name would simplify the model. - -#### Version - -##### SPDX 2.3 Model Name - -versionInfo - -##### Tag/Value Name - -PackageVersion - -##### New Name - -packageVersion - -##### Range / Where Used - -Package - -##### Rationale - -This change would make the Tag/Value and RDF values consistent. - -#### Home Page - -##### SPDX 2.3 Model Name - -doap:homepage - -##### Tag/Value Name - -PackageHomePage - -##### New Name - -homePage - -##### Range / Where Used - -##### Rationale - -Uses a consistent namespace for SPDX properties. - -#### Annotation Comment - -##### SPDX 2.3 Model Name - -rdfs:comment - -##### Tag/Value Name - -AnnotationComment - -##### New Name - -statement - -##### Range / Where Used - -Element (Package, File, Snippet) - -##### Rationale - -The rdfs:comment property is optional and has slightly different semantics in other uses (e.g. comments on Elements). Changing the property name clearly distinguishes this usage as a mandatory property for an Annotation. - -#### With Exception Operator - -##### SPDX 2.3 Model Name - -WithExceptionOperator - -member property in WithExceptionOperator - -licenseException property in WithExceptionOperator - -##### Tag/Value Name - -With (part of License Expression) - -##### New Name - -WithAdditionOperator - -subjectLicense - -subjectAddition - -##### Range / Where Used - -Package, File, Snippet - -##### Rationale - -Custom Additions have been added in SPDX 3.0 which operate in a similar manner to listed License Exceptions. The new type and property names are more general to accommodate both custom additions and listed license Exceptions. - -#### License Exception - -##### SPDX 2.3 Model Name - -LicenseException - -licenseExceptionId property in LicenseException - -licenseExceptionText property in LicenseException - -name property in LicenseException - -##### Tag/Value Name - -Not used in Tag/Value - -##### New Name - -ListedLicenseException - -additionId - -additionText - -additionName - -##### Range / Where Used - -Package, File, Snippet - -##### Rationale - -Custom Additions have been added in SPDX 3.0 which operate in a similar manner to listed License Exceptions. The new type and property names are more general to accommodate both custom additions and listed license Exceptions. - -#### ExtractedLicenseInfo - -##### SPDX 2.3 Model Name - -ExtractedLicenseInfo - -##### Tag/Value Name - -ExtractedText - -##### New Name - -CustomLicense - -##### Range / Where Used - -Package, File, Snippet, Document - -##### Rationale - -The SPDX 2.X term implied that the only property was text when in fact there are several properties in common with the listed licenses. See [model issue #233](https://github.com/spdx/spdx-3-model/issues/223) for context. - -#### licenseComment - -##### SPDX 2.3 Model Name - -licenseComment - -##### Tag/Value Name - -LicenseName - -##### New Name - -name - -##### Range / Where Used - -License, ListedLicense, ExtractedText - -##### Rationale - -“name” is used in the Element class. Since License is a type of (subclass of) Element, it should use the same field otherwise there would be redundant fields for the same purpose. - -#### LicenseComment - -##### SPDX 2.3 Model Name - -licenseComment - -##### Tag/Value Name - -LicenseComment - -##### New Name - -comment - -##### Range / Where Used - -License, ListedLicense - -##### Rationale - -“comment” is used in the Element class. Since License is a type of (subclass of) Element, it should use the same field otherwise there would be redundant fields for the same purpose. - -#### LicenseID - -##### SPDX 2.3 Model Name - -licenseId - -##### Tag/Value Name - -LicenseId - -##### New Name - -spdxId - -##### Range / Where Used - -License, ListedLicense - -##### Rationale - -“spdxId” is used in the Element class. Since License is a type of (subclass of) Element, it should use the same field otherwise there would be redundant fields for the same purpose. - -##### Range / Where Used - -License, ListedLicense - -##### Rationale - -#### Primary Package Purpose - -##### SPDX 2.3 Model Name - -primaryPackagePurpose - -##### Tag/Value Name - -PrimaryPackagePurpose - -##### New Name - -primaryPurpose - -##### Range / Where Used - -Package - -##### Rationale - -The purpose property is now available for files and snippets in addition to Package resulting in a more general name of primaryPurpose. - -Note that additional purposes can be added using the additionalPurpose property. - -### Serialization Formats - -SPDX 3.0 implements a JSON-LD format which has consistent class and property names with the model. - -See the SPDX 3.0 JSON Schema for the format specifics. - -The Tag/Value, YAML, RDF/XML and Spreadsheet formats are not supported. - -Additional serialization formats are being considered for the SPDX 3.1 release. - -## A.2 Differences between V2.3 and V2.2.2 - -V2.3 has added new fields to improve the ability to capture security related information and to improve interoperability with other SBOM formats. - -Key changes include: - -- Added fields to Clause 7 ( Package Information ) to describe "Primary Package Purpose" and standardize recording of "Built Date", "Release Date", "Valid Until Date". - -- Added hash algorithms (SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32 ) to the set recognized by 7.10 (Package Checksum field) and 8.4 (File checksum field) - -- Update Clause 7, 8, and 9 to make several of the licensing properties optional rather than requiring the use of "NOASSERTION" when no value is provided. - -- Update Clause 11 to add the new relationship types: REQUIREMENT_DESCRIPTION_FOR and SPECIFICATION_FOR. - -- Update Annex B ( License matching guidelines and templates ) to use the License List XML format - -- Update Annex F ( External Repository Identifiers ) to expand security references to include advisory, fix, URL, SWID. Expand persistent identifiers to include gitoid. - -- Update Annex G ( SPDX Lite Profile ) to include NTIA SBOM mandatory minimum fields as required. - -- Update Annex H to documented how the snippet information in files to be consistent with REUSE recommendations. - -- Added Annex K ( How To Use SPDX in Different Scenarios ) to illustrate linking to external security information, and illustrate how the NTIA SBOM mandatory minimum elements map to SPDX fields. - -## A.3 Differences between V2.2.2 and V2.2.1 - -V2.2.2 fixed formatting, grammatical and spelling issues found since ISO/IEC 5962:2021 SPDX v2.2.1 was published. No new fields were added. - -Key changes include: - -- Clarify Optional Cardinality contradictions - -- Update OWL document - -- Update JSON schema to fix typos and add missing required fields. - -- Clarify Information on using License List short form identifiers. - -- It fixed annex lettering inconsistencies. It also moved CC-BY-3.0 to the end of the spec to keep annex letters more consistent in future versions. Here is the translation between lettering in V2.2.2 and the version that came before it: - -**Table A.1 — SPDX V2.2.2 Organizational Changes** - -| Title | V2.2.1 ([spdx.dev](https://spdx.dev/)) | V2.2.1 (ISO) | V2.2.2 | -| ----- | -------------------------------------- | ------------ | ------ | -| SPDX Lite | Annex H/G* | Annex G | Annex G | -| SPDX File Tags | Annex I/H* | Annex H | Annex H | -| Differences from Earlier SPDX Versions | Annex J/I* | Annex I | Annex I | -| Creative Commons Attribution License 3.0 Unported | Annex G | [omitted] | Annex J [omitted in ISO version] | - -*_This edition featured inconsistent lettering._ - -## A.4 Differences between V2.2.1 and V2.2 - -There were no technical differences; V2.2.1 is V2.2 reformatted for submission to ISO via the PAS process. As a result, new clauses were added causing the previous clause-numbering sequence to change. Also, Annexes went from having Roman numbers to Latin letters. Here is the translation between numbering in V2.2.1 and the version that came before it: - -**Table A.2 — SPDX V2.2.1 Organizational Changes** - -| Title | V2.2 | V2.2.1 ([spdx.dev](https://spdx.dev/)) | V2.2.1 (ISO) | -| ----- | --------- | -------------------------------------- | ------------ | -| Scope | N/A | Clause 1 | Clause 1 | -| Normative references | N/A | Clause 2 | Clause 2 | -| Terms and definitions | N/A | Clause 3 | Clause 3 | -| Conformance | N/A | Clause 4 | Clause 4 | -| Composition of an SPDX document | N/A | Clause 5 | Clause 5 | -| Document Creation Information | Chapter 2 | Clause 6 | Clause 6 | -| Package Information | Chapter 3 | Clause 7 | Clause 7 | -| File Information | Chapter 4 | Clause 8 | Clause 8 | -| Snippet Information | Chapter 5 | Clause 9 | Clause 9 | -| Other Licensing Information Detected | Chapter 6 | Clause 10 | Clause 1 | -| Relationship between SPDX Elements Information | Chapter 7 | Clause 11 | Clause 1 | -| Annotation Information | Chapter 8 | Clause 12 | Clause 1 | -| Review Information (deprecated) | Chapter 9 | Clause 13 | Clause 1 | -| SPDX License List | Appendix I | Annex A | Annex A | -| License Matching Guidelines and Templates | Appendix II | Annex B | Annex B | -| RDF Object Model and Identifier Syntax | Appendix III | Annex C | Annex C | -| SPDX License Expressions | Appendix IV | Annex D | Annex D | -| Using SPDX short identifiers in Source Files | Appendix V | Annex E | Annex E | -| External Repository Identifiers | Appendix VI | Annex F | Annex F | -| Creative Commons Attribution License 3.0 Unported | Appendix VII | Annex G | [omitted] | -| SPDX Lite | Appendix VIII | Annex H/G* | Annex G | -| SPDX File Tags | Appendix IX | Annex I/H* | Annex H | -| Differences from Earlier SPDX Versions | N/A | Annex J/I* | Annex I | - -*_This edition featured inconsistent lettering._ - -## A.5 Differences from V2.2 and V2.1 - -- JSON, YAML, and a development version of XML have been added as supported file formats. - -- A new appendix "SPDX File Tags" has been added to describe a method that developers can use to document other SPDX file-specific information (such as copyright notices, file type, etc.) in a standardized and easily machine-readable manner. See Appendix IX for more information. - -- A new appendix "SPDX Lite" has been added to document a lightweight subset of the SPDX specification for scenarios where a full SPDX document is not required. See Appendix VIII for more information. - -- Additional relationship options have been added to enable expression of different forms of dependencies between SPDX elements. As well, NONE and NOASSERTION keywords are now permitted to be used with relationships to indicate what is unknown. - -- Miscellaneous bug fixes and non-breaking improvements as reported on the mailing list and reported as issues on the spdx-spec GitHub repository. - -## A.6 Differences between V2.1 and V2.0 - -- Snippets have been added to allow a portion of a file to be identified as having different properties from the file it resides in. The use of snippets is completely optional and it is not mandatory for snippets to be identified. See section 5 Snippet Information for further details on the fields available to describe snippets. - -- External Packages can now be referred to in SPDX documents. When there is no SPDX file information available to document the content of these external packages, then the filesAnalyzed attribute on a package should be set to false. See section 3.8 Files Analyzed for more information. - -- Packages are now able to associate with an “External Reference” which allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package. See: section 3.21 External Reference, 3.22 External Reference Comment and Appendix VI: External Repository Identifiers for more information. - -- The “Artifact of Project” fields at the file level are now deprecated, as they can be replaced by a relationship to the more descriptive External Packages. - -- A new appendix “Using SPDX short identifiers in Source Files” has been added to document the best practices to refer to the licenses in the SPDX license list that have emerged from the development community. See Appendix V: Using SPDX short identifiers in Source Files for more information. - -- Miscellaneous bug fixes. - -## A.7 Differences between V2.0 and V1.2 - -- Abstraction has been applied to the underlying model with the inclusion of SPDX elements. With SPDX 2.0, the concept of an SPDX element is introduced (see Appendix III). This includes SPDX documents, SPDX files, and SPDX packages, each of which gets associated with an SPDX identifier which is denoted by “SPDXRef-”. - -- SPDX relationships have been added to allow any SPDX element to have a relationship to other SPDX elements. Documented the origin of an SPDX hierarchy of sub-packages, documenting the origin of an SPDX element, and documenting modifications or corrections (annotations) to an SPDX element. - -- The ability to reference SPDX elements outside the current SPDX document itself (external references). - -- Additional file types are now supported. - -- Additional checksum algorithms are now supported. - -- Review Information section is deprecated. It is recommended to provide document reviews with Annotations (Section 7). - -- A License Expression Syntax has been introduced and documented in Appendix IV. diff --git a/docs/annexes/getting-started.md b/docs/annexes/getting-started.md deleted file mode 100644 index f7e076f008..0000000000 --- a/docs/annexes/getting-started.md +++ /dev/null @@ -1,740 +0,0 @@ -# Annex B: Getting started writing SPDX 3 (Informative) -## (a.k.a My First SPDX File) - -This guide is designed to walk you through the concepts behind an SPDX -document, by walking through writing one by hand. While it is possible to write -all your SPDX documents by hand, we would recommend looking at the various -language bindings that are available for crafting more complex documents. -Nevertheless, walking through an example of a hand written document can be -instructive into how SPDX documents work to better understand concepts that are -at play, even when using language bindings. - -All of the provided fragments listed here are intended to be used to construct -a complete a valid SPDX JSON document when concatenated together - -If you do would like to construct the complete example from this Markdown file, -use the following command: - -```shell -cat getting-started.md | awk 'BEGIN{flag=0} /^```json/, $0=="```" { if (/^---$/){flag++} else if ($0 !~ /^```.*/ ) print $0 > "doc-" flag ".spdx.json"}' -``` - -Please note that all descriptions of properties, classes, etc. are -non-normative; that is they are intended to help you understand what is going -on in simpler language, but are not necessarily complete. Links to the full -official documentation are provided where possible. - -## The Preamble - -All documents need to start somewhere, and SPDX documents are no exception. - -The root of all SPDX documents will be a JSON object, so start with that: -```json -{ -``` - -Next, we need to identify that the document is an SPDX 3 JSON-LD document, which is done with: -```json - "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", -``` -SPDX documents are designed to be a strict subset of [JSON-LD][1], such that -they can be parsed using either a full JSON-LD parser if you need the full -power of [linked documents][2] or [RDF][3], or a much simpler JSON parser if -all you care about is extracting meaningful SPDX data from the document. - -Because the document is valid JSON-LD, the `@context` must be provided to tell -the JSON-LD parser how to expand the human readable names in the document into -full IRIs (don't worry if you don't know what that means, it's not really that -important). You can think of this line as telling us "This is an SPDX document, -and this provided URL tells us how to decode it". The [SPDX JSON -Schema][spdxjsonschema] will force you to put the correct value here when -validating a document. - - -Now, we need to specify the list of objects that we want to create in this -document. JSON-LD has a special way of specifying this list using the `@graph` -property of the root object like so: -```json - "@graph": [ -``` - - -## Tell us about yourself - -Our first SPDX object is going to be a [Person][Class_Person] that tells us who -is writing this document (you!), so lets get started with it: - -```json - { - "type": "Person", -``` - -This is the basic format for any object in SPDX; all objects have one required -property named `type` that tells us what this object actually is, so here we -say this is a [Person][Class_Person]. - -Next, we need to name our object: -```json - - "spdxId": "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9", -``` - -Most objects can have some sort of "ID" property that gives it a name. In the -case of [Person][Class_Person], that property is called `spdxId` (inherited -from [Element][Class_Element]). This property is the URI that should give this -object a universally unique name. Although this property _looks_ like a HTTP -URL, it is in fact not. Technically speaking, a URL defined a _Location_, where -as a URI defines an _Identifier_ (i.e. the name by which something is known). -In all likelihood, a URI is not a resolvable location from whence you can do an -HTTP `GET` to retrieve data, but rather just a way of constructing a namespaced -identifier. This identifier can be used within this document to refer to this -object (more on that later), or it can be referenced from other documents to -refer to this _specific_ object (although in that case there needs to be -additional information to describe how to find this document). URI's are -considered to be universally unique, so any objects constructed with this URI -are considered to be the same object, and any references to this URI is a -reference to this _specific_ object we are creating. - -If you work for a company, own a domain, etc. it is encouraged to use that (or -some subdomain of it) in place of `spdx.org/spdxdocs`. - -In practice, many `spdxId` values will have some sort of hash or random -UUID-like string incorporated to make them unique. - -Moving on from this, we have: -```json - "creationInfo": "_:creationinfo", -``` - -All SPDX objects derived from [Element][Class_Element] _must_ specify how they -were created by _linking_ to a [CreationInfo][Class_CreationInfo] object. It is -important to know the providence of where objects come from; but more on this -later. - -```json - "name": "Joshua Watt", -``` - -The optional [name][Property_name] property is inherited from the `Element` -class, and means "the common name for the thing", or in this case, your name. - -As our last step, we want to indicate another way by which You are known to the -world; specifically your E-mail address. - -To do this we first need to use the (optional) -[externalIdentifier][Property_externalIdentifier] property which -[Person][Class_Person] inherits from [Element][Class_Element]: - -```json - "externalIdentifier": [ -``` - -This property is an array of [ExternalIdentifier][Class_ExternalIdentifier] -objects, so start by adding one to the array: - -```json - { - "type": "ExternalIdentifier", -``` - -Again notice this uses the `type` property to identify what the object is. -However it should be noted that this is our first object that is not derived -from [Element][Class_Element], and therefore it does not need a `spdxId` -property. - -Next, lets add the relevant information about your email address: - -```json - "externalIdentifierType": "email", - "identifier": "JPEWhacker@gmail.com" -``` - -Two properties are used here. First, -[externalIdentifierType][Property_externalIdentifierType] is used to indicate -what type of external identifier this is. There are many choices, but in the -case we are specifying your email address, so we choose the value `email`. The -second property is the [indentifier][Property_identifier] property which is the -actual string identifier (in this case, your email address). - - -We are now done with our [Person][Class_Person], so close it all out and -prepare for the next object: - -```json - } - ] - }, -``` - - -## Where did all this stuff come from? - -Our next object is going to be a [CreationInfo][Class_CreationInfo] object. It -is required to provide one for every SPDX document, as all objects derived from -[Element][Class_Element] must link to one in their -[creationInfo][Property_creationInfo] property to indicate where they came -from. - -Note that the [CreationInfo][Class_CreationInfo] describes where a SPDX -[Element][Class_Element] itself came from (that is, who wrote the actual JSON). -This is a distinct concept from describing where the thing an -[Element][Class_Element] _describes_ comes from, which is covered later. - -Lets get started: -```json - { - "type": "CreationInfo", -``` -Hopefully this is making sense. We are saying this object is a -[CreationInfo][Class_CreationInfo]. - -```json - "@id": "_:creationinfo", -``` - -This object also has an `@id` similar to the `spdxId` of our person, but it is -subtly different First of all, this one is _not_ a URI like our -[Person][Class_Person], but instead starts with a `_:`. This type of identifier -is known as a _blank node_. Blank nodes serve a similar purpose to the URI of -the `spdxId`, however they _only_ have scope within this SPDX document. What -this means is that it be impossible to reference this -[CreationInfo][Class_CreationInfo] by name outside of this document. Inside the -document, you can use this identifier to refer to this object. The string after -the `_:` is arbitrary and you may choose whatever unique (within the document) -string that you choose. - -It should be noted that [CreationInfo][Class_CreationInfo] does _not_ derive -from [Element][Class_Element] class (like our previous example of -[ExternalIdentifier][Class_ExternalIdentifier]), and as such the `@id` property -is technically optional. However, since we will need to refer to this object at -other places in the document, we must give it an identifier. This also means -that this object does not have a mandatory -[creationInfo][Property_creationInfo] property (which makes sense since it -would be a circular reference). Finally, [CreationInfo][Class_CreationInfo] is -_only_ allowed to have a blank node identifier. - -If you look back at the [Person][Class_Person] we just created, you'll notice -that its [creationInfo][Property_creationInfo] property has the string value -that matches the `@id` of this object; this is how objects are linked together -by reference in SPDX. - -Next, we need to specify which version of the SPDX spec that elements linking -to this [CreationInfo][Class_CreationInfo] are conforming to: - -```json - "specVersion": "3.0.0", -``` - -Now, we need to use the [createdBy][Property_createdBy] property to indicated -who (or what) created the elements that are linked to this -[CreationInfo][Class_CreationInfo]: - -```json - "createdBy": [ - "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" - ], -``` - -This property is a list of reference to any class that derives from -[Agent][Class_Agent]. Since you are the person writing the document, put a -single list item that is the `spdxId` of your [Person][Class_Person] element -here to link them together. Note that even though this is using a full URI -instead of a blank node, this is linking in the same way as -[creationInfo][Property_creationInfo] described above. - -Also, it is worth noting that this does indeed create a circular reference -between our [Person][Class_Person].[creationInfo][Property_creationInfo] -property and [CreationInfo][Class_CreationInfo].[createdBy][Property_createdBy] -property. This is fine in SPDX, as objects are not required to be a Directed -Acyclical Graph (DAG). - - -Finally, we need to specify the date that any objects linking to this -[CreationInfo][Class_CreationInfo] were created using the -[created][Property_created] property and close out the object: - -```json - "created": "2024-03-06T00:00:00Z" - }, -``` - -Use today's date and time in [ISO 8601][4] with the format: -`"%Y-%m-%dT%H:%M:%SZ"`. The timezone should always be UTC. - - -## Describing the Document - -SPDX requires that information about the document itself be provided. In order -to do this, we must create a [SpdxDocument][Class_SpdxDocument] object, so lets -do that now: - -```json - { - "type": "SpdxDocument", - "spdxId": "https://spdx.org/spdxdocs/Document1-d078aed9-384d-4a64-87cb-99c79647c8c9", - "creationInfo": "_:creationinfo", -``` - -[SpdxDocument][Class_SpdxDocument] derives from [Element][Class_Element], so it -has 3 required properties, `type`, `spdxId` and -[creationInfo][Property_creationInfo]. We've seen all of these properties -before in [Person][Class_Person], so hopefully this getting more familiar. Note -that we again link back out our previous [CreationInfo][Class_CreationInfo] -object. - -Next, we need to indicate which [Profiles][SPDX_Profile] our document uses -using the [profileConformance][Property_profileConformance] property. This can -be used by consumers of the document to quickly determine if the information -they want is in the document (for example, if a user wants to find CVE data, -but the `security` profile is not present, there is no reason to continue -looking in this document). - -```json - "profileConformance": [ - "core", - "software" - ], -``` - -In this case, we are saying this document conforms to the `core` profile (all -SPDX documents should include this), and the `software` profile, since we will -be describing some software later. - -The final property we need to define is [rootElement][Property_rootElement]. -This property is a list of [Element][Class_Element] (or any subclass of -Element) references. Add this now and close our our -[SpdxDocument][Class_SpdxDocument]: - -```json - "rootElement": [ - "https://spdx.org/spdxdocs/BOM-e2e955f5-c50e-4a3a-8c69-db152f0f4615" - ] - }, -``` - -The purpose of this property is to indicate the "interesting" element(s) in the -document. Since a document can contain a large number of elements, it might be -difficult for a consumer of the document to know what the focus of the document -is. This property clarifies that by suggesting which element(s) a user should -look at to start navigating. While it is possible to have more than one root -element, it is rare to need more than one. - -Careful readers of the [SpdxDocument][Class_SpdxDocument] documentation will -note that we have omitted the [element][Property_element] (derived from the -[ElementCollection][Class_ElementCollection] parent class). Technically -speaking, the property _should_ link to all the elements that are in the -document using this property. However because this would be error prone, it is -implied that all [Element][Class_Element] objects present in the `@graph` (that -is, all the objects we are writing) are implicitly added to the -[element][Property_element] property. - -## A Complete Document! - -At this point, we have a completed SPDX document (albeit, one that has an -unresolved references in -[SpdxDocument][Class_SpdxDocument].[rootElement][Property_rootElement]). This -is a fully valid document because it has the SPDX 3.0 preamble, and the -required [SpdxDocument][Class_SpdxDocument] object, which in turn requires a -valid [CreationInfo][Class_CreationInfo], which we've provided. Finally, the -[CreationInfo][Class_CreationInfo] requires an [Agent][Class_Agent] to describe -who or what created the Elements in the document, which we've provided by -writing a [Person][Class_Person] object which describes you. - -While this is the minimal example, it may feel long. However, as we continue in -the document it should become more apparent how reuse of these 3 objects -(particularly the [CreationInfo][Class_CreationInfo]) helps _reduce_ total -document size while still conveying precise information. In addition, there are -other options to make a more compact document that are not covered yet, such as -referring to a external [Agent][Class_Agent] instead of encoding it in the -document. - -## Lets Add Some Software! - -Now that we have the basic valid document, its time to start adding some -interesting data to it. Lets start with a fictitious software package called -`amazing-widget` which we distribute as a tarball for users to download and run. - -To start with, we need to define a [software_Package][Class_software_Package] -object the defines how our software is distributed. In this case, the -[software_Package][Class_software_Package] will be describing a tarball which -someone can download, but it can be almost any unit of content that can be used -to distribute software (either as binaries or source). See the documentation -for more details. - -Lets define our package: -```json - { - "type": "software_Package", - "spdxId": "https://spdx.org/spdxdocs/Package-d1db6e61-aebe-4b13-ae73-d0f66018dbe0", - "creationInfo": "_:creationinfo", -``` -This should be familiar by now. Note the reuse of our previous -[CreationInfo][Class_CreationInfo]. - -Also note that this is our first element that is outside of the `Core` profile -in SPDX. In this specific case, the class is defined in the `Software` profile, -and as such is prefixed with `software_`. Any classes and properties that are -defined in a profile other than `Core` will be prefixed with the lower case -profile name + `_` to disambiguate them from classes and properties with the -same name in other profiles. - -Again, we can use [Element][Class_Element].[name][Property_name] to give the -common name for our package: - -```json - "name": "amazing-widget", -``` - -Importantly, even though this is a class defined in the `Software` profile, -[name][Property_name] is defined in core so it _does not_ get prefixed. When -writing objects, pay attention to which profile the _property_ is defined in, -as that sets the prefix (the documentation should make it clear what the -serialized name of a property is if you are unsure *TODO: It does not yet*). - -Next, we will define what version the `amazing-widget` package is using -[software_packageVersion][Property_software_packageVersion], and where the user -could download this package from using -[software_downloadLocation][Property_software_downloadLocation] (both are -optional): - -```json - "software_packageVersion": "1.0", - "software_downloadLocation": "http://dl.example.com/amazing-widget_1.0.0.tar", -``` - -These are our first two examples of properties not defined in the `Core` -profile, and as such they get the `software_` prefix. - - -Now, we should define when this software was packaged using the (optional) -[builtTime][Property_builtTime] property, so that downstream users can tell how -old it is: - -```json - "builtTime": "2024-03-06T00:00:00Z", -``` - -Note that we are back in the `Core` profile properties here (specifically, -[builtTime][Property_builtTime] is a property of [Artifact][Class_Artifact] in -`Core`) - - -Next, we want to indicate who actually made the package we are describing. This -is done using the (optional) [originatedBy][Property_originatedBy] array -property: - -```json - "originatedBy": [ - "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" - ], -``` - -In this example, you can put a single element that references your -[Person][Class_Person] `spdxId` here to indicate that _you_ actually made the -package. Note that while we are using the same `spdxId` as we used in the -[CreationInfo][Class_CreationInfo], this is not required. -[originatedBy][Property_originatedBy] is the property that we used to describe -who made the actual package being described by the -[software_Package][Class_software_Package] and not the JSON object itself. - -Finally, we would like to inform consumers of our SPDX how they can validate -the package to ensure its contents have not changed, or to check if a file that -they have is the same one being described by this document. This is done using -the [verifiedUsing][Property_verifiedUsing] property, which is an array of -[IntegrityMethod][Class_IntegrityMethod] objects (or subclasses). - -```json - "verifiedUsing": [ - { - "type": "Hash", - "algorithm": "sha256", - "hashValue": "f3f60ce8615d1cfb3f6d7d149699ab53170ce0b8f24f841fb616faa50151082d" - } - ] - }, -``` - -Specifically, we are using the [Hash][Class_Hash] subclass of integrity method to -indicate that the SHA-256 checksum of the package file is -`f3f60ce8615d1cfb3f6d7d149699ab53170ce0b8f24f841fb616faa50151082d` - - -## Whats in our Package? - -Describing that we have a distributed package is a great start, but we are able -to go further (although this is not mandatory!). Our next object is going to -describe all the files contained in our -[software_Package][Class_software_Package] by using -[software_File][Class_software_File]. - -Lets get started with our first file, the program executable: - -```json - { - "type": "software_File", - "spdxId": "https://spdx.org/spdxdocs/File-8f79956e-4089-4166-9a71-457de77e4846", - "creationInfo": "_:creationinfo", - "name": "/usr/bin/amazing-widget", - "verifiedUsing": [ - { - "type": "Hash", - "algorithm": "sha256", - "hashValue": "ee4f96ed470ea288be281407dacb380fd355886dbd52c8c684dfec3a90e78f45" - } - ], - "builtTime": "2024-03-05T00:00:00Z", - "originatedBy": [ - "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" - ], -``` - -We've seen all this before, so hopefully it all makes sense. - -While it's great to have a file, it's not easy to tell what purpose this file -serves. We might be able to infer that its an executable program from the -[name][Property_name], but SPDX provides the ability for us to directly specify -this using the (optional) -[software_primaryPurpose][Property_software_primaryPurpose] and -[software_additionalPurpose][Property_software_additionalPurpose] properties -(derived from [sofware_Artifact][Class_software_Artifact]): - -```json - "software_primaryPurpose": "executable", - "software_additionalPurpose": [ - "application" - ], -``` - -A [software_Artifact][Class_software_Artifact] can have as many purposes a you -want to describe, but there should always be a -[software_primaryPurpose][Property_software_primaryPurpose] property defined -before any [software_additionalPurpose][Property_software_additionalPurpose] -are added. - -Finally, as one last bit of information, we'll say what the copyright text of -the program is using the (optional) -[software_copyrightText][Property_software_copyrightText] property and close -out our file: - -```json - "software_copyrightText": "Copyright 2024, Joshua Watt" - }, -``` - -Lets add one more file for fun. This one will describe a config file for our -program: - -```json - { - "type": "software_File", - "spdxId": "https://spdx.org/spdxdocs/File-77808a5c-7a1b-43d1-9fa9-410a309ca9f3", - "creationInfo": "_:creationinfo", - "name": "/etc/amazing-widget.cfg", - "verifiedUsing": [ - { - "type": "Hash", - "algorithm": "sha256", - "hashValue": "89a2e80bc48c4dd10044c441af0fc6fdad5d31b2fa391cb2cf9c51dbf4200ed9" - } - ], - "builtTime": "2024-03-05T00:00:00Z", - "originatedBy": [ - "http://spdx.org/spdxdocs/Person/JoshuaWatt-141ec767-40f2-4aad-9658-ac2703f3a7d9" - ], - "software_primaryPurpose": "configuration" - }, -``` - -## Linking things together with Relationships - -Now we've described our [software_Package][Class_software_Package], and two -[software_File][Class_software_File]s that should be contained in it, but we -have one small problem: there is nothing that tells us that our files are -actually contained by the package. - -In order to do this, we must introduce the SPDX -[Relationship][Class_Relationship]. These are a very powerful concept in SPDX -that allows linking [Element][Class_Element]s and describing how they are -related. - -[Relationship][Class_Relationship]s themselves are also derived from SPDX -[Element][Class_Element]s, so we need the required three properties to start a -new one: - -```json - { - "type": "Relationship", - "spdxId": "https://spdx.org/spdxdocs/Relationship/contains-6b0b7ce4-a069-406d-9088-9e91f65b79f0", - "creationInfo": "_:creationinfo", -``` - -Next, we need to say what the relationship between our objects is going to be. -We do this using the [relationshipType][Property_relationshipType] property: - -```json - "relationshipType": "contains", -``` - -The full list of what a [Relationship][Class_Relationship] can describe is -defined by the [RelationshipType][Vocab_RelationshipType] vocabulary (a fancy -work for enumeration). There are a lot of possible options, and each one has a -specific meaning and restrictions on what types it can relate, so read the -documentation to find the specific one you need and how to use it. In our case, -we are using `contains` which is defined as "The `from` -[Element][Class_Element] contains each `to` [Element][Class_Element]". Perfect. - -Now, we need to describe what [Element][Class_Element]s are being connected. -[Relationship][Class_Relationship]s always have a directionality associated -with them: you can think of them as an arrow pointing from their -[from][Property_from] property to their [to][Property_to] properties. -[from][Property_from] is always required and must be a single object, whereas -[to][Property_to] is a list of zero or more objects. Lets write the JSON to -express this: - -```json - "from": "https://spdx.org/spdxdocs/Package-d1db6e61-aebe-4b13-ae73-d0f66018dbe0", - "to": [ - "https://spdx.org/spdxdocs/File-8f79956e-4089-4166-9a71-457de77e4846", - "https://spdx.org/spdxdocs/File-77808a5c-7a1b-43d1-9fa9-410a309ca9f3" - ], -``` - -This is the minimum required to define a [Relationship][Class_Relationship], -but we want to add one more property to convey additional information and close -out the object: - -```json - "completeness": "complete" - }, -``` - -The [completeness][Property_completeness] property is very useful as it -indicates if we know that this [Relationship][Class_Relationship] can be -considered to describe all we know about the type of relationship or not. For -example, by stating that this relationship is `complete`, we are saying that -our package contains those 2 files, and _only_ those 2 files. We could have -also stated that the relationship was `incomplete` in which case we are stating -that we know we didn't list all the files, and other are included. -Alternatively, we could have stated that the relationship -[completeness][Property_completeness] was `noAssertion` meaning we don't know -if we captured all the files or not. If this property is omitted, it's assumed -to be `noAssertion`. - -## Wrapping it all up in a BOM - -We've made great progress, and we are _almost_ done. For our final step, we -want to wrap up everything we know about the package into a "Software Bill of -Materials". - -This is done by creating a [software_Sbom][Class_software_Sbom] object: - -```json - { - "type": "software_Sbom", - "spdxId": "https://spdx.org/spdxdocs/BOM-e2e955f5-c50e-4a3a-8c69-db152f0f4615", - "creationInfo": "_:creationinfo", -``` - -Note that this is the object referenced by the [rootElement][Property_rootElement] of -our [SpdxDocument][Class_SpdxDocument], since it is the primary subject of our entire -document. - -[software_Sbom][Class_software_Sbom] derives from -[ElementCollection][Class_ElementCollection] just like -[SpdxDocument][Class_SpdxDocument], so it has the same -[rootElement][Property_rootElement] property. In this case, it is the subject -of the SBOM, which is our [software_Package][Class_software_Package]: - -```json - "rootElement": [ - "https://spdx.org/spdxdocs/Package-d1db6e61-aebe-4b13-ae73-d0f66018dbe0" - ], -``` - -Unlike [SpdxDocument][Class_SpdxDocument] however, there is no implicit value -for the [element][Property_element] property. Instead, we need to list all the -elements that are part of this SBOM (think of this as the line items in the -SBOM). In our specific case, this is the [software_File][Class_software_File]s -that part of our package, but if you had any other elements related to the -package (e.g. licenses, security information, etc.) those would also be -included: - -```json - "element": [ - "https://spdx.org/spdxdocs/File-8f79956e-4089-4166-9a71-457de77e4846", - "https://spdx.org/spdxdocs/File-77808a5c-7a1b-43d1-9fa9-410a309ca9f3" - ], -``` - -Finally, we need to specify what type(s) of BOM this is using the -[software_sbomType][Property_software_sbomType] property: - -```json - "software_sbomType": [ - "build" - ] - } -``` - -This property is effectively indicating at what point in the software lifecycle -this SBOM was generated. Since we are describing an executable program, `build` -seems the most likely. - -## Closing it all up - -Now that we are all done, we have a few things to clean up, namely that we need -to close the `@graph` list and the root object, so lets do that now: - -```json - ] -} -``` - -**Congratulations!** You just wrote your first SPDX document! Hopefully this -walk through has been instructive and you are ready to get started with SPDX! - -[1]: https://json-ld.org/ -[2]: https://en.wikipedia.org/wiki/Linked_data -[3]: https://www.w3.org/RDF/ -[4]: https://en.wikipedia.org/wiki/ISO_8601 -[spdxjsonschema]: https://spdx.org/schema/3.0.0/spdx-json-schema.json -[Class_Agent]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Agent -[Class_Artifact]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Artifact -[Class_CreationInfo]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/CreationInfo -[Class_ElementCollection]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/ElementCollection -[Class_Element]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Element -[Class_ExternalIdentifier]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/ExternalIdentifier -[Class_Hash]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Hash -[Class_IntegrityMethod]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/IntegrityMethod -[Class_Person]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Person -[Class_Relationship]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Relationship -[Class_SpdxDocument]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/SpdxDocument -[Class_software_Artifact]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Artifact -[Class_software_File]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/File -[Class_software_Package]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Package -[Class_software_Sbom]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Sbom -[Property_builtTime]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/builtTime -[Property_completeness]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/completeness -[Property_createdBy]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/createdBy -[Property_created]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/created -[Property_creationInfo]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/creationInfo -[Property_element]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/element -[Property_externalIdentifier]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/externalIdentifier -[Property_externalIdentifierType]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/externalIdentifierType -[Property_from]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/from -[Property_identifier]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/identifier -[Property_name]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/name -[Property_originatedBy]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/originatedBy -[Property_profileConformance]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/profileConformance -[Property_relationshipType]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/relationshipType -[Property_rootElement]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/rootElement -[Property_software_additionalPurpose]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Properties/additionalPurpose -[Property_software_copyrightText]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Properties/copyrightText -[Property_software_downloadLocation]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Properties/downloadLocation -[Property_software_packageVersion]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Properties/packageVersion -[Property_software_primaryPurpose]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Properties/primaryPurpose -[Property_software_sbomType]: https://spdx.github.io/spdx-spec/v3.0/model/Software/Properties/sbomType -[Property_to]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/to -[Property_verifiedUsing]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Properties/verifiedUsing -[SPDX_Profile]: https://spdx.github.io/spdx-spec/v3.0/ -[Vocab_RelationshipType]: https://spdx.github.io/spdx-spec/v3.0/model/Core/Vocabularies/RelationshipType diff --git a/docs/annexes/including-security-information-in-SPDX.md b/docs/annexes/including-security-information-in-SPDX.md deleted file mode 100644 index 95ea0878c3..0000000000 --- a/docs/annexes/including-security-information-in-SPDX.md +++ /dev/null @@ -1,401 +0,0 @@ -# Annex G: Including Security Information in a SPDX document - -The flexibility of SPDX 3.0 allows users to either link SBOMs to external security vulnerability data or to embed security vulnerability information in the SPDX 3.0 data format. For more details about the differences, read ["Capturing Software Vulnerability Data in SPDX 3.0"](https://spdx.dev/capturing-software-vulnerability-data-in-spdx-3-0/). - -## G.1 External References and External Identifiers -SPDX 3.0 has the concept of an [__External Reference__](https://github.com/spdx/spdx-3-model/blob/main/model/Core/Classes/ExternalRef.md) for an Element which points to a general resource outside the scope of the SPDX-3.0 content that provides additional context or information about an Element. - -The specification for External Reference types has many [type options](https://github.com/spdx/spdx-3-model/blob/main/model/Core/Vocabularies/ExternalRefType.md), a large handful of which pertain specifically to security use cases: - -* cwe -* secureSoftwareAttestation -* securityAdvisory -* securityAdversaryModel -* securityFix -* securityOther -* securityPenTestReport -* securityPolicy -* securityThreatModel -* vulnerabilityDisclosureReport -* vulnerabilityExploitabilityAssessment - - -SPDX 3.0 also has the concept of [__External Identifier__](https://github.com/spdx/spdx-3-model/blob/main/model/Core/Classes/ExternalIdentifier.md) which should be used in cases where an identifier scheme exists and is already defined for an Element outside of SPDX-3.0. - -There are several External Identifier [types](https://github.com/spdx/spdx-3-model/blob/main/model/Core/Vocabularies/ExternalIdentifierType.md) that may be used in a security context: - -* cpe22 -* cpe23 -* cve -* packageUrl -* securityOther - - -This section provides usage scenarios of how to leverage the Security External References and External Identifiers specified above to refer to external security information. Examples of how to use each category can be found in the [Security/Classes](https://github.com/spdx/spdx-3-model/tree/main/model/Security/Classes) pages. Multiple instances and types of external security information may be included within a SPDX document. - -## G.1.1 Linking to an Advisory - -To reference a Common Vulnerabilities and Exposures (CVE) advisory applicable to a package, you must first create a [Vulnerability Element](https://github.com/spdx/spdx-3-model/blob/main/model/Security/Classes/Vulnerability.md). You can then use ExternalIdentifiers or ExternalRefs to supplement the CVE with associated external metadata. - -```json -{ - "type": "security_Vulnerability", - "spdxId": "urn:spdx.dev:cve-2020-2849", - "creationInfo": "_:creationInfo", - "summary": "Use of a Broken or Risky Cryptographic Algorithm", - "description": "The npm package `elliptic` before version 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.", - "security_modifiedTime": "2021-03-08T16:06:43Z", - "security_publishedTime": "2021-03-08T16:02:50Z", - "externalIdentifier": [ - { - "type": "ExternalIdentifier", - "externalIdentifierType": "cve", - "identifier": "CVE-2020-2849", - "identifierLocator": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498", - "https://www.cve.org/CVERecord?id=CVE-2020-28498" - ], - "issuingAuthority": "urn:spdx.dev:agent-cve.org" - }, - { - "type": "ExternalIdentifier", - "externalIdentifierType": "securityOther", - "identifier": "GHSA-r9p9-mrjm-926w", - "identifierLocator": ["https://github.com/advisories/GHSA-r9p9-mrjm-926w"] - } - ], - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityAdvisory", - "locator": ["https://nvd.nist.gov/vuln/detail/CVE-2020-28498"] - }, - { - "type": "ExternalRef", - "externalRefType": "securityAdvisory", - "locator": ["https://ubuntu.com/security/CVE-2020-28498"] - }, - { - "type": "ExternalRef", - "externalRefType": "securityOther", - "locator": ["https://github.com/indutny/elliptic/pull/244/commits"] - } - ] -}, -``` - -## G.1.2 Linking to a CSAF Document - -To reference [CSAF](https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html) formatted security information see below for examples. - -### G.1.2.1 Linking to a CSAF VEX -To reference a CSAF VEX document, include an external reference of type `vulnerabilityExploitabilityAssessment` on the Vulnerability Element that encapsulates the CVE described in the CSAF VEX document. - - -```json -{ - "type": "security_Vulnerability", - "spdxId": "urn:spdx.dev:vuln-2", - "creationInfo": "_:creationInfo", - "name": "cve-2021-44228", - "description": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.", - "security_modifiedTime": "2021-03-08T16:02:43Z", - "security_publishedTime": "2021-03-08T16:06:50Z", - "externalIdentifier": [ - { - "type": "ExternalIdentifier", - "externalIdentifierType": "cve", - "identifier": "CVE-2021-44228", - "identifierLocator": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228", - "https://www.cve.org/CVERecord?id=CVE-2021-44228" - ], - "issuingAuthority": "http://spdx.dev/agent-cve.org" - } - ], - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "vulnerabilityExploitabilityAssessment", - "locator": ["https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/examples/csaf/csaf_vex/2022-evd-uc-01-a-001.json"] - } - ] -}, -``` - -### G.1.2.2 Linking to a CSAF Advisory -To reference a CSAF Advisory document, include the document locator as an external reference of type `securityAdvisory` on a Package Element. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:pkg-rh-open-shift", - "creationInfo": "_:creationInfo", - "name": "Red Hat OpenShift Enterprise", - "software_packageVersion": "3.6", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityOther", - "locator": ["https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/examples/csaf/rhsa-2019_1862.json"] - } - ] -}, -``` - - -## G.1.3 Linking to CycloneDX Security Data - -To reference to [CycloneDX](https://cyclonedx.org) formatted security information applicable to a package you need to first create a Package Element. - -Using an External Reference, link the package to the matching component in the CycloneDX BOM. Link to it using its [BOM link](https://cyclonedx.org/capabilities/bomlink/), a URN formed by combining the CycloneDX serial number, version and bom-ref which contains the security information about the package. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:pkg-stack-cors", - "creationInfo": "_:creationInfo", - "name": "stack-cors", - "software_packageVersion": "1.3.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityOther", - "locator": ["https://cyclonedx.org/capabilities/bomlink/17cfc349-c637-4685-856c-81196420c7f5/2#componentRef"] - } - ] -}, -``` - -## G.1.4 Linking to an OSV - -To include a reference to [Open Source Vulnerability](https://github.com/google/osv) (OSV) formatted security information applicable to a package you need to first create a Package Element. Then use an External Reference to link to the OSV advisory. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:pkg-Django", - "creationInfo": "_:creationInfo", - "name": "Django", - "software_packageVersion": "2.2", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityAdvisory", - "locator": ["https://github.com/github/advisory-database/blob/6b9d5bc96a62bb845ee71e4551a214eb1457e2c6/advisories/github-reviewed/2022/04/GHSA-2gwj-7jmv-h26r/GHSA-2gwj-7jmv-h26r.json"] - } - ] -}, -``` - - -## G.1.5 Linking to an OmniBOR (formerly known as GitBOM) - -To identify a Package with an [OmniBOR](https://omnibor.io/) (Universal Bill Of Receipts, formerly known as GitBOM) gitoid, use an External Identifier to add gitoid to the package. - - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:pkg-example", - "creationInfo": "_:creationInfo", - "name": "Example", - "software_packageVersion": "1.2.3", - "externalIdentifier": [ - { - "type": "ExternalIdentifier", - "externalIdentifierType": "gitoid", - "identifier": "gitoid:blob:sha1:bcb99b819dadaebdf2c8f88d92ee9024c45f9df3" - } - ] -}, -``` - -## G.1.6 Linking to a vulnerability disclosure document - -To express a reference to a vulnerability disclosure document for a package, use an External Reference for a Package Element. The example below shows Cisco’s response to Apache log4j vulnerability. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:pkg-apache-log4j", - "creationInfo": "_:creationInfo", - "name": "log4j", - "software_packageVersion": "2.14.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityAdvisory", - "locator": ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"] - } - ] -}, -``` - -To communicate that a package is not vulnerable to a specific vulnerability it is recommended to reference a web page indicating why given vulnerabilities are not applicable using an External Reference on the package. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:example-1", - "creationInfo": "_:creationInfo", - "name": "example", - "software_packageVersion": "1.0.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityAdvisory", - "locator": ["https://example.com/product-x/security-info-not-affected.html"] - } - ] -}, -``` - -To refer to a security disclosure feed, such as the security bulletins from [CERT-EU](https://cert.europa.eu), include an External Reference in the package Element. - - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:example-2", - "creationInfo": "_:creationInfo", - "name": "example", - "software_packageVersion": "2.0.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityAdvisory", - "locator": ["https://cert.europa.eu/cert/Data/newsletter/reviewlatest-SecurityBulletins.xml"] - } - ] -}, -``` - -## G.1.7 Linking to a Code Fix for a Security Issue - -You can include a reference to a code fix for a security issue applicable to a Package or Vulnerability Element. - -Using the Vulnerability Element from example 1.1 above or a Package Element, you would add a code fix External Reference to the Element as follows. In this example, the link points to a specific code revision containing the fix for [CVE-2020-28498](https://nvd.nist.gov/vuln/detail/CVE-2020-28498). - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:example-2", - "creationInfo": "_:creationInfo", - "name": "example", - "software_packageVersion": "2.0.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityFix", - "locator": ["https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"], - "comment": "elliptic before version 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. This patch fixes CVE-2020-28498." - } - ] -}, -``` - -A fix reference may point to a configuration change for example the patch file as one of the fixes for [CVE-2022-26499](https://nvd.nist.gov/vuln/detail/CVE-2022-26499). - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:example-2", - "creationInfo": "_:creationInfo", - "name": "example", - "software_packageVersion": "2.0.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityFix", - "locator": ["https://downloads.digium.com/pub/security/AST-2022-002-16.diff"] - } - ] -}, -``` - -Alternatively, it may also link to a landing page with patches for a variety of products such as Oracle patch information for [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228). - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:example-2", - "creationInfo": "_:creationInfo", - "name": "example", - "software_packageVersion": "2.0.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityFix", - "locator": ["https://www.oracle.com/security-alerts/cpujan2022.html"] - } - ] -}, -``` - - -## G.1.8 Linking to any Security Related Document - -If you want to reference any security information related to a package but cannot or do not wish to specify its kind, use the `securityOther` externalRefType. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:pkg-elliptic", - "creationInfo": "_:creationInfo", - "name": "elliptic", - "software_packageVersion": "6.5.4", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityOther", - "locator": ["https://github.com/christianlundkvist/blog/blob/aa3a69b5e4c06e4435070610c0c4a2b1e8731783/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"], - "comment": "Blog post from author who wrote fix for CVE-2020-28498." - } - ] -}, -``` - -One can also use it to refer to guidance related to a vulnerability such as CISA guidance for Apache Log4j. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:pkg-apache-log4j", - "creationInfo": "_:creationInfo", - "name": "log4j", - "software_packageVersion": "2.14.0", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "securityOther", - "locator": ["https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance"] - } - ] -}, -``` - -## G.1.9 Linking to a Vulnerability Disclosure Report (VDR) - -The National Institute of Standards and Technology (NIST) describes the concept of correlating vulnerability and SBOM information for a software product at the component level in “[Software Security in Supply Chains: Software Bill of Materials (SBOM)](https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1)”. Use the External Reference `vulnerabilityDisclosureReport` type to report on vulnerabilities related to the components contained in a software product’s SBOM. - -This enables a software producer to articulate to software consumers the status of vulnerabilities contained in the software product, by means of reporting vulnerability information at either the SBOM document or component level. - -Providing a link to such data at the time the SBOM is published provides a pointer for where to find this relevant vulnerability information without promulgating vulnerability information inside the SBOM. This is advantageous because the vulnerability information has a short shelf-life (it will change frequently) while the SBOM component data isn’t likely to change if the software has not changed. - -```json -{ - "type": "software_Package", - "spdxId": "urn:spdx.dev:sag-pm", - "creationInfo": "_:creationInfo", - "name": "SAG-PM (TM)", - "software_packageVersion": "1.1.8", - "externalRef": [ - { - "type": "ExternalRef", - "externalRefType": "vulnerabilityDisclosureReport", - "locator": ["https://github.com/rjb4standards/REA-Products/blob/master/SBOM_and_VDRbaseline/sag-pm-118_VDR.json"] - } - ] -}, -``` diff --git a/docs/annexes/license-matching-guidelines-and-templates.md b/docs/annexes/license-matching-guidelines-and-templates.md index 7d8f3ffe88..a8b2bbe706 100644 --- a/docs/annexes/license-matching-guidelines-and-templates.md +++ b/docs/annexes/license-matching-guidelines-and-templates.md @@ -1,44 +1,49 @@ -# Annex C SPDX License List Matching Guidelines and Templates (Informative) +# SPDX License List matching guidelines and templates (Normative) -## C.1 SPDX license list matching guidelines +## SPDX License List matching guidelines The SPDX License List Matching Guidelines provide guidelines to be used for the purposes of matching licenses and license exceptions against those included on the [SPDX License List](https://spdx.org/licenses/). There is no intent here to make a judgment or interpretation, but merely to ensure that when one SPDX user identifies a license as "BSD-3-Clause," for example, it is indeed the same license as what someone else identifies as "BSD-3-Clause" and the same license as what is listed on the SPDX License List. As noted here, some of the matching guidelines are implemented in the XML files of the SPDX License List repository. -## C.2 How these guidelines are applied +## How these guidelines are applied -### C.2.1 Purpose +### Purpose -To ensure consistent results by different SPDX document creators when matching license information that will be included in the License Information in File field. SPDX document creators or tools may match on the license or exception text itself, the official license header, or the SPDX License List short identifier. +To ensure consistent results by different SPDX document creators when matching +license information that will be included in SPDX data. +SPDX document creators or tools may match on the license or exception text +itself, the official license header, or the SPDX License List short identifier. -### C.2.2 Guideline: official license headers +### Guideline: official license headers -The matching guidelines apply to license and exception text, as well as official license headers. Official license headers are defined by the SPDX License List as specific text specified within the license itself to be put in the header of files. (see [explanation of SPDX License List fields](https://github.com/spdx/license-list-XML/blob/master/DOCS/license-fields.md) for more info). +The matching guidelines apply to license and exception text, as well as official license headers. +Official license headers are defined by the SPDX License List as specific text specified within the license itself to be put in the header of files. +(see [explanation of SPDX License List fields](https://github.com/spdx/license-list-XML/blob/v3.25.0/DOCS/license-fields.md) for more info). The following XML tag is used to implement this guideline: `` -## C.3 Substantive text +## Substantive text -### C.3.1 Purpose +### Purpose To ensure that when matching licenses and exceptions to the SPDX License List, there is an appropriate balance between matching against the substantive text and disregarding parts of the text that do not alter the substantive text or legal meaning. Further guidelines of what can be disregarded or considered replaceable for purposes of matching are listed below here and in the subsequent specific guidelines. A conservative approach is taken in regard to rules relating to disregarded or replaceable text. -### C.3.2 Guideline: verbatim text +### Guideline: verbatim text License and exception text should be the same verbatim text (except for the guidelines stated here). The text should be in the same order, e.g., differently ordered paragraphs would not be considered a match. -### C.3.3 Guideline: no additional text +### Guideline: no additional text Matched text should only include that found in the vetted license or exception text. Where a license or exception found includes additional text or clauses, this should not be considered a match. -### C.3.4 Guideline: replaceable text +### Guideline: replaceable text Some licenses include text that refers to the specific copyright holder or author, yet the rest of the license is exactly the same. The intent here is to avoid the inclusion of a specific name in one part of the license resulting in a non-match where the license is otherwise an exact match to the legally substantive terms (e.g., the third clause and disclaimer in the BSD licenses, or the third, fourth, and fifth clauses of Apache-1.1). In these cases, there should be a positive license match. The text indicated as such can be replaced with similar values (e.g., a different name or generic term; different date) and still be considered a positive match. -This rule also applies to text-matching in official license headers -(see [Guideline: official license headers](#C.2.2)). +This rule also applies to text-matching in official license headers, +see [Guideline: official license headers](#guideline-official-license-headers). The following XML tag is used to implement this guideline. `` with 2 attributes: @@ -48,11 +53,11 @@ The following XML tag is used to implement this guideline. `` with 2 attrib The original text is enclosed within the beginning and ending alt tags. For example: -`Copyright Linux Foundation` +`Copyright The Linux Foundation` The original replaceable text appears on the SPDX License List webpage in red text. -### C.3.5 Guideline: omittable text +### Guideline: omittable text Some licenses have text that can simply be ignored. The intent here is to avoid the inclusion of certain text that is superfluous or irrelevant in regards to the substantive license text resulting in a non-match where the license is otherwise an exact match (e.g., directions on how to apply the license or other similar exhibits). In these cases, there should be a positive license match. @@ -65,78 +70,78 @@ For example: Omittable text appears on the SPDX License List webpage in blue text. -## C.4 Whitespace +## Whitespace -### C.4.1 Purpose +### Purpose To avoid the possibility of a non-match due to different spacing of words, line breaks, or paragraphs. -### C.4.2 Guideline +### Guideline All whitespace should be treated as a single blank space. XML files do not require specific markup to implement this guideline. -## C.5 Capitalization +## Capitalization -### C.5.1 Purpose +### Purpose To avoid the possibility of a non-match due to lowercase or uppercase letters in otherwise the same words. -### C.5.2 Guideline +### Guideline All uppercase and lowercase letters should be treated as lowercase letters. XML files do not require specific markup to implement this guideline. -## C.6 Punctuation +## Punctuation -### C.6.1 Purpose +### Purpose Because punctuation can change the meaning of a sentence, punctuation needs to be included in the matching process. XML files do not require specific markup to implement this guideline, unless to indicate an exception to the guideline. -### C.6.2 Guideline: punctuation +### Guideline: punctuation Punctuation should be matched, unless otherwise stated in these guidelines or unless specific markup is added. -### C.6.3 Guideline: hyphens, dashes +### Guideline: hyphens, dashes Any hyphen, dash, en dash, em dash, or other variation should be considered equivalent. -### C.6.4 Guideline: Quotes +### Guideline: Quotes Any variation of quotations (single, double, curly, etc.) should be considered equivalent. -## C.7 Code Comment Indicators or Separators +## Code Comment Indicators or Separators -### C.7.1 Purpose +### Purpose To avoid the possibility of a non-match due to the existence or absence of code comment indicators placed within the license text, e.g., at the start of each line of text, or repetitive characters to establish a separation of text, e.g., `---`, `===`, `___`, or `***`. -### C.7.2 Guideline +### Guideline Any kind of code comment indicator or prefix which occurs at the beginning of each line in a matchable section should be ignored for matching purposes. XML files do not require specific markup to implement this guideline. -### C.7.3 Guideline +### Guideline A non-letter character repeated 3 or more times to establish a visual separation should be ignored for matching purposes. XML files do not require specific markup to implement this guideline. -## C.8 Bullets and numbering +## Bullets and numbering -### C.8.1 Purpose +### Purpose To avoid the possibility of a non-match due to the otherwise same license using bullets instead of numbers, number instead of letter, or no bullets instead of bullet, etc., for a list of clauses. -### C.8.2 Guideline +### Guideline Where a line starts with a bullet, number, letter, or some form of a list item (determined where list item is followed by a space, then the text of the sentence), ignore the list item for matching purposes. @@ -144,13 +149,13 @@ The following XML tag is used to implement this guideline: `` For example: `1.0` -## C.9 Varietal word spelling +## Varietal word spelling -### C.9.1 Purpose +### Purpose English uses different spelling for some words. By identifying the spelling variations for words found or likely to be found in licenses, we avoid the possibility of a non-match due to the same word being spelled differently. This list is not meant to be an exhaustive list of all spelling variations, but meant to capture the words most likely to be found in open source software licenses. -### C.9.2 Guideline +### Guideline The words in each line of the text file available at the [equivalent words list](https://spdx.org/licenses/equivalentwords.txt) @@ -158,41 +163,41 @@ are considered equivalent and interchangeable. XML files do not require specific markup to implement this guideline. -## C.10 Copyright symbol +## Copyright symbol -### C.10.1 Purpose +### Purpose By having a rule regarding the use of "©", "(c)", or "copyright", we avoid the possibility of a mismatch based on these variations. -### C.10.2 Guideline +### Guideline "©", "(c)", or "Copyright" should be considered equivalent and interchangeable. XML files do not require specific markup to implement this guideline. The copyright symbol is part of the copyright notice, -see implementation of that guideline in [Copyright notice](#C.11). +see implementation of that guideline in [Copyright notice](#copyright-notice). -## C.11 Copyright notice +## Copyright notice -### C.11.1 Purpose +### Purpose To avoid a license mismatch merely because the copyright notice (usually found above the actual license or exception text) is different. The copyright notice is important information to be recorded elsewhere in the SPDX document, but for the purposes of matching a license to the SPDX License List, it should be ignored because it is not part of the substantive license text. -### C.11.2 Guideline +### Guideline Ignore copyright notices. A copyright notice consists of the following elements, for example: "2012 Copyright, John Doe. All rights reserved." or "(c) 2012 John Doe." The following XML tag is used to implement this guideline: `` -For example: `Copyright 2022 Linux Foundation` +For example: `Copyright 2022 The Linux Foundation` -## C.12 License name or title +## License name or title -### C.12.1 Purpose +### Purpose To avoid a license mismatch merely because the name or title of the license is different than how the license is usually referred to or different than the SPDX full name. This also avoids a mismatch if the title or name of the license is simply not included. -### C.12.2 Guideline +### Guideline Ignore the license name or title for matching purposes, so long as what ignored is the title only and there is no additional substantive text added here. @@ -200,43 +205,50 @@ The following XML tag is used to implement this guideline: `` For example: `Attribution Assurance License` -## C.13 Extraneous text at the end of a license +## Extraneous text at the end of a license -### C.13.1 Purpose +### Purpose To avoid a license mismatch merely because extraneous text that appears at the end of the terms of a license is different or missing. This also avoids a mismatch if the extraneous text merely serves as a license notice example and includes a specific copyright holder's name. -### C.13.2 Guideline +### Guideline Ignore any text that occurs after the obvious end of the license and does not include substantive text of the license, for example: text that occurs after a statement such as, "END OF TERMS AND CONDITIONS," or an exhibit or appendix that includes an example or instructions on to how to apply the license to your code. Do not apply this guideline or ignore text that is comprised of additional license terms (e.g., permitted additional terms under GPL-3.0, section 7). To implement this guideline, use the `` XML element tag as described -in [Guideline: omittable text](#C.3.5). +in [Guideline: omittable text](#guideline-omittable-text). -## C.14 HTTP Protocol +## HTTP protocol -### C.14.1 Purpose +### Purpose -To avoid a license mismatch due to a difference in a hyperlink protocol (e.g. http vs. https). +To avoid a license mismatch due to a difference in a hyperlink protocol (e.g. HTTP vs. HTTPS). -### C.14.2 Guideline +### Guideline -HTTP:// and HTTPS:// should be considered equivalent. +`http://` and `https://` should be considered equivalent. XML files do not require specific markup to implement this guideline. -## C.15 SPDX License list +## SPDX License List -### C.15.1 Template access +### Template access -The license XML can be accessed in the license-list-data repository under the license-list-XML directory. Although the license list XML files can also be found in the [license-list-XML](https://github.com/spdx/license-list-XML) repository, users are encouraged to use the published versions in the [license-list-data](https://github.com/spdx/license-list-data) repository. The license-list-data repository is tagged by release. Only tagged released versions of the license list are considered stable. +The license XML can be accessed in the license-list-data repository under the +license-list-XML directory. Although the license list XML files can also be +found in the +[license-list-XML](https://github.com/spdx/license-list-XML) repository, +users are encouraged to use the published versions in the +[license-list-data](https://github.com/spdx/license-list-data) repository. +The license-list-data repository is tagged by release. +Only tagged released versions of the license list are considered stable. -### C.15.2 License List XML format +### License List XML format A full schema for the License List XML can be found at -[SPDX License List XML Schema](https://github.com/spdx/license-list-XML/blob/master/schema/ListedLicense.xsd). +[SPDX License List XML Schema](https://github.com/spdx/license-list-XML/blob/v3.25.0/schema/ListedLicense.xsd). -### C.15.3 Legacy Text Template format +### Legacy Text Template format Prior to the XML format, a text template was used to express variable and optional text in licenses. @@ -254,7 +266,7 @@ Rule fields begin with a case sensitive tag followed by an equal sign `=`. Rule fields: - **type:** indicates whether the text is replaceable or omittable as per - [Substantive text guidelines](#C.3). + [Substantive text guidelines](#substantive-text). - Indicated by `<>` or - Indicated by `<>` and `<>` respectively. - This field is the first field and is required. diff --git a/docs/annexes/pkg-url-specification.md b/docs/annexes/pkg-url-specification.md index cfd13da3df..b478247bb1 100644 --- a/docs/annexes/pkg-url-specification.md +++ b/docs/annexes/pkg-url-specification.md @@ -1,6 +1,6 @@ -# Annex E: Package URL specification v1 (Normative) +# Package URL specification v1 (Normative) -## E.1 Introduction +## Introduction The Package URL core specification defines a versioned and formalized format, syntax, and rules used to represent and validate package URLs. @@ -17,7 +17,7 @@ Such a package URL is useful to reliably reference the same software package using a simple and expressive syntax and conventions based on familiar URLs. -## E.2 Syntax definition +## Syntax definition _purl_ stands for **package URL**. @@ -41,7 +41,7 @@ Components are designed such that they form a hierarchy from the most significant on the left to the least significant components on the right. A _purl_ is a valid URL and URI that conforms to the URL definitions -and specifications in RFC 3986 . +and specifications in RFC 3986 . A _purl_ must not contain a URL Authority i.e. there is no support for username, password, host and port components. @@ -55,12 +55,12 @@ The _purl_ components are mapped to the following URL components: - _purl_ qualifiers: this maps to a URL query - _purl_ subpath: this is a URL fragment -## E.3 Character encoding +## Character encoding For clarity and simplicity a _purl_ is always an ASCII string. To ensure that there is no ambiguity when parsing a _purl_, separator characters and non-ASCII characters must be encoded in UTF-8, -and then percent-encoded as defined in RFC 3986 . +and then percent-encoded as defined in RFC 3986 . Use these rules for percent-encoding and decoding _purl_ components: @@ -80,7 +80,7 @@ must always percent-decode and percent-encode components and component segments as explained in the "How to produce and consume _purl_ data" section. -## E.4 Rules for each component +## Rules for each component A _purl_ string is an ASCII URL string composed of seven components. @@ -90,7 +90,7 @@ defined in the "Character encoding" section. The rules for each component are: -### E.4.1 Rules for scheme +### Rules for scheme - The scheme is a constant with the value "`pkg`" - Since a _purl_ never contains a URL Authority, its scheme must not be suffixed with double slash as in `pkg://` and should use instead `pkg:`. @@ -99,7 +99,7 @@ The rules for each component are: - The scheme is followed by a ':' separator. - For example, the two purls `pkg:gem/ruby-advisory-db-check@0.12.4` and `pkg://gem/ruby-advisory-db-check@0.12.4` are strictly equivalent. The first is in canonical form while the second is an acceptable _purl_ but is an invalid URI/URL per RFC3986. -### E.4.2 Rules for type +### Rules for type - The package type is composed only of ASCII letters and numbers, `.`, `+` and `-` (period, plus, and dash). - The type cannot start with a number. @@ -107,7 +107,7 @@ The rules for each component are: - The type must not be percent-encoded. - The type is case insensitive, with the canonical form being lowercase. -### E.4.3 Rules for namespace +### Rules for namespace - The optional namespace contains zero or more segments, separated by slash `/`. - Leading and trailing slashes `/` are not significant and should be stripped in the canonical form. They are not part of the namespace. @@ -115,20 +115,20 @@ The rules for each component are: - When percent-decoded, a segment must not contain a slash `/` and must not be empty. - A URL host or Authority must NOT be used as a namespace. Use instead a `repository_url` qualifier. Note however that for some types, the namespace may look like a host. -### E.4.4 Rules for name +### Rules for name - The name is prefixed by a slash `/` separator when the namespace is not empty. - This slash `/` is not part of the name. - A name must be a percent-encoded string. -### E.4.5 Rules for version +### Rules for version - The version is prefixed by a at-sign `@` separator when not empty. - This at-sign `@` is not part of the version. - A version must be a percent-encoded string. -- A version is a plain and opaque string. Some package types use versioning conventions such as semver for NPMs or nevra conventions for RPMS. A type may define a procedure to compare and sort versions, but there is no reliable and uniform way to do such comparison consistently. +- A version is a plain and opaque string. Some package types use versioning conventions such as SemVer for NPMs or NEVRA conventions for RPMS. A type may define a procedure to compare and sort versions, but there is no reliable and uniform way to do such comparison consistently. -### E.4.6 Rules for qualifiers +### Rules for qualifiers - The qualifiers string is prefixed by a `?` separator when not empty. - This `?` is not part of the qualifiers. @@ -144,7 +144,7 @@ The rules for each component are: - A value must be a percent-encoded string. - The `=` separator is neither part of the key nor of the value. -### E.4.7 Rules for subpath +### Rules for subpath - The subpath string is prefixed by a `#` separator when not empty. - This `#` is not part of the subpath. @@ -154,7 +154,7 @@ The rules for each component are: - When percent-decoded, a segment must not contain a `/`, must not be any of `..` or `.`, and must not be empty. - The subpath must be interpreted as relative to the root of the package. -## E.5 Known types +## Known types There are several known _purl_ package type definitions. The current list of known types is: @@ -194,9 +194,9 @@ The current list of known types is: The list, with definitions for each type, is maintained in the file named `PURL-TYPES.rst` in the online repository -https://github.com/package-url/purl-spec. +. -## E.6 Known qualifiers key/value pairs +## Known qualifiers key/value pairs Qualifiers should be limited to the bare minimum for proper package identification, @@ -216,12 +216,12 @@ The following keys are valid for use in all package types: Each item in the list is in form of algorithm:hex\_value (all lowercase), such as `sha1:ad9503c3e994a4f611a4892f2e67ac82df727086`. -## E.7 How to produce and consume _purl_ data +## How to produce and consume _purl_ data The following provides rules to be followed when building or deconstructing _purl_ instances. -### E.7.1 How to build _purl_ string from its components +### How to build _purl_ string from its components Building a _purl_ ASCII string works from left to right, from type to subpath. @@ -275,7 +275,7 @@ To build a _purl_ string from its components: 1. Join the segments with `/` 1. Append this string to the _purl_ -### E.7.2 How to parse a _purl_ string to its components +### How to parse a _purl_ string to its components Parsing a _purl_ ASCII string into its components works by splitting the string on different characters. @@ -333,7 +333,7 @@ To parse a _purl_ string in its components: 1. Join segments with `/`. 1. This is the namespace. -## E.8 Examples +## Examples The following list includes some valid _purl_ examples: @@ -348,10 +348,10 @@ The following list includes some valid _purl_ examples: - `pkg:pypi/django@1.11.1` - `pkg:rpm/fedora/curl@7.50.3-1.fc25?arch=i386&distro=fedora-25` -## E.9 Original license +## Original license This specification is based on the texts published -in the https://github.com/package-url/purl-spec online repository. +in the online repository. The original license and attribution are reproduced below: Copyright (c) the purl authors @@ -372,4 +372,3 @@ FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - diff --git a/docs/annexes/rdf-model.md b/docs/annexes/rdf-model.md new file mode 100644 index 0000000000..c26c8577b5 --- /dev/null +++ b/docs/annexes/rdf-model.md @@ -0,0 +1,50 @@ +# RDF model definition and diagrams (Informative) + +## Model definition + +The SPDX RDF ontology is expressed in RDF/OWL/SHACL format +and is published in online at +[SPDX 3.0.1 Model](https://spdx.org/rdf/3.0.1/spdx-model.ttl) + +## Diagrams + +### Core Profile + +[![Core Profile diagram][fig_core]][fig_core] + +### Software Profile + +[![Software Profile diagram][fig_software]][fig_software] + +### Security Profile + +[![Security Profile diagram][fig_security]][fig_security] + +### Licensing Profile + +[![Licensing Profile diagram][fig_licensing]][fig_licensing] + +### Dataset Profile + +[![Dataset Profile diagram][fig_dataset]][fig_dataset] + +### AI Profile + +[![AI Profile diagram][fig_ai]][fig_ai] + +### Build Profile + +[![Build Profile diagram][fig_build]][fig_build] + +### Extension Profile + +[![Extension Profile diagram][fig_extension]][fig_extension] + +[fig_ai]: ../images/model-AI.png "SPDX 3.0.1 AI Profile diagram" +[fig_build]: ../images/model-Build.png "SPDX 3.0.1 Build Profile diagram" +[fig_core]: ../images/model-Core.png "SPDX 3.0.1 Core Profile diagram" +[fig_dataset]: ../images/model-Dataset.png "SPDX 3.0.1 Dataset Profile diagram" +[fig_extension]: ../images/model-Extension.png "SPDX 3.0.1 Extension Profile diagram" +[fig_licensing]: ../images/model-Licensing.png "SPDX 3.0.1 Licensing Profile diagram" +[fig_security]: ../images/model-Security.png "SPDX 3.0.1 Security Profile diagram" +[fig_software]: ../images/model-Software.png "SPDX 3.0.1 Software Profile diagram" diff --git a/docs/annexes/SPDX-license-expressions.md b/docs/annexes/spdx-license-expressions.md similarity index 85% rename from docs/annexes/SPDX-license-expressions.md rename to docs/annexes/spdx-license-expressions.md index 446aadcb23..90f879181d 100644 --- a/docs/annexes/SPDX-license-expressions.md +++ b/docs/annexes/spdx-license-expressions.md @@ -1,19 +1,21 @@ -# Annex D: SPDX license expressions (Normative) +# SPDX license expressions (Normative) -## D.1 Overview +## Overview Often a single license can be used to represent the licensing terms of a source code or binary file, but there are situations where a single license identifier is not sufficient. A common example is when software is offered under a choice of one or more licenses (e.g., GPL-2.0-only OR BSD-3-Clause). Another example is when a set of licenses is needed to represent a binary program constructed by compiling and linking two (or more) different source files each governed by different licenses (e.g., LGPL-2.1-only AND BSD-3-Clause). SPDX License Expressions provide a way for one to construct expressions that more accurately represent the licensing terms typically found in open source software source code. A license expression could be a single license identifier found on the SPDX License List; a user defined license reference denoted by the LicenseRef-`[idString]`; a license identifier combined with an SPDX exception; or some combination of license identifiers, license references and exceptions constructed using a small set of defined operators (e.g., `AND`, `OR`, `WITH` and `+`). We provide the definition of what constitutes a valid SPDX License Expression in this section. -The exact syntax of license expressions is described below in ABNF, as defined in [RFC5234](http://tools.ietf.org/html/rfc5234) and expanded in [RFC7405](http://tools.ietf.org/html/rfc7405). +The exact syntax of license expressions is described below in ABNF, as defined +in [RFC 5234](https://datatracker.ietf.org/doc/rfc5234/) and expanded +in [RFC 7405](https://datatracker.ietf.org/doc/rfc7405/). ```text idstring = 1*(ALPHA / DIGIT / "-" / "." ) -license-id = +license-id = -license-exception-id = +license-exception-id = license-ref = [%s"DocumentRef-"(idstring)":"]%s"LicenseRef-"(idstring) @@ -48,7 +50,7 @@ There MUST NOT be white space between a license-id and any following `+`. This s In the `tag:value` format, a license expression MUST be on a single line, and MUST NOT include a line break in the middle of the expression. -## D.2 Case sensitivity +## Case sensitivity License expression operators (`AND`, `and`, `OR`, `or`, `WITH` and `with`) should be matched in a *case-sensitive* manner, i.e., letters must be all upper case or all lower case. @@ -56,19 +58,17 @@ License identifiers (including license exception identifiers) used in SPDX docum However, please be aware that it is often important to match with the case of the canonical identifier on the [SPDX License List](https://spdx.org/licenses). This is because the canonical identifier's case is used in the URL of the license's or exception's entry on the List, and because the canonical identifier is translated to a URI in RDF documents. -For license identifiers, only the variable part (after `LicenseRef-`) is case insensitive. +For user defined license identifiers, only the variable part (after `LicenseRef-`) is case insensitive. This means, for example, that `LicenseRef-Name` and `LicenseRef-name` should be treated as the same identifier and considered to refer to the same license, while `licenseref-name` is not a valid license identifier. -This means, for example, that `LicenseRef-Name` and `LicenseRef-name` should be treated as the same identifier and considered to refer to the same license, while `licenseref-name` is not a valid license identifier. +The same applies to `AdditionRef-` user defined identifiers. -The same applies to `AdditionRef-`. - -## D.3 Simple license expressions +## Simple license expressions A simple `` is composed one of the following: -* An SPDX License List Short Form Identifier. For example: CDDL-1.0 -* An SPDX License List Short Form Identifier with a unary "+" operator suffix to represent the current version of the license or any later version. For example: CDDL-1.0+ -* An SPDX user defined license reference: ["DocumentRef-"1\*(idstring)":"]"LicenseRef-"1*(idstring) +- An SPDX License List Short Form Identifier. For example: CDDL-1.0 +- An SPDX License List Short Form Identifier with a unary "+" operator suffix to represent the current version of the license or any later version. For example: CDDL-1.0+ +- An SPDX user defined license reference: ["DocumentRef-"1\*(idstring)":"]"LicenseRef-"1*(idstring) Some examples: @@ -82,17 +82,19 @@ DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2 The current set of valid license identifiers can be found in [spdx.org/licenses](https://spdx.org/licenses). -## D.4 Composite license expressions +## Composite license expressions -### D.4.1 Introduction +### Introduction More expressive composite license expressions can be constructed using "OR", "AND", and "WITH" operators similar to constructing mathematical expressions using arithmetic operators. For the `tag:value` format, any license expression that consists of more than one license identifier and/or LicenseRef, may optionally be encapsulated by parentheses: "( )". -Nested parentheses can also be used to specify an order of precedence which is discussed in more detail in [D.4.5](#D.4.5). +Nested parentheses can also be used to specify an order of precedence which is +discussed in more detail in +[Order of precedence and parentheses](#order-of-precedence-and-parentheses). -### D.4.2 Disjunctive "OR" operator +### Disjunctive "OR" operator If presented with a choice between two or more licenses, use the disjunctive binary "OR" operator to construct a new license expression, where both the left and right operands are valid license expression values. @@ -116,7 +118,7 @@ LGPL-2.1-only OR MIT OR BSD-3-Clause It is allowed to use the operator in lower case form `or`. -### D.4.3 Conjunctive "AND" operator +### Conjunctive "AND" operator If required to simultaneously comply with two or more licenses, use the conjunctive binary "AND" operator to construct a new license expression, where both the left and right operands are a valid license expression values. @@ -140,14 +142,13 @@ LGPL-2.1-only AND MIT AND BSD-2-Clause It is allowed to use the operator in lower case form `and`. -### D.4.4 Additive "WITH" operator +### Additive "WITH" operator Sometimes license texts are found with additional text, which might or might not modify the original license terms. In this case, use the binary "WITH" operator to construct a new license expression to represent the special situation. A valid `` is where the left operand is a `` value and the right operand is a `` that represents the additional text. -The `` can be either a `` from the SPDX License List, or a user defined addition reference in the form ["DocumentRef-"(idstring)":"]"AdditonRef-"(idstring) - +The `` can be either a `` from the SPDX License List, or a user defined addition reference in the form ["DocumentRef-"(idstring)":"]"AdditionRef-"(idstring) For example, when the Bison exception is to be applied to GPL-2.0-or-later, the expression would be: @@ -159,7 +160,7 @@ The current set of valid license exceptions identifiers can be found in [spdx.or It is allowed to use the operator in lower case form `with`. -### D.4.5 Order of precedence and parentheses +### Order of precedence and parentheses The order of application of the operators in an expression matters (similar to mathematical operators). The default operator order of precedence of a `` a is: @@ -190,7 +191,7 @@ MIT AND (LGPL-2.1-or-later OR BSD-3-Clause) states the OR operator should be applied before the AND operator. That is, one should first select between the LGPL-2.1-or-later or the BSD-3-Clause license before applying the MIT license. -### D.4.6 License expressions in RDF +### License expressions in RDF A conjunctive license can be expressed in RDF via a `` element, with an spdx:member property for each element in the conjunctive license. Two or more members are required. @@ -235,12 +236,12 @@ A disjunctive license can be expressed in RDF via a `` element. This element has the following unique mandatory (unless specified otherwise) attributes: -* `comment` - An `rdfs:comment` element describing the nature of the exception. -* `seeAlso` (optional, one or more)- An `rdfs:seeAlso` element referencing external sources of information on the exception. -* `example` (optional) - Text describing examples of this exception. -* `name` - The full human readable name of the item. -* `licenseExceptionId` - The identifier of an exception in the SPDX License List to which the exception applies. -* `licenseExceptionText` - Full text of the license exception. +- `comment` - An `rdfs:comment` element describing the nature of the exception. +- `seeAlso` (optional, one or more)- An `rdfs:seeAlso` element referencing external sources of information on the exception. +- `example` (optional) - Text describing examples of this exception. +- `name` - The full human readable name of the item. +- `licenseExceptionId` - The identifier of an exception in the SPDX License List to which the exception applies. +- `licenseExceptionText` - Full text of the license exception. ```text - -Identifying the license for open source software is critical for both reporting purposes and license compliance. However, determining the license can sometimes be difficult due to a lack of information or ambiguous information. Even when licensing information is present, a lack of consistent notation can make automating the task of license detection very difficult, thus requiring vast amounts of human effort. - -[Short identifiers](https://spdx.org/licenses/) from the SPDX License List can be used to indicate license info at the file level. The advantages of doing this are numerous but include: - -* It is precise. -* It is concise. -* It is language neutral. -* It is easy and more reliable to machine process. -* Leads to code that is easier to reuse. -* The license information travels with the file (as sometimes not entire projects are used or license files are removed). -* It is a standard and can be universal. There is no need for variation. -* An SPDX short identifier is immutable. -* Easy look-ups and cross-references to the SPDX License List website. - -If using SPDX short identifiers in individual files, it is recommended to reproduce the full license in the projects LICENSE file and indicate that SPDX short identifiers are being used to refer to it. For links to projects illustrating these scenarios, see [https://spdx.dev/ids-where](https://spdx.dev/ids-where). - -## E.2 Format for SPDX-License-Identifier - -The SPDX-License-Identifier tag declares the license the file is under and should be placed at or near the top of the file in a comment. - -The SPDX License Identifier syntax may consist of a single license (represented by a short identifier from the [SPDX license list](https://spdx.org/licenses/)) or a compound set of licenses (represented by joining together multiple licenses using the license expression syntax). - -The tag should appear on its own line in the source file, generally as part of a comment. - -```text -SPDX-License-Identifier: -``` - -## E.3 Representing single license - -A single license is represented by using the short identifier from [SPDX license list](https://spdx.org/licenses/), optionally with a unary "+" operator following it to indicate "or later" versions may be applicable. - -Examples: - -```text -SPDX-License-Identifier: CDDL-1.0+ -SPDX-License-Identifier: MIT -``` - -## E.4 Representing multiple licenses - -Multiple licenses can be represented using an SPDX license expression as defined in Annex [D](SPDX-license-expressions.md). A set of licenses may optionally be enclosed in parentheses, but are not required to be enclosed. As further described there: - -1. When there is a choice between licenses ("disjunctive license"), they should be separated with "OR". If presented with a choice between two or more licenses, use the disjunctive binary "OR" operator to construct a new license expression. -2. Similarly when multiple licenses need to be simultaneously applied ("conjunctive license"), they should be separated with "AND". If required to simultaneously comply with two or more licenses, use the conjunctive binary "AND" operator to construct a new license expression. -3. In some cases, a set of license terms apply except under special circumstances, in this case, use the "WITH" operator followed by one of the [recognized exception identifiers](https://spdx.org/licenses/exceptions-index.html). -4. The expression MUST be on a single line, and MUST NOT include a line break in the middle of the expression. - -Examples: - -```text -SPDX-License-Identifier: GPL-2.0-only OR MIT -SPDX-License-Identifier: LGPL-2.1-only AND BSD-2-Clause -SPDX-License-Identifier: GPL-2.0-or-later WITH Bison-exception-2.2 -``` - -Please see Annex [D](SPDX-license-expressions.md) for more examples and details of the license expression specific syntax. - -If you can’t express the license(s) as an expression using identifiers from the SPDX list, it is probably best to just put the text of your license header in the file (if there is a standard header), or refer to a neutral site URL where the text can be found. To request a license be added to the SPDX License List, please follow the process described here: [https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md](https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md). - -Alternatively, you can use a `LicenseRef-` custom license identifier to refer to a license that is not on the SPDX License List, such as the following: - -```text -SPDX-License-Identifier: LicenseRef-my-special-license -``` - -The `LicenseRef-` format is defined in Annex [D](SPDX-license-expressions.md). When using a custom `LicenseRef-` identifier, you will also need to provide a way for others to determine what license text corresponds to it. [Version 3.0 of the REUSE Software Specification](https://reuse.software/spec/) provides a standardized format that can optionally be used for providing the corresponding license text for these identifiers. diff --git a/docs/annexes/using-SPDX-to-comply-with-industry-guidance.md b/docs/annexes/using-SPDX-to-comply-with-industry-guidance.md deleted file mode 100644 index 92561d10a0..0000000000 --- a/docs/annexes/using-SPDX-to-comply-with-industry-guidance.md +++ /dev/null @@ -1,50 +0,0 @@ -# Annex F: Using SPDX to comply with Norms, Standards and Regulation (Informative) - -## F.1 Satisfying NTIA Minimum Elements for an SBOM using SPDX / US Executive Order 14028 - -US Executive Order 14028 in conjunction with the National Telecommunications and Information Administration (NTIA) outlined minimum elements for an SBOM. The minimum elements are detailed in [NTIA's Framing Software Component Transparency: Establishing a Common Software Bill of Maternials](https://www.ntia.gov/files/ntia/publications/framingsbom_20191112.pdf) and [The Minimum Elements for a SBOM](https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf) documents and summarized below: - -| SBOM Minimum Field | Description | -| ----------- | :----------- | -| Author Name | Author of the SBOM entry (this may not always be the supplier). | -| Supplier Name | Name or identity of the supplier of the component in the SBOM entry. | -| Component Name | Designation assigned to a unit of software defined by the original supplier. | -| Version String | Version used to identify a component. | -| Component Hash | A cryptographic hash to uniquely identify a component. | -| Unique Identifier | A unique identifier to help identify components or serve as a look-up key for relevant databases. | -| Relationship | Characterizing the relationship that an upstream component X is included in software Y. | -| Timestamp | Record of the date and time of the SBOM data assembly. | - - -The SPDX Specification contains fields able to address each of the NTIA minimum required data fields. - -| NTIA SBOM Minimum Field | Satisfying SPDX field model location | -| ----------- | :----------- | -| Author Name | [Core/Classes/CreationInfo.createdBy](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/CreationInfo/) | -| Supplier Name | [Core/Classes/Artifact.suppliedBy ](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Artifact/) | -| Component Name | [Software/Classes/Package.name](https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Package/) inherited from [Core/Classes/Element.name](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Element/) | -| Version String | [Software/Classes/Package.packageVersion](https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Package/) | -| Component Hash | [Core/Classes/Element.verifiedUsing](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Element/) | -| Unique Identifier | [Software/Classes/SoftwareArtifact.contentIdentifier](https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/SoftwareArtifact/) for SPDX Software Artifacts or [Software/Classes/Package.packageUrl](https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Package/) if the packageUrl is considered to be unique,
or [Core/Classes/Element.externalIdentifier](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Element/) for resources outside the scope of SPDX-3.0 content
| -| Relationship | [Core/Classes/Relationship](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/Relationship/) | -| Timestamp | [Core/Classes/CreationInfo.created](https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/CreationInfo/) | - -## F.2 BSI TR-03183 - Technical Guideline Cyber Resilience Requirements for Manufacturers and Products - -The German BSI is actively propagating its technical guideline in preparation for adopting and detailing the -requirements of the [EU Cyber Resilience Act](https://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.html) -becoming effective in 2027. - -The guideline can be regarded as German equivalent of the US Executive Order 14028. Nevertheless, BSI is exploring -various options and recommendations to further detail the content of SBOMs. - -Important elements of the guideline in the context of SPDX: -* The guideline references SPDX as one of the exchange formats for SBOMs. -* It defines levels of details as well as mandatory and optional data fields. -* The guideline scopes the content (dependency relationships) of an SBOM (top-level, n-level, transitive, delivery item, complete). -* Different types of SBOMs (design, source, build, analysed, deployed, runtime) are defined. - -The guideline (available in version 1.1) is currently being revised by the BSI. Draft versions of the future 2.0 document -are circulated by the BSI to collect review comments. - -See [BSI Technical Guideline TR-03183](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03183/BSI-TR-03183-2.html). diff --git a/docs/bibliography.md b/docs/bibliography.md deleted file mode 100644 index 91a067dbd1..0000000000 --- a/docs/bibliography.md +++ /dev/null @@ -1,7 +0,0 @@ -# Bibliography - -The following documents are useful references for implementers and users of this document: - -[1] *Software Package Data Exchange (SPDX®) Specification Version 1.0* and 1.1, 1.2, 2.0, 2.1, 2.2, and 2.3; SPDX.dev, - -[2] *Open Source Initiative (OSI)*; diff --git a/docs/conformance.md b/docs/conformance.md index 59fa193ac0..23994959d0 100644 --- a/docs/conformance.md +++ b/docs/conformance.md @@ -1,83 +1,273 @@ -# 4 Conformance +# Conformance -TODO: update for SPDXv3 - -## 4.1 SPDX Current and Previous Versions - -This edition has the version number 2.3 as part of its title. This is a follow on from [ISO/IEC 5962:2021 -Information technology — SPDX® Specification V2.2.1](https://www.iso.org/standard/81870.html), and includes new fields. Earlier editions were published by the SPDX workgroup via the Linux Foundation. The SPDX Specification was subsequently transposed into the Joint Development Foundation. [Those earlier editions are: 1.0 (August 2011), 1.1 (August 2012), 1.2 (October 2013), 2.0 (May 2015), 2.1 (November 2016), and 2.2 (May 2020).] Differences between this edition and earlier ones are reported in [Annex J](annexes/diffs-from-previous-editions.md); see also [[1]](bibliography.md). - -## 4.2 Obsolete features - -Over the life of a standard, some older approaches can become obsolete and are dropped from subsequent editions, possibly with a replacement approach being provided. Such action involves *deprecating* those outdated features. This edition identifies all currently deprecated features. No features present in 2.2.1 have been deprecated in this 2.3 release. - -## 4.3 Alternate notation for some conformance requirements - -This standard contains more than a few *cardinality assertions*, each of which indicates absolute, optional, or conditional requirements. Here are some examples: - -* Cardinality: Mandatory, one. -* Cardinality: Optional, one or many. -* Cardinality: Mandatory, one if {condition} is true or {feature} omitted, zero (shall be omitted) if {condition} is false. -* Cardinality: 0..1 -* Cardinality: 0..\* -* Cardinality: 1..1 -* Cardinality: 1..\* - -Each of these assertions can easily be understood as to whether a feature is required, and if so, how many occurrences are required; also, whether a feature is permitted, and if so, in what number. As this is the format long familiar to the SPDX community, it has been preserved in this document. - -## 4.4 Standard data format requirements - -The data format specification and recommendations are subject to the following constraints: - -* Shall be in a human readable form. - -* Shall be in a syntax that a software tool can read and write. - -* Shall be suitable to be checked for syntactic correctness automatically, independent of how it was generated (human or tool). - -* The SPDX document character set shall support UTF-8 encoding. - -* Multiple serialization formats may be used to represent the information being exchanged. Current supported formats include: - - * **YAML 1.2** see: - * **JavaScript Object Notation** (JSON) see: [ECMA-404](https://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf) - * The JSON Schema for SPDX can be found in the [SPDX Spec Git Repository Schema directory](https://github.com/spdx/spdx-spec/blob/master/schemas/spdx-schema.json) - * **Resource Description Framework** (RDF also referred to as RDF/XML) see: - * **tag:value** flat text file as described in this specification - * **.xls** spreadsheets - -* In addition to the supported formats, the following format is in development with a plan to complete the specification in the next release: - - * **Extensible Markup Language** (XML) see: - -* Interoperability between all the supported file formats shall be preserved. SPDX defines how to validate a document in each supported format, and how to translate a valid document without loss to each other supported format. - -* Tags and format properties are case sensitive. - -* Should be easy to recognize in a file system without opening the file. A suggested naming convention is: - -| Format | Extension | -| ----------- | ----------- | -| tag:value | \*.spdx | -| RDF | \*.spdx.rdf | -| JSON | \*.spdx.json | -| XML | \*.spdx.xml | -| YAML | \*.spdx.yaml or \*.spdx.yml | - -* The convention in this specification is for the RDF examples to use `rdf:about="..."` to represent that a proper Uniform Resource Indicator (URI) should be present. - -## 4.5 Trademark Compliance - -To be designated an SPDX document, a file shall comply with the requirements of the SPDX Trademark License (See the [SPDX Trademark Page](https://spdx.dev/trademark/)). - -The official copyright notice that shall be used with any verbatim reproduction and/or distribution of this SPDX Specification 2.3 is: - -> "Official SPDX Specification 2.3 Copyright © 2010-2022 Linux Foundation and its Contributors. Licensed under the Creative Commons Attribution License 3.0 Unported. All other rights are expressly reserved." - -The official copyright notice that shall be used with any non-verbatim reproduction and/or distribution of this SPDX Specification 2.3, including without limitation any partial use or combining this SPDX Specification with another work, is: - -> "This is not an official SPDX Specification. Portions herein have been reproduced from SPDX Specification 2.3 found at spdx.dev. These portions are Copyright © 2010-2022 Linux Foundation and its Contributors, and are licensed under the Creative Commons Attribution License 3.0 Unported by the Linux Foundation and its Contributors. All other rights are expressly reserved by Linux Foundation and its Contributors." - -## 4.6 The SPDX Lite profile - -Rather than conforming to this whole specification, an implementation may conform with SPDX Lite only, a profile that defines a subset of the SPDX specification. SPDX Lite aims at the balance between the SPDX standard and actual workflows in some industries. See [Annex G](annexes/SPDX-Lite.md) for more information. +## Alternate notation for some conformance requirements + +This standard contains more than a few cardinality assertions, each of which +indicates the minimum and maximum number of times a property may appear. +These are represented by using "minCount" and "maxCount" respectively. +The absolute minimum number of occurrences is zero (0), +while for an unbounded maximum number of occurrences a star (\*) is being used. + +Here are some examples: + +- minCount: 1 +- maxCount: * +- Cardinality: 0..1 +- Cardinality: 0..* +- Cardinality: 1..1 +- Cardinality: 1..* + +Each of these assertions can easily be understood as to whether a feature is +required, and if so, how many occurrences are required; also, whether a feature +is permitted, and if so, in what number. As this is the format long familiar to +the SPDX community, it has been preserved in this specification. + +## Introduction to Profiles + +Profile is the term for a compliance point within the SPDX community across The +Linux Foundation and OMG. The System Package Data Exchange (SPDX) specification +defines the following nine compliance points, defined as “Profiles”: + +- Core Profile +- Software Profile +- Security Profile +- Licensing Profile +- Dataset Profile +- AI Profile +- Build Profile +- Lite Profile +- Extension Profile + +The Core Profile is mandatory. All others are optional. + +## Core Profile compliance point + +The Core Profile includes the definitions of classes properties and +vocabularies usable by all SPDX profiles when producing or consuming SPDX +content. Although the classes, properties and vocabularies are somewhat +extensive, the required fields are rather minimal to allow maximum flexibility +while meeting minimum SBOM requirements. Software that conforms to the SPDX +specification at the Core Profile compliance point shall be able to import and +export serialized documents that conform with one of the defined SPDX +serialization formats. + +Conformance to the Core Profile compliance point is mandatory for all other +SPDX profiles. + +This compliance point, in combination with the Software Profile compliance +point, provides a baseline of functionality that facilitates interchange of the +bills of materials information produced by tools supporting SPDX. + +## Software Profile compliance point + +The Software Profile includes the definitions of classes, properties and +vocabularies for referring to and conveying information about software and is +usable by all SPDX profiles when producing or consuming SPDX content. + +Software that conforms to the SPDX specification at the Software Profile +compliance point shall be able to import and export serialized documents that +conform with one of the SPDX serialization formats defined SPDX serialization +formats. + +Conformance to the Software Profile compliance point does not entail support +for the Licensing, Dataset, AI, Build, Lite, or Extension profiles of the +SPDX. + +This compliance point, in combination with the Core Profile compliance point, +provides a baseline of functionality that facilitates interchange of the bills +of materials information produced by tools supporting SPDX. + +## Security Profile compliance point + +The Security Profile captures security-related information when producing or +consuming SPDX content. + +Software that conforms to the SPDX specification at the security profile +compliance point shall be able to import and export serialized documents that +conform with one of the SPDX serialization formats defined SPDX serialization +formats, including the properties and relationships specified in the security +profile, which are in support of exchanging information about software +vulnerabilities that may exist, the severity of those vulnerabilities, and a +mechanism to express how a vulnerability may affect a specific software element +including if a fix is available. + +Conformance to the Security Profile compliance point does not entail support +for the Licensing, Dataset, AI, Build, Lite, or Extension profiles of the +SPDX. + +This compliance point facilitates interchange of the security information +produced by tools supporting SPDX. + +## Licensing Profile compliance point + +The Licensing Profile includes capturing details relevant to software licensing +and intellectual property information when producing or consuming SPDX content. +Specifically, software that conforms to the SPDX specification at the Licensing +profile compliance point shall be able to import and export serialized +documents that conform with one of the SPDX serialization formats defined SPDX +serialization formats, including the classes and fields that comprise the SPDX +License Expression syntax and that relate to the +[SPDX License List](https://spdx.org/licenses/). + +There are two associated profiles, the SimpleLicensing Profile +and the ExpandedLicensing profiles. +Both allow expression of the same information, +albeit in different ways. + +Conformance to the Licensing Profile compliance point does not entail support +for the Software, Security, Dataset, AI, Build, Lite, or Extension profiles of +the SPDX. + +This compliance point facilitates interchange of the licensing documents +expressing which licenses and copyright notices are determined by persons or +automated tooling to apply to distributions of software that are produced by +tools supporting SPDX. + +## Dataset Profile compliance point + +The Dataset Profile captures the relevant information about the datasets used +in an AI system or other applications when producing or consuming SPDX content. + +Software that conforms to the SPDX specification at the Dataset Profile +compliance point shall be able to import and export serialized documents that +conform with one of the SPDX serialization formats defined SPDX serialization +formats, including details such as dataset names, versions, sources, associated +metadata, licensing information, and any other relevant attributes. +The Dataset Profile can covey a description or summary of a dataset, including +metadata, characteristics, and statistical information about the data. +The Dataset Profile can convey insights into the structure, format, content, +and properties of a dataset, helping users understand and analyze the data more +effectively. + +Conformance to the Dataset Profile compliance point does not entail support +for the Software, Licensing, Security, AI, Build, Lite, or Extension profiles +of the SPDX. + +This compliance point facilitates interchange of the information about +datasets produced by tools supporting SPDX. + +## AI Profile compliance point + +The AI Profile captures an inventory list of software components and +dependencies associated with an AI system when producing or consuming SPDX +content. + +Software that conforms to the SPDX specification at the AI Profile compliance +point shall be able to import and export serialized documents that conform with +one of the SPDX serialization formats defined SPDX serialization formats, +including the information about software components and dependencies associated +with artificial intelligence and machine learning (AI/ML) models and systems. +This inventory includes the software frameworks, libraries, and other +components used to build or deploy the AI system, along with relevant +information about their versions, licenses, and useful security references +including ethical and security information. + +Conformance to the AI Profile compliance point does not entail support for the +Software, Licensing, Security, Dataset, Build, Lite, or Extension profiles of +the SPDX. + +This compliance point facilitates interchange of the AI model related +information produced by tools supporting SPDX. + +## Build Profile compliance point + +The Build Profile captures build-related information when producing or +consuming SPDX content. + +Software that conforms to the SPDX specification at the Build Profile +compliance point shall be able to import and export serialized documents that +conform with one of the SPDX serialization formats defined SPDX serialization +formats, including associated definitions to help express how software is +generated and transformed. This includes encoding the inputs, outputs, +procedures/instructions, environments and actors from the build process along +with the associated evidence. + +Conformance to the Build Profile compliance point does not entail support for +the Software, Licensing, Security, Dataset, AI, Lite, or Extension profiles of +the SPDX. + +This compliance point facilitates interchange of the build information produced +by tools supporting SPDX. + +## Lite Profile compliance point + +The Lite Profile captures the minimum set of information required for license +compliance in the software supply chain for producing or consuming SPDX +content. + +Software that conforms to the SPDX specification at the Lite Profile +compliance point shall be able to import and export serialized documents that +conform with one of the SPDX serialization formats defined SPDX serialization +formats, including creation of the SBOM, package lists with licensing and other +related items, and their relationships. + +Conformance to the Lite Profile compliance point does not entail support for +the Software, Licensing, Security, Dataset, AI, Build, or Extension profiles +of the SPDX. + +This compliance point facilitates interchange of minimal licensing information +when produced by tools supporting SPDX. + +## Extension Profile compliance point + +The Extension Profile captures extended tailored information when producing or +consuming non-standard SPDX content in three ways: + +- Support Profile-based extended characterization of Elements. Enables + specification and expression of Element characterization extensions within + any profile and namespace of SPDX without requiring changes to other profiles + or namespaces and without requiring local subclassing of remote classes + (which could inhibit ecosystem interoperability in some cases). + +- Support extension of SPDX by adopting individuals or communities with Element + characterization details uniquely specialized to their particular context. + Enables adopting individuals or communities to utilize SPDX expressive + capabilities along with expressing more arcane Element characterization + details specific to them and not appropriate for standardization across SPDX. + +- Support structured capture of expressive solutions for gaps in SPDX coverage + from real-world use. Enables adopting individuals or communities to express + Element characterization details they require that are not currently defined + in SPDX but likely should be. Enables a practical pipeline that identifies + gaps in SPDX that should be filled, expresses solutions to those gaps in a + way that allows the identifying adopters to use the extended solutions with + SPDX and does not conflict with current SPDX, can be clearly detected among + the SPDX content exchange ecosystem, provides a clear and structured + definition of gap solution that can be used as submission for revision to the + SPDX standard. + +Software that conforms to the SPDX specification at the Extension Profile +compliance point shall be able to import and export serialized documents that +conform with one of the SPDX serialization formats defined SPDX serialization +formats, including the abstract Extension class serving as the base for all +defined Extension subclasses. + +Conformance to the Extension Profile compliance point does not entail support +for the Licensing, Security, Dataset, AI, Build, or profiles of the SPDX but +is expected to be used in combination with the other profiles to extend them. + +This compliance point facilitates interchange of extended information that goes +beyond the standard SPDX produced by tools supporting SPDX and is used between +cooperating parties that understand the form of the extension and can produce +and consume its non-standard content. + +## Trademark Compliance + +To be designated an SPDX document, a file shall comply with the requirements of the SPDX Trademark +License, as stated in the [the SPDX Trademark Page](https://spdx.dev/trademark). + +The official copyright notice that shall be used with any verbatim reproduction and/or distribution of +this SPDX Specification 3.0.1 is: + +"Official SPDX® Specification 3.0.1 Copyright © 2010--2024 Linux Foundation and its Contributors. +Licensed under the Community Specification License 1.0. All other rights are expressly reserved." + +The official copyright notice that shall be used with any non-verbatim reproduction and/or distribution +of this SPDX Specification 3.0.1, including without limitation any partial use or combining this SPDX +Specification with another work, is: + +"This is not an official SPDX Specification. Portions herein have been reproduced from SPDX® +Specification 3.0.1 found at spdx.dev. These portions are Copyright © 2010--2024 Linux Foundation and +its Contributors, and are licensed under the Community Specification License 1.0 by the +Linux Foundation and its Contributors. All other rights are expressly reserved by Linux Foundation and +its Contributors." diff --git a/docs/front/copyright.md b/docs/front/copyright.md new file mode 100644 index 0000000000..8c108d7392 --- /dev/null +++ b/docs/front/copyright.md @@ -0,0 +1,28 @@ +# Use of Specification - Terms, Conditions & Notices + +Copyright © 2010-2024, The Linux Foundation and its Contributors, +including SPDX Model contributions from OMG and its Contributors. + +This work is licensed under the +[Community Specification License 1.0](../licenses/Community-Spec-1.0.md) +(Community-Spec-1.0). +Pre-existing portions of this work from copyright holders who have not +subsequently contributed under the Community-Spec-1.0 are provided under +[Creative Commons Attribution License 3.0 Unported](../licenses/CC-BY-3.0.md) +(CC-BY-3.0). +Copies of these licenses are reproduced in their entirety herein. + +## Trademarks + +SPDX® is a registered trademark of The Linux Foundation. + +## Compliance + +Use of the SPDX trademarks is subject to the SPDX Trademark License, +currently available at +[SPDX Legal Notices page](https://spdx.dev/about/legal-notices/). + +Software developed under the terms of the licenses under which this +specification is issued may claim compliance or conformance with this +specification if and only if the software provider complies with the +SPDX Trademark License given above. diff --git a/docs/front/introduction.md b/docs/front/introduction.md new file mode 100644 index 0000000000..dd6547bd8f --- /dev/null +++ b/docs/front/introduction.md @@ -0,0 +1,50 @@ +# Introduction + +Companies and organizations (collectively “Organizations”) are widely using and +reusing open source and other software packages. Accurate identification of +software is key for many supply chain processes. Vulnerability remediation +starts with knowing the details of which version of software is in use on a +system. Compliance with the associated licenses requires a set of analysis +activities and due diligence that each Organization performs independently, +which may include a manual and/or automated scan of software and identification +of associated licenses followed by manual verification. + +Software development teams across the globe use the same open source packages, +but little infrastructure exists to facilitate collaboration on the analysis or +share the results of these analysis activities. As a result, many groups are +performing the same work leading to duplicated efforts and redundant +information. With this document, the SPDX workgroup, a combined effort of the +Linux Foundation SPDX group and the OMG/CISQ Tool-to-Tool effort, has created a +data exchange format so that information about software packages and related +content may be collected and shared in a common format with the goal of saving +time and improving data accuracy. + +The merged activities of the two groups slid together the beginning weeks of +2021 with activities generally moving forward but occasionally stalling while +the larger group worked through issues that one or the other hadn’t discussed +or had a different opinion about. Eventually, after releasing SPDX 2.3 in +August of 2022 with updates that brought some of the concepts and capabilities +slated for SPDX 3.0 to the community in preparation of the shift that SPDX 3.0 +represents, the first release candidate of SPDX 3.0 was released in May of +2023. Within the SPDX community, which is both a standards creation +organization as well as a community of open source developers, a release +candidate offers an opportunity for implementors of SPDX, both new and old, to +review the work and determine whether there were parts that were unclear or +that would be extremely burdensome to implement. + +Based on the comments and change requests from the initial candidate release +several areas of the model were revised and reworked, resulting in a release +candidate 2 of SPDX 3.0 in February of 2024. That release candidate gave tool +creators and those who maintain the support libraries for working with SPDX +time to start revising their projects in advance of the final version of +the SPDX 3.0 specification. For those not following the inner workings, +debates, and discussion of the combined 3T-SBOM and SPDX 3.0 working group for +the last 3 years there has been a dramatic change in the SPDX model as it goes +from SPDX 2.3 to SPDX 3.0, shifting the SPDX name from Software Package Data +Exchange to System Package Data Exchange and expanding the scope of items it +can now convey in a bill of materials from software, security, and licensing to +many additional aspects like data sets, AI models, and build information. + +Since the release of 3.0.0, we have gathered feedback on the level of +documentation and minor errors in the model which have been addressed in the +3.0.1 release. diff --git a/docs/images/model-AI.png b/docs/images/model-AI.png new file mode 100644 index 0000000000..d0cc0f2514 Binary files /dev/null and b/docs/images/model-AI.png differ diff --git a/docs/images/model-Build.png b/docs/images/model-Build.png new file mode 100644 index 0000000000..378465b184 Binary files /dev/null and b/docs/images/model-Build.png differ diff --git a/docs/images/model-Core.png b/docs/images/model-Core.png new file mode 100644 index 0000000000..3e929d44e4 Binary files /dev/null and b/docs/images/model-Core.png differ diff --git a/docs/images/model-Dataset.png b/docs/images/model-Dataset.png new file mode 100644 index 0000000000..4e0af94429 Binary files /dev/null and b/docs/images/model-Dataset.png differ diff --git a/docs/images/model-Extension.png b/docs/images/model-Extension.png new file mode 100644 index 0000000000..f8f131e7fb Binary files /dev/null and b/docs/images/model-Extension.png differ diff --git a/docs/images/model-Licensing.png b/docs/images/model-Licensing.png new file mode 100644 index 0000000000..23909d9d65 Binary files /dev/null and b/docs/images/model-Licensing.png differ diff --git a/docs/images/model-Security.png b/docs/images/model-Security.png new file mode 100644 index 0000000000..bbaef7ff85 Binary files /dev/null and b/docs/images/model-Security.png differ diff --git a/docs/images/model-Software.png b/docs/images/model-Software.png new file mode 100644 index 0000000000..e117b72932 Binary files /dev/null and b/docs/images/model-Software.png differ diff --git a/docs/images/model-ai.png b/docs/images/model-ai.png deleted file mode 100644 index 45ebf99a94..0000000000 Binary files a/docs/images/model-ai.png and /dev/null differ diff --git a/docs/images/model-build.png b/docs/images/model-build.png deleted file mode 100644 index b51074de39..0000000000 Binary files a/docs/images/model-build.png and /dev/null differ diff --git a/docs/images/model-core-software.png b/docs/images/model-core-software.png deleted file mode 100644 index 30163a5f13..0000000000 Binary files a/docs/images/model-core-software.png and /dev/null differ diff --git a/docs/images/model-dataset.png b/docs/images/model-dataset.png deleted file mode 100644 index aefa000882..0000000000 Binary files a/docs/images/model-dataset.png and /dev/null differ diff --git a/docs/images/model-extension.png b/docs/images/model-extension.png deleted file mode 100644 index ae1bebd8a8..0000000000 Binary files a/docs/images/model-extension.png and /dev/null differ diff --git a/docs/images/model-licensing.png b/docs/images/model-licensing.png deleted file mode 100644 index 6a7572809b..0000000000 Binary files a/docs/images/model-licensing.png and /dev/null differ diff --git a/docs/images/model-security.png b/docs/images/model-security.png deleted file mode 100644 index 703c97ac0e..0000000000 Binary files a/docs/images/model-security.png and /dev/null differ diff --git a/docs/img/favicon.ico b/docs/img/favicon.ico new file mode 100644 index 0000000000..c9ca80af23 Binary files /dev/null and b/docs/img/favicon.ico differ diff --git a/docs/index.md b/docs/index.md index bf20224e61..bde3e2d217 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,11 +1,7 @@ -# The System Package Data Exchange® (SPDX®) Specification Version 3.0 +# The System Package Data Exchange® (SPDX®) Specification Version 3.0.1 -Copyright © 2010-2024 Linux Foundation and its Contributors. - -This work is licensed under the -Community Specification License 1.0 (Community-Spec-1.0). -Pre-existing portions of this work from copyright holders who have not subsequently contributed under the Community-Spec-1.0 are provided under Creative Commons Attribution License 3.0 Unported (CC-BY-3.0). -Copies of these licenses are reproduced in their entirety herein. +Copyright © 2010-2024, The Linux Foundation and its Contributors, +including SPDX Model contributions from OMG and its Contributors. With thanks to Adam Cohn, @@ -16,6 +12,7 @@ Andrew Back, Ann Thornton, Armin Tänzer, Arthit Suriyawongkul, +Ayumi Watanabe, Basil Peace, Bill Schineller, Bradlee Edmondson, @@ -56,6 +53,7 @@ Kate Stewart, Kevin Mitchell, Kim Weins, Kirsten Newcomer, +Kouki Hama, Kris Reeves, Liang Cao, Lon Hohberger, @@ -73,6 +71,7 @@ Michael J. Herzog, Michel Ruffin, Nicole Pappler, Nisha Kumar, +Nobuyuki Tanaka, Norio Kobota, Nuno Brito, Oliver Fendt, @@ -89,6 +88,7 @@ Robin Gandhi, Rose Judge, Sam Ellis, Sameer Ahmed, +Satoru Koizumi, Scott K Peterson, Scott Lamons, Scott Sterling, @@ -110,7 +110,8 @@ William Bartholomew, Yev Bronshteyn, Yoshiko Ouchi, Yoshiyuki Ito, -Yuji Nomura +Yuji Nomura, +Yumi Tomita, and Zachary McFarland for their contributions and assistance. diff --git a/docs/introduction.md b/docs/introduction.md deleted file mode 100644 index 5b55196c52..0000000000 --- a/docs/introduction.md +++ /dev/null @@ -1,3 +0,0 @@ -# Introduction - -Companies and organizations (collectively “Organizations”) are widely using and reusing open source and other software packages. Accurate identification of software is key for many supply chain processes. Vulnerability remediation starts with knowing the details of which version of software is in use on a system. Compliance with the associated licenses requires a set of analysis activities and due diligence that each Organization performs independently, which may include a manual and/or automated scan of software and identification of associated licenses followed by manual verification. Software development teams across the globe use the same open source packages, but little infrastructure exists to facilitate collaboration on the analysis or share the results of these analysis activities. As a result, many groups are performing the same work leading to duplicated efforts and redundant information. With this document, the SPDX workgroup has created a data exchange format so that information about software packages and related content may be collected and shared in a common format with the goal of saving time and improving data accuracy. diff --git a/docs/references.md b/docs/references.md index 3a7ce06aa2..da05666fd8 100644 --- a/docs/references.md +++ b/docs/references.md @@ -1,6 +1,6 @@ -# 2 References +# References -## 2.1 Normative References +## Normative References The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated @@ -8,68 +8,170 @@ references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. *Apache Maven*, Apache Software Foundation, -[https://maven.apache.org/](https://maven.apache.org/) +[https://maven.apache.org/](https://maven.apache.org/). *Bower API*, -[https://bower.io/docs/api/#install](https://bower.io/docs/api/#install) +[https://bower.io/docs/api/#install](https://bower.io/docs/api/#install). *Common Platform Enumeration (CPE) – Specification 2.2*, The MITRE Corporation, -[https://cpe.mitre.org/files/cpe-specification_2.2.pdf](https://cpe.mitre.org/files/cpe-specification_2.2.pdf) +[https://cpe.mitre.org/files/cpe-specification_2.2.pdf](https://cpe.mitre.org/files/cpe-specification_2.2.pdf). -NIST IR 7695, *Common Platform Enumeration: Naming Specification Version 2.3*, +*Common Platform Enumeration (CPE): Naming Specification Version 2.3*, NIST IR 7695, NIST, -[https://csrc.nist.gov/pubs/ir/7695/final](https://csrc.nist.gov/pubs/ir/7695/final) +[https://csrc.nist.gov/pubs/ir/7695/final](https://csrc.nist.gov/pubs/ir/7695/final). -*npm-package.json*, npm Inc., -[https://docs.npmjs.com/files/package.json](https://docs.npmjs.com/files/package.json) +*Common Vulnerability Scoring System v3.0 (CVSS v3.0): Specification Document*, +Forum of Incident Response and Security Teams, Inc (FIRST), +[https://www.first.org/cvss/v3.0/specification-document](https://www.first.org/cvss/v3.0/specification-document). -*NuGet documentation*, Microsoft, -[https://docs.nuget.org/](https://docs.nuget.org/) +*Common Vulnerability Scoring System v3.1 (CVSS v3.1): Specification Document*, +Forum of Incident Response and Security Teams, Inc (FIRST), +[https://www.first.org/cvss/v3.1/specification-document](https://www.first.org/cvss/v3.1/specification-document). -POSIX.1-2017 *The Open Group Base Specifications Issue 7*, 2018 edition, -IEEE/Open Group, -[https://pubs.opengroup.org/onlinepubs/9699919799/](https://pubs.opengroup.org/onlinepubs/9699919799/) +*Common Vulnerability Scoring System version 4.0 (CVSS v4.0): Specification Document*, +Forum of Incident Response and Security Teams, Inc (FIRST), +[https://www.first.org/cvss/v4.0/specification-document](https://www.first.org/cvss/v4.0/specification-document). -*Package URL specification*, -[https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec) +*CVSS 3.0 schema*, +Forum of Incident Response and Security Teams, Inc (FIRST), +[https://www.first.org/cvss/cvss-v3.0.json](https://www.first.org/cvss/cvss-v3.0.json). -*Resource Description Framework (RDF)*, 2014-02-25, W3C, -[http://www.w3.org/standards/techs/rdf](http://www.w3.org/standards/techs/rdf) +*CVSS 3.1 schema*, +Forum of Incident Response and Security Teams, Inc (FIRST), +[https://www.first.org/cvss/cvss-v3.1.json](https://www.first.org/cvss/cvss-v3.1.json). -RFC 1321, *The MD5 Message-Digest Algorithm*, -The Internet Society Network Working Group, -[https://www.rfc-editor.org/info/rfc1321](https://www.rfc-editor.org/info/rfc1321) +*CVSS 4.0 schema*, +Forum of Incident Response and Security Teams, Inc (FIRST), +[https://www.first.org/cvss/cvss-v4.0.json](https://www.first.org/cvss/cvss-v4.0.json). -RFC 3174, *US Secure Hash Algorithm 1 (SHA1)*, -The Internet Society Network Working Group, -[https://www.rfc-editor.org/info/rfc3174](https://www.rfc-editor.org/info/rfc3174) +*EU general risk assessment methodology*, +European Commission, +[https://ec.europa.eu/docsroom/documents/17107](https://ec.europa.eu/docsroom/documents/17107). -RFC 3986, *Uniform Resource Identifier (URI): Generic Syntax*, -The Internet Society Network Working Group, -[https://www.rfc-editor.org/info/rfc3986](https://www.rfc-editor.org/info/rfc3986) +*npm-package.json*, npm Inc., +[https://docs.npmjs.com/files/package.json](https://docs.npmjs.com/files/package.json). -RFC 5234, *Augmented BNF for Syntax Specifications: ABNF*, -The Internet Society Network Working Group, -[https://www.rfc-editor.org/info/rfc5234](https://www.rfc-editor.org/info/rfc5234) +*NuGet documentation*, Microsoft, +[https://docs.nuget.org/](https://docs.nuget.org/). -RFC 6234, *US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)*, -The Internet Society Network Working Group, -[https://www.rfc-editor.org/info/rfc6234](https://www.rfc-editor.org/info/rfc6234) +POSIX.1-2017 *The Open Group Base Specifications Issue 7*, 2018 edition, +IEEE/Open Group, +[https://pubs.opengroup.org/onlinepubs/9699919799/](https://pubs.opengroup.org/onlinepubs/9699919799/). -*SoftWare Heritage persistent IDentifiers (SWHIDs)*, +*Resource Description Framework (RDF)*, 2014-02-25, W3C, +[http://www.w3.org/standards/techs/rdf](http://www.w3.org/standards/techs/rdf). + +RFC 1319, +*The MD2 Message-Digest Algorithm*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc1319/](https://datatracker.ietf.org/doc/rfc1319/). + +RFC 1320, +*The MD4 Message-Digest Algorithm*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc1320/](https://datatracker.ietf.org/doc/rfc1320/). + +RFC 1321, +*The MD5 Message-Digest Algorithm*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc1321/](https://datatracker.ietf.org/doc/rfc1321/). + +RFC 1950, +*ZLIB Compressed Data Format Specification version 3.3*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc1950/](https://datatracker.ietf.org/doc/rfc1950/). + +RFC 2046, +*Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc2046/](https://datatracker.ietf.org/doc/rfc2046/). + +RFC 3174, +*US Secure Hash Algorithm 1 (SHA1)*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc3174/](https://datatracker.ietf.org/doc/rfc3174/). + +RFC 3696, +*Application Techniques for Checking and Transformation of Names*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc3696/](https://datatracker.ietf.org/doc/rfc3696/). + +RFC 3874, +*A 224-bit One-way Hash Function: SHA-224*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc3874/](https://datatracker.ietf.org/doc/rfc3874/). + +RFC 3986, +*Uniform Resource Identifier (URI): Generic Syntax*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc3986/](https://datatracker.ietf.org/doc/rfc3986/). + +RFC 5234, +*Augmented BNF for Syntax Specifications: ABNF*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc5234/](https://datatracker.ietf.org/doc/rfc5234/). + +RFC 6234, +*US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc6234/](https://datatracker.ietf.org/doc/rfc6234/). + +RFC 7405, +*Case-Sensitive String Support in ABNF*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc7405/](https://datatracker.ietf.org/doc/rfc7405/). + +RFC 7693, +*The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc7693/](https://datatracker.ietf.org/doc/rfc7693/). + +RFC 8259, +*The JavaScript Object Notation (JSON) Data Interchange Format*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc8259/](https://datatracker.ietf.org/doc/rfc8259/). + +RFC 9393, +*Concise Software Identification Tags*, +Internet Engineering Task Force, +[https://datatracker.ietf.org/doc/rfc9393/](https://datatracker.ietf.org/doc/rfc9393/). + +*Semantic Versioning 2.0.0*, +Tom Preston-Werner and SemVer contributors, +[https://semver.org](https://semver.org). + +*SLSA Provenance v0.2*, The Linux Foundation, +[https://slsa.dev/spec/v0.2/provenance](https://slsa.dev/spec/v0.2/provenance). + +SoftWare Heritage persistent IDentifiers (SWHIDs), in +Draft International Standard +*ISO/IEC DIS 18670 Information technology — SoftWare Hash IDentifier (SWHID) Specification V1.2*[https://www.iso.org/standard/89985.html](https://www.iso.org/standard/89985.html), +also available at [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html) *SPDX and RDF Ontology*, [http://spdx.org/rdf/ontology/spdx-3-0-1](http://spdx.org/rdf/ontology/spdx-3-0-1) -*SPDX License List*, Linux Foundation, +*SPDX License List*, The Linux Foundation, [https://spdx.org/licenses/](https://spdx.org/licenses/) -*SPDX License Exceptions*, Linux Foundation, +*SPDX License Exceptions*, The Linux Foundation, [https://spdx.org/licenses/exceptions-index.html](https://spdx.org/licenses/exceptions-index.html) -## 2.2 Non-normative References +*Stakeholder-Specific Vulnerability Categorization Guide*, +CISA, +[https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc). + +*The EPSS Model*, +Forum of Incident Response and Security Teams, Inc (FIRST), +[https://www.first.org/epss/model](https://www.first.org/epss/model). + +*Types of Software Bill of Material (SBOM) Documents*, +CISA, +[https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf](https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf). + +## Non-normative References The following documents are referred to in the text. diff --git a/docs/scope.md b/docs/scope.md index 71cbd44343..8ee8fc06e7 100644 --- a/docs/scope.md +++ b/docs/scope.md @@ -1,4 +1,4 @@ -# 1 Scope +# Scope The System Package Data Exchange (SPDX®) specification defines an open standard for communicating bill of materials (BOM) information for different topic diff --git a/docs/serializations.md b/docs/serializations.md index 5f5d664aea..5d541032cc 100644 --- a/docs/serializations.md +++ b/docs/serializations.md @@ -1,6 +1,6 @@ -# 4 Model and serializations +# Model and serializations -## 4.1 Overview +## Overview This specification defines the data model of the SPDX standard, describing every piece of information about systems with software components. The data @@ -11,7 +11,7 @@ way to represent and exchange information. The data may be serialized in a variety of formats for storage and transmission. -## 4.2 RDF serialization +## RDF serialization Since the data model is based on RDF, any SPDX data can be serialized in any of the multiple RDF serialization formats, including but not limited to: @@ -30,7 +30,7 @@ The SPDX specification is accompanied by a that can be used to serialize SPDX in a much simpler and more human-readable JSON-LD format. -## 4.3 Canonical serialization +## Canonical serialization Canonical serialization is a single, consistent, normalized, deterministic, and reproducible form. @@ -41,7 +41,7 @@ The content of the canonical serialization is exactly the same as the JSON-LD serialization of RDF data (see 4.2), just represented in a consistent way. Canonical serialization is in JSON format, as defined in -[RFC 8259 (IETF STD 90)](https://www.rfc-editor.org/info/rfc8259), +[RFC 8259 (IETF STD 90)](https://datatracker.ietf.org/doc/rfc8259/), with the following additional characteristics: - No line breaks @@ -66,7 +66,7 @@ with the following additional characteristics: value. A single comma separates a value from a following name. The name/value pairs are ordered by name. -## 4.4 Serialization information +## Serialization information A collection of elements may be serialized in multiple formats. @@ -89,3 +89,53 @@ A serialization must not contain more than one SpdxDocument. A given instance of serialization must not define more than one SpdxDocument element. + +## Serialization in JSON-LD + +### JSON-LD context file + +JSON-LD contexts allow JSON documents to use simple, human-readable, locally +defined terms while ensuring data interoperability across different systems. + +The SPDX global JSON-LD context file must be used universally for all SPDX +documents in JSON-LD format that adhere to a specific SPDX version. + +SPDX global JSON-LD context file is available at: +[https://spdx.org/rdf/3.0.1/spdx-context.jsonld](https://spdx.org/rdf/3.0.1/spdx-context.jsonld) + +All SPDX documents in JSON-LD format must include a reference to the SPDX +global context file at the top level. +This reference is achieved using the following JSON construct: + +```json +"@context": "https://spdx.org/rdf/3.0.1/spdx-context.jsonld" +``` + +The SPDX context file defines aliases for specific JSON-LD properties to +improve compatibility with the SPDX model. These aliases are: + +- `spdxId`: An alias for the `@id` property. +- `type`: An alias for the `@type` property. + +Additional namespace mappings may be defined within a separate object within +the context. + +### JSON-LD validation + +An SPDX serialization in JSON-LD format is considered conformant to the SPDX +specification if it adheres to the following two validation criteria: + +- Structural validation: The JSON-LD document must structurally validate + against the SPDX JSON Schema. This schema defines the expected structure of + the JSON-LD document, including the required elements, data types, and + permissible values. +- Semantic validation: The JSON-LD document must successfully validate against + the SPDX OWL ontology. This ontology defines the expected relationships and + constraints between SPDX elements. The SPDX OWL ontology also incorporates + SHACL shape restrictions to further specify these constraints. + +The SPDX JSON Schema is available at: +[https://spdx.org/schema/3.0.1/spdx-json-schema.json](https://spdx.org/schema/3.0.1/spdx-json-schema.json) + +The SPDX OWL ontology is available at: +[https://spdx.org/rdf/3.0.1/spdx-model.ttl](https://spdx.org/rdf/3.0.1/spdx-model.ttl) diff --git a/docs/symbols.md b/docs/symbols.md index beede650c0..30d5f56da4 100644 --- a/docs/symbols.md +++ b/docs/symbols.md @@ -1,41 +1,42 @@ -# 4 Symbols +# Symbols List of symbols/abbreviations. | | | |-|-| -| 3T-SBOM | Tool-to-Tool Software Bill of Material | +| 3T-SBOM | Tool-to-Tool Software Bill of Materials Exchange | | ABNF | Augmented Backus–Naur form | | AI | Artificial Intelligence | | BNF | Backus–Naur form | -| BOM | Bill of Material | -| CISA | Cybersecurity and Information Security Agency | -| CISQ | Center for Information and Security Quality | -| CPE | Common Package Enumeration | -| CVE | Common Vulnerabilies and Exposures | +| BOM | Bill of Materials | +| CISA | Cybersecurity and Infrastructure Security Agency | +| CISQ | Consortium for Information & Software Quality | +| CPE | Common Platform Enumeration | +| CVE | Common Vulnerabilities and Exposures | | CVSS | Common Vulnerability Scoring System | | EPSS | Exploit Prediction Scoring System | | ISO | International Organization for Standardization | -| JSON-LD | JavaScript Object Notation for Linked Data | +| JSON-LD | JavaScript Object Notation for Linking Data | | KEV | Known Exploited Vulnerabilities | | ML | Machine Learning | -| NISTIR | National Institute of Standards and Technology Internal/Interagency Reports | +| NIST | National Institute of Standards and Technology | +| NISTIR | NIST Internal or Interagency Report | | NTIA | National Telecommunications and Information Administration | | OSI | Open Source Initiative | | OWL | Web Ontology Language | | PAS | Publicly Available Specification | | POSIX | Portable Operating System Interface | | PTF | Platform Task Force | -| PURL | Package Uniform Resource Identifier | +| PURL | Package URL | | RDF | Resource Description Framework | -| RFC | Request For Comment | -| SBOM | Software Bill of Material | +| RFC | Request For Comments | +| SBOM | Software Bill of Materials | | SHA | Secure Hash Algorithms | | SHACL | Shapes Constraint Language | | SPDX | System Package Data Exchange (previously Software Package Data Exchange) | -| SSVC | Stakeholder- Specific Vulnerability Categorization | -| SWHID | SoftWare Heritage persistent IDentifiers | +| SSVC | Stakeholder-Specific Vulnerability Categorization | +| SWHID | SoftWare Hash IDentifier | | URI | Uniform Resource Identifier | | URL | Uniform Resource Locator | -| VEX | Vulnerability Exploitable eXchange | +| VEX | Vulnerability Exploitability eXchange | | XML | Extensible Markup Language | diff --git a/docs/terms-and-definitions.md b/docs/terms-and-definitions.md index be426fac8b..a7fa37a338 100644 --- a/docs/terms-and-definitions.md +++ b/docs/terms-and-definitions.md @@ -1,8 +1,16 @@ -# 3 Terms and definitions +# Terms and definitions -To do: Need to fill this in to align to the terms and definitions that apply in this revision of the specification. +ISO and IEC maintain terminological databases for use in standardization +at the following addresses: -ISO and IEC maintain terminological databases for use in standardization at the following addresses: +- ISO Online browsing platform: available at + [https://www.iso.org/obp](https://www.iso.org/obp) +- IEC Electropedia: available at + [http://www.electropedia.org/](http://www.electropedia.org/) -* ISO Online browsing platform: available at [https://www.iso.org/obp](https://www.iso.org/obp) -* IEC Electropedia: available at [http://www.electropedia.org/](http://www.electropedia.org/) +**profile** + +A scope of usage for SPDX targeting support for particular use cases and +scenarios (e.g., software, licensing, security, etc.). +A profile identifies which particular SPDX namespaces, classes, and properties +it leverages, along with any custom constraints unique to its use. diff --git a/etc/redirect-map.csv b/etc/redirect-map.csv new file mode 100644 index 0000000000..59b718c0c0 --- /dev/null +++ b/etc/redirect-map.csv @@ -0,0 +1,39 @@ +introduction,front/introduction +normative-references,references +bibliography,references +annexes/diffs-from-previous-editions,https://github.com/spdx/using/blob/main/docs/diffs-from-previous-editions.md +annexes/getting-started,https://github.com/spdx/using/blob/main/docs/getting-started.md +annexes/RDF-object-model-and-identifier-syntax,annexes/rdf-model +annexes/SPDX-license-expressions,annexes/spdx-license-expressions +annexes/using-SPDX-short-identifiers-in-source-files,https://github.com/spdx/using/blob/main/docs/using-SPDX-short-identifiers-in-source-files.md +annexes/using-SPDX-to-comply-with-industry-guidance,https://github.com/spdx/using/blob/main/docs/using-SPDX-to-comply-with-industry-guidance.md +annexes/including-security-information-in-SPDX,https://github.com/spdx/using/blob/main/docs/including-security-information-in-SPDX.md +annexes/SPDX-Lite,annexes/spdx-lite +licenses/community-spec-1.0,licenses/Community-Spec-1.0 +licenses/cc-by-3.0,licenses/CC-BY-3.0 +model,model/Core/Core +model/AI,model/AI/AI +model/Build,model/Build/Build +model/Core,model/Core/Core +model/Dataset,model/Dataset/Dataset +model/ExpandedLicensing,model/ExpandedLicensing/ExpandedLicensing +model/Extension,model/Extension/Extension +model/Licensing,model/Licensing/Licensing +model/Lite,model/Lite/Lite +model/Security,model/Security/Security +model/SimpleLicensing,model/SimpleLicensing/SimpleLicensing +model/Software,model/Software/Software +model/ai,model/AI/AI +model/build,model/Build/Build +model/core,model/Core/Core +model/dataset,model/Dataset/Dataset +model/expandedlicensing,model/ExpandedLicensing/ExpandedLicensing +model/extension,model/Extension/Extension +model/licensing,model/Licensing/Licensing +model/lite,model/Lite/Lite +model/security,model/Security/Security +model/simplelicensing,model/SimpleLicensing/SimpleLicensing +model/software,model/Software/Software +model/Core/Properties/imports,model/Core/Properties/import +model/Build/Properties/parameters,model/Build/Properties/parameter +model/Software/Properties/contentType,model/Core/Properties/contentType diff --git a/etc/redirect-template.html b/etc/redirect-template.html new file mode 100644 index 0000000000..b388f3f70e --- /dev/null +++ b/etc/redirect-template.html @@ -0,0 +1,18 @@ + + + + + Redirecting + + + + + Redirecting to __UPPER__/__VERSION__/__TO__/... + + diff --git a/examples/jsonld/package_sbom.json b/examples/jsonld/package_sbom.json index 72a3c6d98c..6f0018d3c9 100644 --- a/examples/jsonld/package_sbom.json +++ b/examples/jsonld/package_sbom.json @@ -1,5 +1,5 @@ { - "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@context": "https://spdx.org/rdf/3.0.1/spdx-context.jsonld", "@graph": [ { "type": "CreationInfo", @@ -7,7 +7,7 @@ "createdBy": [ "http://spdx.example.com/Agent/JoshuaWatt" ], - "specVersion": "3.0.0", + "specVersion": "3.0.1", "created": "2024-03-06T00:00:00Z" }, { @@ -30,6 +30,12 @@ "rootElement": [ "http://spdx.example.com/BOM1" ], + "element": [ + "http://spdx.example.com/BOM1", + "http://spdx.example.com/Agent/JoshuaWatt", + "http://spdx.example.com/Package1/myprogram", + "http://spdx.example.com/Relationship/1" + ], "profileConformance": [ "core", "software" @@ -42,6 +48,10 @@ "rootElement": [ "http://spdx.example.com/Package1" ], + "element": [ + "http://spdx.example.com/Package1/myprogram", + "http://spdx.example.com/Package1" + ], "software_sbomType": [ "build" ] @@ -51,7 +61,7 @@ "spdxId": "http://spdx.example.com/Package1", "creationInfo": "_:creationinfo", "name": "my-package", - "software_packageVersion": "1.0", + "software_packageVersion": "1.0.0", "software_downloadLocation": "http://dl.example.com/my-package_1.0.0.tar", "builtTime": "2024-03-06T00:00:00Z", "originatedBy": [ diff --git a/mkdocs.yml b/mkdocs.yml index 6f70e8ea19..bb5c24af8a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,21 +1,23 @@ -site_name: SPDX v3 Specification -site_description: The System Package Data Exchange (SPDX) Specification Version 3.0.1 (DRAFT) -site_author: Linux Foundation and its Contributors -site_url: https://spdx.github.io/spdx-spec/v3.0.1-draft/ -# site_url: https://spdx.github.io/spdx-spec/v3.0.1/ # for the final version +site_name: SPDX Specification 3.0.1 +site_description: The System Package Data Exchange (SPDX) Specification Version 3.0.1 - Open standard for creating Software Bills of Materials (SBOMs) +site_author: The Linux Foundation and its Contributors, including SPDX Model contributions from OMG and its Contributors. +site_url: https://spdx.github.io/spdx-spec/ # set to the "root" of the site, to be combined with canonical_version repo_url: https://github.com/spdx/spdx-spec/ edit_uri: "" # set to an empty string to disable edit links; to enable, set to blob/development/v3.0.1/docs/ -copyright: DRAFT -- v3.0.1 -- DRAFT +copyright: SPDX v3.0.1 Copyright © 2010-2024, The Linux Foundation and its Contributors, including SPDX Model contributions from OMG and its Contributors. use_directory_urls: true -theme: readthedocs +theme: + name: readthedocs + sticky_navigation: true plugins: - search - mike: - canonical_version: latest # tell search engines to prefer the latest version -- pdf-export: - combined: true - media_type: print - enabled_if_env: ENABLE_PDF_EXPORT # only export PDF if this is set to 1 + canonical_version: v3.0.1 # tell search engines to prefer the URL of v3.0.1 + alias_type: redirect # use redirect so it can redirect every pages (not just the root of the version) +# - pdf-export: +# combined: true +# media_type: print +# enabled_if_env: ENABLE_PDF_EXPORT # only export PDF if this is set to 1 extra_css: - css/style.css markdown_extensions: @@ -24,8 +26,8 @@ markdown_extensions: strict: true validation: nav: - omitted_files: info # allow during development where there are moving parts - not_found: info # allow during development where there are moving parts + omitted_files: warn # use "info" to relax during development where there are moving parts + not_found: warn # warn if a file is referenced in the nav but not included in the build absolute_links: warn links: not_found: warn @@ -33,30 +35,23 @@ validation: absolute_links: warn unrecognized_links: warn nav: -- 'Copyright': index.md -- 'Introduction': introduction.md -- 'Scope': scope.md -- 'Normative references': normative-references.md -- 'Terms and definitions': terms-and-definitions.md -- 'Model and serializations': serializations.md -- 'Bibliography': bibliography.md -- model: # [MODEL_PLACEHOLDER], to be replaced by content from mkdocs-files.yml +- 'Home': index.md # index.md, which will be publish as index.html, is needed for a website as a default home +- 'Copyright': front/copyright.md +- 'Introduction': front/introduction.md +- '1. Scope': scope.md +- '2. References': references.md +- '3. Symbols': symbols.md +- '4. Terms and definitions': terms-and-definitions.md +- '5. Conformance': conformance.md +- '6. Model and serializations': serializations.md +- model: # __MODEL_PLACEHOLDER__, to be replaced by content from mkdocs-files.yml. Please do not edit this line. + - "__MODEL_PLACEHOLDER__": "https://example.com" # allows mkdocs.yml to be build/tested without full model list. Please do not edit this line. - annexes: - - 'Diffs from Previous Editions': annexes/diffs-from-previous-editions.md - - 'Getting started with SPDX 3': annexes/getting-started.md - - 'RDF Object Model and Identifier Syntax': annexes/RDF-object-model-and-identifier-syntax.md - - 'SPDX License Expressions': annexes/SPDX-license-expressions.md - - 'SPDX license list matching guidelines': annexes/license-matching-guidelines-and-templates.md - - 'Using SPDX short identifiers in Source Files': annexes/using-SPDX-short-identifiers-in-source-files.md - - 'Using SPDX to comply with norms, standards and regulation': annexes/using-SPDX-to-comply-with-industry-guidance.md - - 'Including Security Information in SPDX': annexes/including-security-information-in-SPDX.md - - 'SPDX Lite': annexes/SPDX-Lite.md - - 'Cross-referencing in SPDX 3': annexes/cross-reference.md - - 'Package URL specification': annexes/pkg-url-specification.md + - 'A. RDF model definition and diagrams': annexes/rdf-model.md + - 'B. SPDX license expressions': annexes/spdx-license-expressions.md + - 'C. SPDX License List matching guidelines': annexes/license-matching-guidelines-and-templates.md + - 'D. SPDX Lite': annexes/spdx-lite.md + - 'E. Package URL specification': annexes/pkg-url-specification.md - licenses: - - 'Creative Commons Attribution License 3.0 Unported': licenses/CC-BY-3.0.md - 'Community Specification License 1.0': licenses/Community-Spec-1.0.md -draft_docs: | # for preview with `mkdocs serve`, but excluded from `mkdocs build` - omg-preface.md - ISO_foreword.md - conformance.md + - 'Creative Commons Attribution License 3.0 Unported': licenses/CC-BY-3.0.md diff --git a/rdf/spdx-context.jsonld b/rdf/spdx-context.jsonld new file mode 100644 index 0000000000..f692cb9960 --- /dev/null +++ b/rdf/spdx-context.jsonld @@ -0,0 +1,816 @@ +{ + "@context": { + "Agent": "https://spdx.org/rdf/3.0.1/terms/Core/Agent", + "Annotation": "https://spdx.org/rdf/3.0.1/terms/Core/Annotation", + "AnnotationType": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", + "Artifact": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", + "Bom": "https://spdx.org/rdf/3.0.1/terms/Core/Bom", + "Bundle": "https://spdx.org/rdf/3.0.1/terms/Core/Bundle", + "CreationInfo": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", + "DictionaryEntry": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", + "Element": "https://spdx.org/rdf/3.0.1/terms/Core/Element", + "ElementCollection": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", + "ExternalIdentifier": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", + "ExternalIdentifierType": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", + "ExternalMap": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", + "ExternalRef": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", + "ExternalRefType": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", + "Hash": "https://spdx.org/rdf/3.0.1/terms/Core/Hash", + "HashAlgorithm": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", + "IndividualElement": "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", + "IntegrityMethod": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", + "LifecycleScopeType": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", + "LifecycleScopedRelationship": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", + "NamespaceMap": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", + "NoAssertionElement": "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", + "NoneElement": "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", + "Organization": "https://spdx.org/rdf/3.0.1/terms/Core/Organization", + "PackageVerificationCode": "https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", + "Person": "https://spdx.org/rdf/3.0.1/terms/Core/Person", + "PositiveIntegerRange": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", + "PresenceType": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", + "ProfileIdentifierType": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", + "Relationship": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship", + "RelationshipCompleteness": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", + "RelationshipType": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", + "SoftwareAgent": "https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", + "SpdxDocument": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", + "SpdxOrganization": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", + "SupportType": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", + "Tool": "https://spdx.org/rdf/3.0.1/terms/Core/Tool", + "ai_AIPackage": "https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", + "ai_EnergyConsumption": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", + "ai_EnergyConsumptionDescription": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", + "ai_EnergyUnitType": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", + "ai_SafetyRiskAssessmentType": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", + "ai_autonomyType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", + "@type": "@vocab" + }, + "ai_domain": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/domain", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_energyConsumption": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", + "@type": "@vocab" + }, + "ai_energyQuantity": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", + "@type": "http://www.w3.org/2001/XMLSchema#decimal" + }, + "ai_energyUnit": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", + "@type": "@vocab" + }, + "ai_finetuningEnergyConsumption": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", + "@type": "@vocab" + }, + "ai_hyperparameter": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", + "@type": "@vocab" + }, + "ai_inferenceEnergyConsumption": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", + "@type": "@vocab" + }, + "ai_informationAboutApplication": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_informationAboutTraining": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_limitation": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/limitation", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_metric": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metric", + "@type": "@vocab" + }, + "ai_metricDecisionThreshold": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", + "@type": "@vocab" + }, + "ai_modelDataPreprocessing": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_modelExplainability": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_safetyRiskAssessment": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment", + "@type": "@vocab" + }, + "ai_standardCompliance": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_trainingEnergyConsumption": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", + "@type": "@vocab" + }, + "ai_typeOfModel": { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "ai_useSensitivePersonalInformation": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", + "@type": "@vocab" + }, + "algorithm": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm", + "@type": "@vocab" + }, + "annotationType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/annotationType", + "@type": "@vocab" + }, + "beginIntegerRange": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", + "@type": "http://www.w3.org/2001/XMLSchema#positiveInteger" + }, + "build_Build": "https://spdx.org/rdf/3.0.1/terms/Build/Build", + "build_buildEndTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "build_buildId": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "build_buildStartTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "build_buildType": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "build_configSourceDigest": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", + "@type": "@vocab" + }, + "build_configSourceEntrypoint": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "build_configSourceUri": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "build_environment": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment", + "@type": "@vocab" + }, + "build_parameter": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter", + "@type": "@vocab" + }, + "builtTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/builtTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "comment": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "completeness": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/completeness", + "@type": "@vocab" + }, + "contentType": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "context": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/context", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "created": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/created", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "createdBy": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", + "@type": "@vocab" + }, + "createdUsing": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", + "@type": "@vocab" + }, + "creationInfo": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", + "@type": "@vocab" + }, + "dataLicense": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", + "@type": "@vocab" + }, + "dataset_ConfidentialityLevelType": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", + "dataset_DatasetAvailabilityType": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", + "dataset_DatasetPackage": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", + "dataset_DatasetType": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", + "dataset_anonymizationMethodUsed": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "dataset_confidentialityLevel": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", + "@type": "@vocab" + }, + "dataset_dataCollectionProcess": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "dataset_dataPreprocessing": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "dataset_datasetAvailability": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", + "@type": "@vocab" + }, + "dataset_datasetNoise": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "dataset_datasetSize": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", + "@type": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" + }, + "dataset_datasetType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", + "@type": "@vocab" + }, + "dataset_datasetUpdateMechanism": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "dataset_hasSensitivePersonalInformation": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", + "@type": "@vocab" + }, + "dataset_intendedUse": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "dataset_knownBias": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "dataset_sensor": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", + "@type": "@vocab" + }, + "definingArtifact": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", + "@type": "@vocab" + }, + "description": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/description", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "element": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element", + "@type": "@vocab" + }, + "endIntegerRange": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", + "@type": "http://www.w3.org/2001/XMLSchema#positiveInteger" + }, + "endTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "expandedlicensing_ConjunctiveLicenseSet": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", + "expandedlicensing_CustomLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", + "expandedlicensing_CustomLicenseAddition": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", + "expandedlicensing_DisjunctiveLicenseSet": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", + "expandedlicensing_ExtendableLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", + "expandedlicensing_IndividualLicensingInfo": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", + "expandedlicensing_License": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", + "expandedlicensing_LicenseAddition": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", + "expandedlicensing_ListedLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", + "expandedlicensing_ListedLicenseException": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", + "expandedlicensing_NoAssertionLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", + "expandedlicensing_NoneLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", + "expandedlicensing_OrLaterOperator": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", + "expandedlicensing_WithAdditionOperator": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", + "expandedlicensing_additionText": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_deprecatedVersion": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_isDeprecatedAdditionId": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", + "@type": "http://www.w3.org/2001/XMLSchema#boolean" + }, + "expandedlicensing_isDeprecatedLicenseId": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", + "@type": "http://www.w3.org/2001/XMLSchema#boolean" + }, + "expandedlicensing_isFsfLibre": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", + "@type": "http://www.w3.org/2001/XMLSchema#boolean" + }, + "expandedlicensing_isOsiApproved": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", + "@type": "http://www.w3.org/2001/XMLSchema#boolean" + }, + "expandedlicensing_licenseXml": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_listVersionAdded": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_member": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", + "@type": "@vocab" + }, + "expandedlicensing_obsoletedBy": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_seeAlso": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "expandedlicensing_standardAdditionTemplate": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_standardLicenseHeader": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_standardLicenseTemplate": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "expandedlicensing_subjectAddition": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", + "@type": "@vocab" + }, + "expandedlicensing_subjectExtendableLicense": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", + "@type": "@vocab" + }, + "expandedlicensing_subjectLicense": { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", + "@type": "@vocab" + }, + "extension": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/extension", + "@type": "@vocab" + }, + "extension_CdxPropertiesExtension": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", + "extension_CdxPropertyEntry": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", + "extension_Extension": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", + "extension_cdxPropName": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "extension_cdxPropValue": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "extension_cdxProperty": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", + "@type": "@vocab" + }, + "externalIdentifier": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", + "@type": "@vocab" + }, + "externalIdentifierType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", + "@type": "@vocab" + }, + "externalRef": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRef", + "@type": "@vocab" + }, + "externalRefType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", + "@type": "@vocab" + }, + "externalSpdxId": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "from": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from", + "@type": "@vocab" + }, + "hashValue": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "identifier": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifier", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "identifierLocator": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "import": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/import", + "@type": "@vocab" + }, + "issuingAuthority": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "key": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/key", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "locationHint": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locationHint", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "locator": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locator", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "name": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/name", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "namespace": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespace", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "namespaceMap": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", + "@type": "@vocab" + }, + "originatedBy": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", + "@type": "@vocab" + }, + "packageVerificationCodeExcludedFile": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "prefix": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/prefix", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "profileConformance": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", + "@type": "@vocab" + }, + "relationshipType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", + "@type": "@vocab" + }, + "releaseTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "rootElement": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement", + "@type": "@vocab" + }, + "scope": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/scope", + "@type": "@vocab" + }, + "security_CvssSeverityType": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", + "security_CvssV2VulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", + "security_CvssV3VulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", + "security_CvssV4VulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", + "security_EpssVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", + "security_ExploitCatalogType": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", + "security_ExploitCatalogVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", + "security_SsvcDecisionType": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", + "security_SsvcVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", + "security_VexAffectedVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", + "security_VexFixedVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", + "security_VexJustificationType": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", + "security_VexNotAffectedVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", + "security_VexUnderInvestigationVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", + "security_VexVulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", + "security_VulnAssessmentRelationship": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", + "security_Vulnerability": "https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", + "security_actionStatement": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "security_actionStatementTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "security_assessedElement": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", + "@type": "@vocab" + }, + "security_catalogType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/catalogType", + "@type": "@vocab" + }, + "security_decisionType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/decisionType", + "@type": "@vocab" + }, + "security_exploited": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/exploited", + "@type": "http://www.w3.org/2001/XMLSchema#boolean" + }, + "security_impactStatement": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "security_impactStatementTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "security_justificationType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/justificationType", + "@type": "@vocab" + }, + "security_locator": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/locator", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "security_modifiedTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "security_percentile": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/percentile", + "@type": "http://www.w3.org/2001/XMLSchema#decimal" + }, + "security_probability": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/probability", + "@type": "http://www.w3.org/2001/XMLSchema#decimal" + }, + "security_publishedTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "security_score": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score", + "@type": "http://www.w3.org/2001/XMLSchema#decimal" + }, + "security_severity": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity", + "@type": "@vocab" + }, + "security_statusNotes": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "security_vectorString": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "security_vexVersion": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "security_withdrawnTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "simplelicensing_AnyLicenseInfo": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", + "simplelicensing_LicenseExpression": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", + "simplelicensing_SimpleLicensingText": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", + "simplelicensing_customIdToUri": { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", + "@type": "@vocab" + }, + "simplelicensing_licenseExpression": { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "simplelicensing_licenseListVersion": { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "simplelicensing_licenseText": { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "software_ContentIdentifier": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", + "software_ContentIdentifierType": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", + "software_File": "https://spdx.org/rdf/3.0.1/terms/Software/File", + "software_FileKindType": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", + "software_Package": "https://spdx.org/rdf/3.0.1/terms/Software/Package", + "software_Sbom": "https://spdx.org/rdf/3.0.1/terms/Software/Sbom", + "software_SbomType": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", + "software_Snippet": "https://spdx.org/rdf/3.0.1/terms/Software/Snippet", + "software_SoftwareArtifact": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", + "software_SoftwarePurpose": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", + "software_additionalPurpose": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", + "@type": "@vocab" + }, + "software_attributionText": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/attributionText", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "software_byteRange": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/byteRange", + "@type": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + }, + "software_contentIdentifier": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", + "@type": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier" + }, + "software_contentIdentifierType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", + "@type": "@vocab" + }, + "software_contentIdentifierValue": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "software_copyrightText": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "software_downloadLocation": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "software_fileKind": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/fileKind", + "@type": "@vocab" + }, + "software_homePage": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/homePage", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "software_lineRange": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/lineRange", + "@type": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + }, + "software_packageUrl": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", + "@type": "http://www.w3.org/2001/XMLSchema#anyURI" + }, + "software_packageVersion": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "software_primaryPurpose": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", + "@type": "@vocab" + }, + "software_sbomType": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sbomType", + "@type": "@vocab" + }, + "software_snippetFromFile": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", + "@type": "@vocab" + }, + "software_sourceInfo": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "spdx": "https://spdx.org/rdf/3.0.1/terms/", + "spdxId": "@id", + "specVersion": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "standardName": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/standardName", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "startTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/startTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "statement": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/statement", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "subject": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject", + "@type": "@vocab" + }, + "summary": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/summary", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "suppliedBy": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", + "@type": "@vocab" + }, + "supportLevel": { + "@context": { + "@vocab": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/" + }, + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", + "@type": "@vocab" + }, + "to": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to", + "@type": "@vocab" + }, + "type": "@type", + "validUntilTime": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + }, + "value": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/value", + "@type": "http://www.w3.org/2001/XMLSchema#string" + }, + "verifiedUsing": { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", + "@type": "@vocab" + } + } +} \ No newline at end of file diff --git a/rdf/spdx-model.hext b/rdf/spdx-model.hext new file mode 100644 index 0000000000..284a032dfe --- /dev/null +++ b/rdf/spdx-model.hext @@ -0,0 +1,3569 @@ +["_:N2a72f2e0c3d44dd5ac4c0633f336d556", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", "globalId", "", ""] +["_:N186b972a57284ae1946b3f7d8e762830", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N66595c518c6248f69bdca82dccebf454", "localId", "", ""] +["_:N8f24e4128c124ec08b9e80f45a43dd1e", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N00d83dee7aa44a7991821a46e83e5164", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", "http://www.w3.org/2000/01/rdf-schema#label", "support", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N0c3b30ca2bdf4cb1839bdc608bc41186", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", "http://www.w3.org/2000/01/rdf-schema#label", "hasExample", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nebecc80c7e4045d1b3ad15ab0c1d04ec", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/severity", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes if any sensitive personal information is present in the dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4278c3d777ea4ebd81cd23af80459c2d", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Agent", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["_:Nb4381a5cee3143a482af28cf9a364f3c", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", "http://www.w3.org/2000/01/rdf-schema#label", "act", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "globalId", "", ""] +["_:Nce9a69dc19af4e1394f03174c67c5857", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc9ddcdf86e874968aa8f5ba821975eb4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/percentile", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/ns/shacl#property", "_:N1647e706f6764e7d9ec4e0aa8979d0c6", "localId", "", ""] +["_:Nf284f365ba5c4e4da40d7d7900d82744", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["_:N4b7945a329d940d7a4167237a4e60e53", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "http://www.w3.org/2000/01/rdf-schema#comment", "A collection of Elements that have a shared context.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nc7b49cc0a08745e08e5ba42ee492184f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ndde9f898797c42b989ef522557debf64", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N4f7ca95fbfad4d20810e92ab09220394", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N95c7a63c89e94f8d9ceb0dd0c34ac9e3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/probability", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", "http://www.w3.org/2000/01/rdf-schema#label", "modifiedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://www.w3.org/2000/01/rdf-schema#label", "System Package Data Exchange (SPDX) Ontology", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a place for the SPDX data creator to record the package URL string\n(in accordance with the Package URL specification) for a software Package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", "http://www.w3.org/2000/01/rdf-schema#comment", "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N91d11db27b28462b8545b78734a27503", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Na8cf54eee3ac40cca0ed6cfdaef6a576", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N2061c93cd5774c61823bf76c952d5242", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N6369a0cffc0445e888c1e30a54a5be5d", "localId", "", ""] +["_:Nbf6c9a626dad41fa8a0422cb3ddab7a3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ndcdb30d7deca45a8bc3e563144933f0e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/byteRange", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", "http://www.w3.org/2000/01/rdf-schema#label", "republishedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "http://www.w3.org/ns/shacl#property", "_:Na96bc2776ef4488595f136d0fbac26a6", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "http://www.w3.org/2000/01/rdf-schema#comment", "A license or addition that is not listed on the SPDX License List.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", "http://www.w3.org/2000/01/rdf-schema#label", "clear", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", "http://www.w3.org/2000/01/rdf-schema#label", "sourceArtifact", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nbc1332652da345c49ad3c948238f404b", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["_:N516b1b46dbb04f1c953906f0388bf8b4", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Ne3e1ac11e78640fab50085207414679f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N510a0fe04f844da5bb96208d9e6a563c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", "http://www.w3.org/2000/01/rdf-schema#label", "delegatedTo", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nae8e63939c7c4cf4aa4ba555362d775c", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/startTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a runtime analysis report for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N89d361d3f1d94de5b28ee82b1d3da3de", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N93d2d1d1dc3e4b7ea516ee004f674bfb", "localId", "", ""] +["_:N163fe4499b2a454a9641b23118bf53ae", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["_:N425d570f86674f7facee623f8d84a311", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nbd45f3e248c84b27b2e1a0da67d47a71", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "globalId", "", ""] +["_:N5ddf9ddcd2bc446f8729bd7a23566faf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0cac787ed3f3421fa6687df4da790a0c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Na1cdda0a73e94e598b769cac4a5a5cb8", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/2000/01/rdf-schema#comment", "A distinct article or unit related to Software.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nebecc80c7e4045d1b3ad15ab0c1d04ec", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N58c62d134f5e41d78440946685ecf0cc", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Na0242fde5c314aa599a3a00cfb01634c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", "globalId", "", ""] +["_:N68e2aefd82ab40c59cc6c2bfeab0adc4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/created", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Ontology", "globalId", "", ""] +["_:N07cb32d0626a45cfbea37a7dd2a8b854", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ne21f363965114243b81ce67f76575de3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Designates elements as products where the impact of a vulnerability is being\ninvestigated.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "http://www.w3.org/2000/01/rdf-schema#comment", "[FALCON](https://falcon-sign.info/falcon.pdf)", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "http://www.w3.org/2000/01/rdf-schema#comment", "[Kyber](https://pq-crystals.org/kyber/)", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N1a0279389d714631b1d12935e9f2b014", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N70cbc4a60eda4e648df0df882fab278d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4b7945a329d940d7a4167237a4e60e53", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N4881d1614aa0403894d16c3ca276d790", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", "globalId", "", ""] +["_:Ne223bb746dc9463bbbe16ca844619e98", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Na1cdda0a73e94e598b769cac4a5a5cb8", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N7368659f06844e79815bdbdeac2b73f3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "globalId", "", ""] +["_:Nf71f6300b14a4726a20ffad899bed919", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N8adbab8e05cf4258a0b7e9eedbd03e5f", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["_:N66595c518c6248f69bdca82dccebf454", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", "globalId", "", ""] +["_:N6ac0694afb0c40c1bb0988b0569f0cb4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", "globalId", "", ""] +["_:N52399fdf517c416ebb2e470463b71b5d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N38aeb59117654398b393a546eaaa5fd9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", "globalId", "", ""] +["_:N4f9424fdcb0643a6b8dbd2c83de164a1", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne21f363965114243b81ce67f76575de3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", "http://www.w3.org/2000/01/rdf-schema#comment", "data is stored in tabular format or retrieved from a relational database.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne3b40c9739164b2eb0ae163374d9c4ac", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the type of a content identifier.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na44640dae5c34e6ab6f3759a75426eb0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nbbe9948554644fd8b49899d278739242", "localId", "", ""] +["_:N954579de61d84bef909737ad4568a536", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Sbom", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Bom", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nc51fb19223644705a84f646344b7e9d3", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", "globalId", "", ""] +["_:N9eda1b52fa264730ab0b383d300e1726", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#property", "_:N73f9586a8a7d4b978afcb9cfe998050b", "localId", "", ""] +["_:N036299b1f2af44eeb966da8a1217ac9e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", "http://www.w3.org/2000/01/rdf-schema#label", "megajoule", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N4278c3d777ea4ebd81cd23af80459c2d", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["_:N78c7513398064da1a55c5df1b3c96444", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "http://www.w3.org/2000/01/rdf-schema#label", "patch", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N264b55b33a4549a6a131d79763879896", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N52399fdf517c416ebb2e470463b71b5d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N40f9e58aac214052a173ad93b4ed57e9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N36b7d391e5cf402199bf454d82f5735c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nfbd5a9c0923c423a84d0bb8fef89f4a3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N63f963c2c8a4467bb803f9af7eaafd3d", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ne68051bb209048da9a57bc5dbaf28bf0", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "http://www.w3.org/2000/01/rdf-schema#label", "yes", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N30d5cdb21c144005b1d74c81aa0e129e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N37829b662873490d9964f7bbbc300fce", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N3c8c7c06f10e44fea576f974877ed15b", "localId", "", ""] +["_:N576b7fbe3ba74572a6eb065c67761847", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the Core profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4e1bd25f594a483ab492b4c24a5748eb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", "http://www.w3.org/2000/01/rdf-schema#label", "expandedLicensing", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/context", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N85ad449141be453592e9e80c2bc379f4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N7368659f06844e79815bdbdeac2b73f3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N2847f93323fd468eab2b926c5715c994", "localId", "", ""] +["_:N89d38dc48bd64f1d894f7f8c5494c264", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", "http://www.w3.org/2000/01/rdf-schema#comment", "The highest level of risk posed by an AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N13396ee366a94de388e2aff47754e81f", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", "globalId", "", ""] +["_:N6bd3d2cfd9cd4f248e354deb40a851ff", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "http://www.w3.org/2000/01/rdf-schema#label", "specification", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ne68051bb209048da9a57bc5dbaf28bf0", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N034bf868068348fb92f2f33976cad5ae", "localId", "", ""] +["_:Na461e12485ec495f9d16f08504499025", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nc4156282a9c34b6190b0869cdc1793db", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N0bf807da343b4645904db560abf69583", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "http://www.w3.org/2000/01/rdf-schema#label", "blake2b384", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the AI profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/hashValue", "http://www.w3.org/2000/01/rdf-schema#comment", "The result of applying a hash algorithm to an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes one a profile which the creator of this ElementCollection intends to\nconform to.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", "http://www.w3.org/2000/01/rdf-schema#comment", "Used to associate a `from` Artifact with each `to` Vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is data.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the issue tracker for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", "globalId", "", ""] +["_:N132cde65c9b14a1694d400388aecf0cc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N23a349d7f4a14351adf4c70293152926", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nf26016059c3e414da185e30155b543f5", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:Ndde9f898797c42b989ef522557debf64", "localId", "", ""] +["_:N4f6d0abf94b14a189b945346f00ba9dc", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", "http://www.w3.org/2000/01/rdf-schema#label", "riskAssessment", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["_:N8e672d95ff7d48e68c1ed7ecf019b269", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N40f9e58aac214052a173ad93b4ed57e9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf81435c80dee4c1db825f1917f62e947", "localId", "", ""] +["_:Nb2f2a5ddadbe4718954d50737f92e201", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na44640dae5c34e6ab6f3759a75426eb0", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a published list of releases for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides information about the creation of the Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/comment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "globalId", "", ""] +["_:N687efc23ea2c4c0b9a09c9ca45dc49b3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", "globalId", "", ""] +["_:N329ecc1447f349cc968623ddffe6a2f7", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N963f7603cd844b03bd4631e0713b1635", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ne93ae5d0cb664d7ab2554eaa72a23f25", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a software library.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", "http://www.w3.org/2000/01/rdf-schema#label", "audio", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nb4381a5cee3143a482af28cf9a364f3c", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", "http://www.w3.org/2000/01/rdf-schema#comment", "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc3c21678fc9a459784f054a6954a9aa8", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "globalId", "", ""] +["_:Na96bc2776ef4488595f136d0fbac26a6", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N8adbab8e05cf4258a0b7e9eedbd03e5f", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N731241b6024d4e109893eb1354404ec5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N897df0f6e23b488988a2d2db8aad5bc4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", "http://www.w3.org/2000/01/rdf-schema#label", "directory", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/element", "http://www.w3.org/2000/01/rdf-schema#comment", "Refers to one or more Elements that are part of an ElementCollection.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", "http://www.w3.org/2000/01/rdf-schema#comment", "A relationship has specific context implications during an element's design.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N58b8de667bb54771976a5e86a8a8139a", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/attributionText", "globalId", "", ""] +["_:Nbd47cac50394462f9015e00ec4b449a6", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", "http://www.w3.org/2000/01/rdf-schema#label", "buildSystem", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N894cee407d8747ec8adc2f05ce722a86", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N00fcf1f501a749fc9cbbdbdf23a7aaa8", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nda71586c3c6541b4a6a907d316dca405", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N34cf4751490f48f9852ff2fa143a6321", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd1b797da281643468add752e036349fd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "http://www.w3.org/2000/01/rdf-schema#label", "filesystemImage", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the version of a VEX statement.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N942417ca6d844df0914d75b099a457f8", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N9c1ccbc2b86f454395a450f736b67eec", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "http://www.w3.org/2000/01/rdf-schema#label", "framework", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N9dbe04a2eaac4271aafe4a7650ec4e15", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N261545ecf40d4f65bf47dc050598e90f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N45b62edbd5f3406dba20232288ec19fd", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Na3925605d49b4db382603ae946c37f51", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/hashValue", "globalId", "", ""] +["_:Ndb06ff981cef4e94bfdbec22badacd4d", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N9bd771ac02cc41519919a01d4deca105", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", "http://www.w3.org/2000/01/rdf-schema#label", "releaseNotes", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N41fda4edc0294fce84cdb5688d8ef9ef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne06f01bddfb24f69a9e1c0ba9694b11d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/vectorString", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/vectorString", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the CVSS vector string for a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3d9237b249544033acbf7d94cac2b424", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:N2b7fa052bf664f2a9e1923831d282602", "http://www.w3.org/ns/shacl#in", "_:Na5ef7f1675b84ce99e4f4ca36d200a91", "localId", "", ""] +["_:N8e672d95ff7d48e68c1ed7ecf019b269", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N74551d5c49b94ece99a5fdec0d58d233", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N034bf868068348fb92f2f33976cad5ae", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/startTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element has been trained on the `to` Element(s).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N62b8677868664944abc9f19745aed957", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", "globalId", "", ""] +["_:Nc3c21678fc9a459784f054a6954a9aa8", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nb850dda843534d3ab3ffbadf70766fef", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/vectorString", "globalId", "", ""] +["_:N4aa1ea2c440f4aecb7a6656a599fbf22", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "http://www.w3.org/2000/01/rdf-schema#label", "sha3_256", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", "http://www.w3.org/2000/01/rdf-schema#comment", "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne11c75cafdb0438299216847b06716cf", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["_:N5a2b8b0073a54a3db4d6092f1c5043ed", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Na2b089e6c69d4697ae4de61d18f020f7", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/ns/shacl#property", "_:N0bf807da343b4645904db560abf69583", "localId", "", ""] +["_:N615be2b8b7174608b24884d12a2039ad", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N37829b662873490d9964f7bbbc300fce", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", "http://www.w3.org/2000/01/rdf-schema#label", "patchedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N894cee407d8747ec8adc2f05ce722a86", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:Ne20cfbefa1424ba79abfc89287f1eef3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N00fcf1f501a749fc9cbbdbdf23a7aaa8", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nb40076de31ba4cc08826656559e10385", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N59f692071bb64860ab9f02cfb4670088", "localId", "", ""] +["_:Nda71586c3c6541b4a6a907d316dca405", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N7a48123f699948b5867af1fec0d7b88e", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:Nc8b9ea4213214eccb17ccccf3790161d", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to metrics related to package such as OpenSSF scorecards.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na8cf54eee3ac40cca0ed6cfdaef6a576", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:Nae7b37ebeef141519b9f1102ae1b30c5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "globalId", "", ""] +["_:N0713bbcf2b1f4e23b912a81e12b5d270", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N542022ab56194a2184bd872572ca204b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", "http://www.w3.org/2000/01/rdf-schema#label", "buildMeta", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:Nce9a69dc19af4e1394f03174c67c5857", "localId", "", ""] +["_:Nf44042158d4d4c85a5bd6a0fcb538498", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nf5531d9c16ff4f589dff19f480634c29", "http://www.w3.org/ns/shacl#pattern", "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N991d42b910e64656b45d7c4ce9e7f5e3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N734a831b529349fb969fd328dc6dcb1c", "localId", "", ""] +["_:N565a78360e28494ea80897aadf944c0c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/context", "http://www.w3.org/2000/01/rdf-schema#comment", "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["_:N5b2278fb3a8e4e239193a033f8b4bf04", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", "http://www.w3.org/2000/01/rdf-schema#label", "publishedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:N4f6d0abf94b14a189b945346f00ba9dc", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", "http://www.w3.org/2000/01/rdf-schema#label", "hasDependencyManifest", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", "http://www.w3.org/2000/01/rdf-schema#comment", "Dataset may be distributed freely, without restriction.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N0781395df11e44a6a3186f0fa8908958", "localId", "", ""] +["_:N5a2b8b0073a54a3db4d6092f1c5043ed", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides information about the primary purpose of an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", "http://www.w3.org/2000/01/rdf-schema#comment", "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["_:N763c69315ee040a88ca27b5205984626", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the unit of energy consumption.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", "http://www.w3.org/2000/01/rdf-schema#label", "sensor", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/subject", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", "http://www.w3.org/2000/01/rdf-schema#comment", "Captures the threshold that was used for computation of a metric described in\nthe metric field.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies whether the License is listed as free by the\nFree Software Foundation (FSF).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N80dc66a1ccec469392596c5291fa2864", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nebecc80c7e4045d1b3ad15ab0c1d04ec", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", "globalId", "", ""] +["_:N9b9dc778bc5c415fad7f82cf4f6047d2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N68767751c5f64fc1afe82f2dcbae6636", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/import", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a risk assessment for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "http://www.w3.org/2000/01/rdf-schema#comment", "A tuple of two positive integers that define a range.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na2b089e6c69d4697ae4de61d18f020f7", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Ne820a8ec67114d53b03a71f5f7be31f5", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N105628f6c8b040edb9db617f35f30bec", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", "http://www.w3.org/2000/01/rdf-schema#comment", "the dataset is publicly available and can be downloaded directly.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "http://www.w3.org/2000/01/rdf-schema#label", "sha224", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:Ne11c75cafdb0438299216847b06716cf", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/from", "http://www.w3.org/2000/01/rdf-schema#comment", "References the Element on the left-hand side of a relationship.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the exploit catalog type.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7c7a260c778e4d4491ba75a0fe083ebe", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nd6f4245b3ebe44e6b100782b191deb97", "http://www.w3.org/ns/shacl#not", "_:Nf58f6bed32c5414ca98526a5d6a7b6dc", "localId", "", ""] +["_:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to funding information related to a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", "http://www.w3.org/2000/01/rdf-schema#label", "securityOther", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "globalId", "", ""] +["_:N9ed65925a89e40e8b7faaa925d739c72", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "http://www.w3.org/ns/shacl#property", "_:Nc51fb19223644705a84f646344b7e9d3", "localId", "", ""] +["_:Na2b089e6c69d4697ae4de61d18f020f7", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N58c62d134f5e41d78440946685ecf0cc", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/vectorString", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N230a41f8c8d549b8844a37595ce56867", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", "http://www.w3.org/2000/01/rdf-schema#label", "securityFix", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N13396ee366a94de388e2aff47754e81f", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Ne3b40c9739164b2eb0ae163374d9c4ac", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:Nda71586c3c6541b4a6a907d316dca405", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N10002d3538094764a9c6d3893234cd04", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N037a9f94d4da4593a56a6804fca57483", "localId", "", ""] +["_:N210fbcf85b384009a2cee68e4a7e6b78", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", "http://www.w3.org/2000/01/rdf-schema#comment", "The relationship is known to be exhaustive.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4f6d0abf94b14a189b945346f00ba9dc", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/buildType", "globalId", "", ""] +["_:N682abb8a6bbc40e9947aa2d9d66eec4d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4571ded3acc34f068931feecaa278a44", "localId", "", ""] +["_:N2056bd91659a4260a6eb99a0cbdd9f14", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/homePage", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/ns/shacl#property", "_:N825f749765e348a0abfef75f63c1588a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/from", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/ns/shacl#property", "_:N53970517ea09401691d51549f8e0fd90", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/extension", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "globalId", "", ""] +["_:Naf01116eff7c4759be95f8f97c257d9c", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nf44042158d4d4c85a5bd6a0fcb538498", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N07868b0098174c478ac47f3fbc946ff0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Hash", "globalId", "", ""] +["_:N53970517ea09401691d51549f8e0fd90", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N1314ef461724483f9bd5c56d939b17c4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4dcad64fd9cf4af2b8d6ea98d6c5450a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/locator", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides the location of an external reference.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "http://www.w3.org/ns/shacl#property", "_:N10f5cc15b506459db381c02764d60e76", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:Nd3d538fe1cb544b5808c51dffd844c81", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies who or what created the Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/ns/shacl#property", "_:Nd11df36dd5014f759eab790e847b9857", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", "http://www.w3.org/2000/01/rdf-schema#label", "hasVariant", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", "http://www.w3.org/2000/01/rdf-schema#label", "deployed", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element depends on each `to` Element, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N510a0fe04f844da5bb96208d9e6a563c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N7c7a260c778e4d4491ba75a0fe083ebe", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N6369a0cffc0445e888c1e30a54a5be5d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes relevant information about different steps of the training process.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3c8c7c06f10e44fea576f974877ed15b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3c163fcab8684aa09c61e78b4cbb9b38", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N77f1a43a35e5447c83116261ae574acc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", "globalId", "", ""] +["_:N329ecc1447f349cc968623ddffe6a2f7", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nae7b37ebeef141519b9f1102ae1b30c5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N682abb8a6bbc40e9947aa2d9d66eec4d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalRef", "http://www.w3.org/2000/01/rdf-schema#comment", "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N0274510beacf46b0b7cd7048ff3cbb4d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N3b50e4323e8b4d388d8d522e18a49070", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N4aa1ea2c440f4aecb7a6656a599fbf22", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/import", "globalId", "", ""] +["_:Nc704d39d408f41caa9805e140ff0016a", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the security adversary model for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", "http://www.w3.org/2000/01/rdf-schema#label", "eolNotice", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N954579de61d84bef909737ad4568a536", "http://www.w3.org/ns/shacl#in", "_:N48b3e9d109d34fdeaa6cbef58c05c171", "localId", "", ""] +["_:Nc4156282a9c34b6190b0869cdc1793db", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:N5ddf9ddcd2bc446f8729bd7a23566faf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", "globalId", "", ""] +["_:Nb40076de31ba4cc08826656559e10385", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", "globalId", "", ""] +["_:N91d11db27b28462b8545b78734a27503", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/catalogType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "http://www.w3.org/2000/01/rdf-schema#label", "sha512", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N8adbab8e05cf4258a0b7e9eedbd03e5f", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", "http://www.w3.org/2000/01/rdf-schema#label", "track", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N79b4dcdd054d4ca8a87fc86377c9366b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N30d1dbbf97fb456eb18d38b76c8004d3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:N7a66c734ced842b4913ff95c5f5cf452", "localId", "", ""] +["_:N5ab248e680454bbcb3ed254de24ac49f", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N4182e8c878544ebb842682b1ece2bd3a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nae7b37ebeef141519b9f1102ae1b30c5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:Na42e3794f624483e818646ed683c5ba2", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", "http://www.w3.org/2000/01/rdf-schema#comment", "An entity that is authorized to issue identification credentials.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", "http://www.w3.org/2000/01/rdf-schema#label", "medium", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N7f095ac56c3e4bccbcd4348b29980439", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", "globalId", "", ""] +["_:Nf142b126cd744b69be8d6c35ee1361e4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "globalId", "", ""] +["_:Ndbf7c5384f2242b98dd62b6a8d6a503f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", "http://www.w3.org/2000/01/rdf-schema#comment", "This individual element was defined by the spec.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N83935261300041758021c5a3fbdae6c0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N7368659f06844e79815bdbdeac2b73f3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", "http://www.w3.org/2000/01/rdf-schema#label", "syntactic", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is an archived collection of one or more files (.tar, .zip, etc.).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", "http://www.w3.org/2000/01/rdf-schema#label", "graph", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Na79e142094fb464da3de3ceb4108e4ff", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N28c7097edd884a9b92697ec6b6729dc9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Software/Package", "globalId", "", ""] +["_:N5b2e4dda703849e4933338ff0970e968", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Naf01116eff7c4759be95f8f97c257d9c", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N68e2aefd82ab40c59cc6c2bfeab0adc4", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N87131d5acc2b478ba16230f714aa0bb0", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N27a8c8f61e944083abcc670fe4586df8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Na3925605d49b4db382603ae946c37f51", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", "http://www.w3.org/2000/01/rdf-schema#label", "software", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a certification report for a package from an accredited/independent body.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/namespace", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["_:Naa7e95f812804669b3e89daed8d27b21", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", "http://www.w3.org/2000/01/rdf-schema#comment", "Used when someone reviews the Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc7f12b88e8f5489dacbbfeb81192696a", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", "http://www.w3.org/2000/01/rdf-schema#comment", "Dataset can be shared within a community of peers and partners.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/probability", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/hashValue", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Ndde9f898797c42b989ef522557debf64", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ncae19f1586924a439b37e75eb5b57ed4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", "globalId", "", ""] +["_:N96120491adc84204822952240ddadf13", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "globalId", "", ""] +["_:N39638ea4b52f4236b7a808cb979d2f4b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "globalId", "", ""] +["_:Na1ce1658c3be4bc0b082944caae9ddea", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N328adb4bb1ec422084a2169890188a03", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N507c6135f8424e8db67fe59ae93eb464", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "globalId", "", ""] +["_:N8692a82c280845c3a6fa37c02ddae229", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/ns/shacl#property", "_:N3c163fcab8684aa09c61e78b4cbb9b38", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/description", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a detailed description of the Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/ns/shacl#property", "_:N07cb32d0626a45cfbea37a7dd2a8b854", "localId", "", ""] +["_:N942417ca6d844df0914d75b099a457f8", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", "http://www.w3.org/2000/01/rdf-schema#comment", "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", "http://www.w3.org/2000/01/rdf-schema#label", "red", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", "http://www.w3.org/2000/01/rdf-schema#label", "swhid", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N8b86dbc23a22407a9380fbd9376d3b83", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", "globalId", "", ""] +["_:N07cb32d0626a45cfbea37a7dd2a8b854", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/contentType", "globalId", "", ""] +["_:N510a0fe04f844da5bb96208d9e6a563c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9dbe04a2eaac4271aafe4a7650ec4e15", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Tool", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:Nef3e82bf7eac41aa8dc101eabd0f1815", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4ac93d52ef544d5cb73aeaeb279b7567", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/parameter", "http://www.w3.org/2000/01/rdf-schema#comment", "Property describing a parameter used in an instance of a build.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nfcc30e48020d4dd2b3493a0cd55ea457", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N27a8c8f61e944083abcc670fe4586df8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:N0b728d22a9674ecc87af12fde5aae61c", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nf507b9bee5ae4254bafe4ce3c72a9f18", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the amount of energy consumed during inference time by an AI model\nthat is being used in the AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "A License participating in a 'with addition' model.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nb6e99584403541df96486fcac6d79017", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", "globalId", "", ""] +["_:Nc15495aea74e4883afce40f042a057d5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N58c3f747313349d396ead702e2de2953", "localId", "", ""] +["_:N14d7232930234cad917631e1993d7ccd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the time an artifact was released.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ndb06ff981cef4e94bfdbec22badacd4d", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N65301d1be04341678842dfc049e2a33c", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:N269b628c85f04f5d8a10fa3c500745a4", "localId", "", ""] +["_:N264b55b33a4549a6a131d79763879896", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0", "localId", "", ""] +["_:Nc82d9b6d9a4a40d6b95e4cd04612ac98", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4ad4011b5f8c44cbb3e76f5da0885cfd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/File", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N516b1b46dbb04f1c953906f0388bf8b4", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "globalId", "", ""] +["_:N722c45f262084ffa9b063b852952397b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N8a37deb026864cdca312209746e2caaa", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", "http://www.w3.org/2000/01/rdf-schema#label", "dependsOn", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to binary artifacts related to a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N0e471571470240e5872be57bfd58fed9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "globalId", "", ""] +["_:Naa7e95f812804669b3e89daed8d27b21", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies an Element contained in a piece of software where a vulnerability was\nfound.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N45481eab750645b4929b7b63c8ca7916", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf94717c65e4f4b86b4df261ecf26650d", "localId", "", ""] +["_:Ne820a8ec67114d53b03a71f5f7be31f5", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/locator", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N5e678b3ba38745b58c0103b8e085d5c8", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a software manifest.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N7f2c8d25f5df4c27b35c70d38090eab3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N1a8882804ac24104946e7afa0b36905a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/algorithm", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the algorithm used for calculating the hash value.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", "http://www.w3.org/2000/01/rdf-schema#label", "endOfSupport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:N85ad449141be453592e9e80c2bc379f4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies from where or whom the Element originally came.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N328adb4bb1ec422084a2169890188a03", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", "http://www.w3.org/ns/shacl#property", "_:Ne81afbff18a74c75ac853da24ab327a0", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", "http://www.w3.org/2000/01/rdf-schema#label", "affects", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", "http://www.w3.org/2000/01/rdf-schema#label", "incomplete", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nabd40767fbd84edea7e048b911a681e4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ncba4137ebcf84a728acd12bde91130e9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an IntegrityMethod with which the integrity of an Element can be\nasserted.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N61b9a25cae674e199ce6572456d8e72f", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N00d83dee7aa44a7991821a46e83e5164", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nc4286224070a4248ad8590c45a7c8bc6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N425d570f86674f7facee623f8d84a311", "localId", "", ""] +["_:Na3d930b22d4f462cb8bcb86adb108e16", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", "globalId", "", ""] +["_:Nd73c69088f734dffb4cc9539c637aecf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "http://www.w3.org/ns/shacl#property", "_:Nadd5d6fa295c47ee82d49e5fde059110", "localId", "", ""] +["_:N6f8ca85700744b0e9f7a8672675d1dca", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", "http://www.w3.org/2000/01/rdf-schema#comment", "Captures the size of the dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Nf507b9bee5ae4254bafe4ce3c72a9f18", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N1aac3c1c2ffb45d79910e133d9ec02f9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N3c34004e669a4f809790739b55299420", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", "http://www.w3.org/2000/01/rdf-schema#label", "hasAssociatedVulnerability", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ne03121e956234709bc0f8f288597ff50", "http://www.w3.org/ns/shacl#in", "_:N261c61aa119e4f4e9ce3c9387fb29c9f", "localId", "", ""] +["_:N40bcef929ef64825a68929a36aefa27c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "http://www.w3.org/2000/01/rdf-schema#label", "falcon", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", "http://www.w3.org/2000/01/rdf-schema#comment", "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nc82d9b6d9a4a40d6b95e4cd04612ac98", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", "globalId", "", ""] +["_:N1256cfafa26e453a9d5f8b08cc5920d7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N90cb783276d74a2881e21a08abf01e2f", "localId", "", ""] +["_:N61b9a25cae674e199ce6572456d8e72f", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/summary", "globalId", "", ""] +["_:N74551d5c49b94ece99a5fdec0d58d233", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:Nc3c21678fc9a459784f054a6954a9aa8", "localId", "", ""] +["_:N00d83dee7aa44a7991821a46e83e5164", "http://www.w3.org/ns/shacl#in", "_:N2456bf573caa4efeab27607dfed5a451", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "http://www.w3.org/2000/01/rdf-schema#comment", "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a software framework.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "globalId", "", ""] +["_:Nda791debefe5491aa84d61433873c630", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["_:N93d2d1d1dc3e4b7ea516ee004f674bfb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc71de92f1cc649fcab4d77d974dac329", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", "http://www.w3.org/2000/01/rdf-schema#comment", "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N916e8c3c85774fcd96b700a20240ca75", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "globalId", "", ""] +["_:Nb2747510507b404f9243bfd7225f629d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc9235a4485e64fff9b1298095061a58e", "localId", "", ""] +["_:N904326509fc04cc4be66ea123ed9fdc4", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nc63741a7112e471ba97ce37e05f2dac1", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", "globalId", "", ""] +["_:N50c6944cf3544d0ab17d40d70d7715c3", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N53970517ea09401691d51549f8e0fd90", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the type of an annotation.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N9b79adf6684a4d328dc28ae0ee98d95d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", "http://www.w3.org/2000/01/rdf-schema#comment", "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N45b62edbd5f3406dba20232288ec19fd", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Nf9bf03371d92462f91a54baa946fd625", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the SimpleLicensing profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", "http://www.w3.org/2000/01/rdf-schema#label", "releaseHistory", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "http://www.w3.org/2000/01/rdf-schema#label", "none", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "globalId", "", ""] +["_:N10f5cc15b506459db381c02764d60e76", "http://www.w3.org/ns/shacl#not", "_:Ne41f054fce23460dba46863153e67567", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ndaeba75fb43b4db7b777e9b00ecd7064", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N8bdb3da6da754d98843024e1dcbe3e43", "http://www.w3.org/ns/shacl#in", "_:Ndc659c8552d54ab684aadbdacdbd7a8d", "localId", "", ""] +["_:Nd05558aa816f416f8c26895bb8d1d9bb", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes the confidentiality level of the data points contained in the dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "http://www.w3.org/2000/01/rdf-schema#label", "requirement", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N97120636b11b4b158892706019486fb5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N89d38dc48bd64f1d894f7f8c5494c264", "localId", "", ""] +["_:N96c753d614db4e7b844bcb3b5f9ff291", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N168bcfc831bd4f85b6a82742eb7ad4f5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ndb31c53559be41e0b28e79b74da0b557", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N425d570f86674f7facee623f8d84a311", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "globalId", "", ""] +["_:N38e1279dca3f4e53be4eb3245a0e4ec2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:N916e8c3c85774fcd96b700a20240ca75", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne976bc717eb6446291a939038610ee2c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/ns/shacl#property", "_:Nbc1332652da345c49ad3c948238f404b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", "http://www.w3.org/2000/01/rdf-schema#comment", "The relative file name of a file to be excluded from the\n`PackageVerificationCode`.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Hash", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "globalId", "", ""] +["_:N894cee407d8747ec8adc2f05ce722a86", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/locationHint", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/description", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/attributionText", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne7cb91f8739a4acdb1e220785f261efb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", "globalId", "", ""] +["_:N77f1a43a35e5447c83116261ae574acc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0", "localId", "", ""] +["_:N94e6bbd4fb004035a4cbdb3e969a1fbb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://www.w3.org/2002/07/owl#versionIRI", "https://spdx.org/rdf/3.0.1/terms/", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/scope", "http://www.w3.org/2000/01/rdf-schema#comment", "Capture the scope of information about a specific relationship between elements.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", "http://www.w3.org/2000/01/rdf-schema#label", "hasRequirement", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", "http://www.w3.org/2000/01/rdf-schema#label", "socialMedia", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N328adb4bb1ec422084a2169890188a03", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N8692a82c280845c3a6fa37c02ddae229", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "globalId", "", ""] +["_:N825f749765e348a0abfef75f63c1588a", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/standardName", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Nc4156282a9c34b6190b0869cdc1793db", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N75f6c4472b7b45349200afcce0dbacef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N58c62d134f5e41d78440946685ecf0cc", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N2b7fa052bf664f2a9e1923831d282602", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/fileKind", "globalId", "", ""] +["_:N250a4372ab014e66ba3eec07accb85dc", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N74551d5c49b94ece99a5fdec0d58d233", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N163fe4499b2a454a9641b23118bf53ae", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "globalId", "", ""] +["_:Ne976bc717eb6446291a939038610ee2c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc5485992ed4e4cbea07fa6d87ee716ac", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", "http://www.w3.org/2000/01/rdf-schema#comment", "Captures a standard that is being complied with.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/rootElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N716ee87802fd4b6f98bfcff38ca5ff8a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4881d1614aa0403894d16c3ca276d790", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", "http://www.w3.org/2000/01/rdf-schema#comment", "The software is not affected because the vulnerable component is not in the product.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N53970517ea09401691d51549f8e0fd90", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N461fe7f9c28b4d81a4fb17726fc9adf6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:Nf5531d9c16ff4f589dff19f480634c29", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N105628f6c8b040edb9db617f35f30bec", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", "http://www.w3.org/2000/01/rdf-schema#comment", "Megajoule.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "globalId", "", ""] +["_:Nb850dda843534d3ab3ffbadf70766fef", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Ne820a8ec67114d53b03a71f5f7be31f5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/attributionText", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the instant messaging system used by the maintainer for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "http://www.w3.org/ns/shacl#property", "_:Nbd47cac50394462f9015e00ec4b449a6", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", "http://www.w3.org/2000/01/rdf-schema#label", "numeric", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N4d92ede494e34e51ba6eca91292dc0dc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", "globalId", "", ""] +["_:N91d11db27b28462b8545b78734a27503", "http://www.w3.org/ns/shacl#in", "_:N1a8882804ac24104946e7afa0b36905a", "localId", "", ""] +["_:Nf81435c80dee4c1db825f1917f62e947", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N507c6135f8424e8db67fe59ae93eb464", "localId", "", ""] +["_:Na3743aad0c334d06a729f81988609c9f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N7f2c8d25f5df4c27b35c70d38090eab3", "localId", "", ""] +["_:N82b5fa65536b400a809bd5f3104f6ec0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ndfe4dc1d7d574b10a92ee8955837ad9d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", "http://www.w3.org/2000/01/rdf-schema#label", "usesTool", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to an alternative download location.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["_:N0b353053b3cd41e89351acf39abb719c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["_:Na449b0b56e3540618b2a2698204edde9", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/severity", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", "http://www.w3.org/2000/01/rdf-schema#label", "nuget", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", "http://www.w3.org/2000/01/rdf-schema#comment", "data is video based, such as a collection of movie clips featuring Tom Hanks.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Nae8e63939c7c4cf4aa4ba555362d775c", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:Nfa72871f5924444491d18910ec431abb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference build system used to create or publish the package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd77657e0b19d459c931f64f48ed7e1a6", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", "globalId", "", ""] +["_:Nd90adf23ae66491daa68ac6dd4501bdf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N243ef6907efb40d38e00f4430d63fc19", "localId", "", ""] +["_:N93d2d1d1dc3e4b7ea516ee004f674bfb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N25b71b41baf8408a91b66336f376a5b6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["_:N30d5cdb21c144005b1d74c81aa0e129e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/decisionType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:Nc37985fef6884679b49d387a2ef08d3f", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N105628f6c8b040edb9db617f35f30bec", "localId", "", ""] +["_:Nd11df36dd5014f759eab790e847b9857", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/from", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/created", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies when the Element was originally created.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N565a78360e28494ea80897aadf944c0c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N3d9237b249544033acbf7d94cac2b424", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ncc35596b6f164968b0bd35143cbc52ea", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0dc54ccc3f8d4afe897d7be97f9f6928", "localId", "", ""] +["_:Nfc3f4dc279d7471b83aa1a9df09f8d3f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", "globalId", "", ""] +["_:N4881d1614aa0403894d16c3ca276d790", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", "http://www.w3.org/2000/01/rdf-schema#comment", "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N64ae0543871444f6b7d2a497fcf55186", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na0242fde5c314aa599a3a00cfb01634c", "localId", "", ""] +["_:Nd90adf23ae66491daa68ac6dd4501bdf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", "http://www.w3.org/2000/01/rdf-schema#comment", "data is a collection of images such as pictures of animals.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "globalId", "", ""] +["_:N5eab3a0a527f4705bdb2f04b7c39e36c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb6e99584403541df96486fcac6d79017", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nb07efffce0ba43a2bcac0e3a90a48609", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb245e59ae52342bea2f1feb05bb80e79", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N34cf4751490f48f9852ff2fa143a6321", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", "globalId", "", ""] +["_:N377b547285074591a904911ef1fc1977", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#positiveInteger", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies until when the artifact can be used before its usage needs to be\nreassessed.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne976bc717eb6446291a939038610ee2c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", "http://www.w3.org/2000/01/rdf-schema#comment", "data consists only of numeric entries.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ncba4137ebcf84a728acd12bde91130e9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Nb916f2dfc1c640bd8e0dac9bb5956172", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element has been copied to each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "http://www.w3.org/2000/01/rdf-schema#label", "operatingSystem", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element contains a set of changes to update, fix, or improve another Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "http://www.w3.org/2000/01/rdf-schema#comment", "When a CVSS score is between 7.0 - 8.9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", "http://www.w3.org/2000/01/rdf-schema#label", "swid", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N91adaf3024344ddcbcbf3f943faaad6b", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", "globalId", "", ""] +["_:Nf6a05248229d4fe292d04534a4c4573d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "globalId", "", ""] +["_:N7a66c734ced842b4913ff95c5f5cf452", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/comment", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:Nad909dcc4fad4339a9eb809fabd6a871", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "http://www.w3.org/2000/01/rdf-schema#comment", "Provide an enumerated set of lifecycle phases that can provide context to relationships.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", "http://www.w3.org/2000/01/rdf-schema#label", "vulnerabilityDisclosureReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N33da303c78e142a2acc0db12f3ee6686", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nedaa28cbd856413e95e7805cf2d255dd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N8bdb3da6da754d98843024e1dcbe3e43", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", "globalId", "", ""] +["_:N8ec4229c1a674693bde766506ca93e87", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N5f694c64068844ca80652791ca7749d9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is an example for the `from` Element (`from` hasExample `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", "http://www.w3.org/2000/01/rdf-schema#comment", "data is audio based, such as a collection of music from the 80s.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", "http://www.w3.org/2000/01/rdf-schema#comment", "The product is not affected because the code underlying the vulnerability is not present in the product.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc8b9ea4213214eccb17ccccf3790161d", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", "globalId", "", ""] +["_:N4f6d0abf94b14a189b945346f00ba9dc", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N2dbc8b0a30da433a94050a3ab1190bb8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "globalId", "", ""] +["_:Nb4381a5cee3143a482af28cf9a364f3c", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nd33af007bad14a4594f7039df1c5df75", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Na267e7b88a344e4fbd0c59a6dc760e65", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", "globalId", "", ""] +["_:N1a0a0b40de254f55a8372bba19b60496", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the release notes for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/context", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N694be39aecbe44d49f3850275de952ec", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N29cadfcf5dfa4e73b1b0f56fa6e4352f", "localId", "", ""] +["_:Nfbb5f5e996be44989d31d47d46540443", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nc7b49cc0a08745e08e5ba42ee492184f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is available from the additional supplier described by each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nf4609fa7f53e4898a47341b507b5e03e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/ns/shacl#property", "_:N91adaf3024344ddcbcbf3f943faaad6b", "localId", "", ""] +["_:Nd2a11bb8a1a14a82994d02e9dd610275", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N4382805b6a5947d38ffcfd8b182bddbf", "localId", "", ""] +["_:N79e0fdc8a753446e8e1931aab90b02ae", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the ExpandedLicensing profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/2000/01/rdf-schema#comment", "An SPDX version 2.X compatible verification method for software packages.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", "http://www.w3.org/2000/01/rdf-schema#label", "fixedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ne778a773be4f408192f2ed37c6143a5d", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N2a72f2e0c3d44dd5ac4c0633f336d556", "localId", "", ""] +["_:N5e678b3ba38745b58c0103b8e085d5c8", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", "globalId", "", ""] +["_:Ncb6c9deb0ba44382a0b957b7ea80228c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", "globalId", "", ""] +["_:N8ad3af20ea5248df91865def0b7a98de", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd0d48abef81b4c44a952c0925a6e30a9", "localId", "", ""] +["_:N1dd7c94072d1478ca91bee2c7af967a8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nda791debefe5491aa84d61433873c630", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "http://www.w3.org/2000/01/rdf-schema#label", "md5", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N8358def5fd2b4668b759d786315e799f", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", "http://www.w3.org/2000/01/rdf-schema#label", "vulnerabilityExploitabilityAssessment", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nddcc9ac569c4442b894f208d7722b4f8", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/locator", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/ns/shacl#property", "_:N65301d1be04341678842dfc049e2a33c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Tool", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/name", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Na00b6f47e860415881f7e8a524a04316", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf6f1751e3ea84341bdeec66f7c44a8ce", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N694e3d4238ff4006b46b450b91f4179a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", "globalId", "", ""] +["_:Ndc4f18efad334d78a498ea9df84fbd02", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N329ecc1447f349cc968623ddffe6a2f7", "localId", "", ""] +["_:N261545ecf40d4f65bf47dc050598e90f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N451bba51c46a4c9d9a2343aef3356453", "localId", "", ""] +["_:Nd1b797da281643468add752e036349fd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "A license that is listed on the SPDX License List.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", "http://www.w3.org/2000/01/rdf-schema#comment", "data is recorded from a physical sensor, such as a thermometer reading or biometric device.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nddcc9ac569c4442b894f208d7722b4f8", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nbb0a3a63cdba4f078c6de6eef7ff6579", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N5eab3a0a527f4705bdb2f04b7c39e36c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N9bd771ac02cc41519919a01d4deca105", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is the evidence that a specification or requirement has been fulfilled.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc63741a7112e471ba97ce37e05f2dac1", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/comment", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N315dc3dd043c41a49ffaaba74d10eeb0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", "http://www.w3.org/2000/01/rdf-schema#label", "securityPolicy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nb916f2dfc1c640bd8e0dac9bb5956172", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", "http://www.w3.org/2000/01/rdf-schema#label", "amber", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N40f9e58aac214052a173ad93b4ed57e9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Person", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N29cadfcf5dfa4e73b1b0f56fa6e4352f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na3d930b22d4f462cb8bcb86adb108e16", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N236307149ca247fcad8df1b0dd41fcfc", "localId", "", ""] +["_:Nce9a69dc19af4e1394f03174c67c5857", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", "globalId", "", ""] +["_:N10f5cc15b506459db381c02764d60e76", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4c8c5257e6c144099de859c3f43b1961", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", "globalId", "", ""] +["_:N963f7603cd844b03bd4631e0713b1635", "http://www.w3.org/ns/shacl#minCount", "2", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Ne20cfbefa1424ba79abfc89287f1eef3", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N07cb32d0626a45cfbea37a7dd2a8b854", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N3b50e4323e8b4d388d8d522e18a49070", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/annotationType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", "http://www.w3.org/2000/01/rdf-schema#comment", "Data points in the dataset are highly confidential and can only be shared with named recipients.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne883dfda4a7445ceb1e70f39ddd03fea", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Na267e7b88a344e4fbd0c59a6dc760e65", "http://www.w3.org/ns/shacl#in", "_:N89d361d3f1d94de5b28ee82b1d3da3de", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["_:N91adaf3024344ddcbcbf3f943faaad6b", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/annotationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N904326509fc04cc4be66ea123ed9fdc4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nca9532c3dd0b421e95d0800b68e3442a", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N79e0fdc8a753446e8e1931aab90b02ae", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:N3ba51db196c04386ae47cb64aab6c95c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#nonNegativeInteger", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", "http://www.w3.org/2000/01/rdf-schema#comment", "Records the biases that the dataset is known to encompass.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Nd8679c5e3311467ca097a4151ac8fa54", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", "http://www.w3.org/2000/01/rdf-schema#label", "timeseries", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc7f12b88e8f5489dacbbfeb81192696a", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "http://www.w3.org/2000/01/rdf-schema#comment", "Indicates the type of support that is associated with an artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:Ned1f0afb78d3460c9478383abf3da36b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", "http://www.w3.org/2000/01/rdf-schema#comment", "A relationship has specific context implications during development phase of an element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", "http://www.w3.org/2000/01/rdf-schema#label", "hasDataFile", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Nf284f365ba5c4e4da40d7d7900d82744", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Na449b0b56e3540618b2a2698204edde9", "http://www.w3.org/ns/shacl#in", "_:Ndc4add4edebe43f4821fb10dd712e481", "localId", "", ""] +["_:Ndc4add4edebe43f4821fb10dd712e481", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies whether an additional text identifier has been marked as deprecated.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N28c7097edd884a9b92697ec6b6729dc9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N02fadd3757064be6a0b797d8675b611e", "localId", "", ""] +["_:Ne81afbff18a74c75ac853da24ab327a0", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nc63741a7112e471ba97ce37e05f2dac1", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", "http://www.w3.org/2000/01/rdf-schema#comment", "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Tool", "http://www.w3.org/2000/01/rdf-schema#comment", "An element of hardware and/or software utilized to carry out a particular function.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N5d195bb929fc404584503e9c9b17a526", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "globalId", "", ""] +["_:Naf01116eff7c4759be95f8f97c257d9c", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N626b5ad29167479dabae9a9177315404", "localId", "", ""] +["_:N3c8c7c06f10e44fea576f974877ed15b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N79b4dcdd054d4ca8a87fc86377c9366b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/File", "http://www.w3.org/ns/shacl#property", "_:N87131d5acc2b478ba16230f714aa0bb0", "localId", "", ""] +["_:Nf3c62ca118b94d17a1ef6b04e407421c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N186b972a57284ae1946b3f7d8e762830", "localId", "", ""] +["_:N9ed65925a89e40e8b7faaa925d739c72", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/exploited", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N722c45f262084ffa9b063b852952397b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf4609fa7f53e4898a47341b507b5e03e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", "http://www.w3.org/2000/01/rdf-schema#label", "development", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N63f963c2c8a4467bb803f9af7eaafd3d", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:Nba03adbea09d477299a596cac9fd8319", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is an operating system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N024478cff6eb4ef48dc45dabdb7b0a35", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:Nff33e8337dc8421d9e74b338e35a75d5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#property", "_:N7c9974a53d5443c5831f3e7dc56073d0", "localId", "", ""] +["_:Nbd47cac50394462f9015e00ec4b449a6", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N8adbab8e05cf4258a0b7e9eedbd03e5f", "http://www.w3.org/ns/shacl#in", "_:N7eb015d497fc4c09bb8530f59c65624d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/prefix", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N348ad67a2abe4f9d929b1e20acc594b5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/environment", "http://www.w3.org/2000/01/rdf-schema#comment", "Property describing the session in which a build is invoked.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N82b5fa65536b400a809bd5f3104f6ec0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "globalId", "", ""] +["_:N3bf9008e5422473bb689602da04ccca1", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nad909dcc4fad4339a9eb809fabd6a871", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/File", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", "http://www.w3.org/2000/01/rdf-schema#label", "altDownloadLocation", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/score", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a numerical (0-10) representation of the severity of a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N6eb9ec15081f404a99935ff4e2aaa14b", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", "globalId", "", ""] +["_:N7676f1bbd99e47659502f87b9936453e", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "http://www.w3.org/2000/01/rdf-schema#comment", "Enumeration of dataset types.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N98018fef19484e2fae944af82b21920e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nc704d39d408f41caa9805e140ff0016a", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["_:N328adb4bb1ec422084a2169890188a03", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/vectorString", "globalId", "", ""] +["_:N1314ef461724483f9bd5c56d939b17c4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` archive expands out as an artifact described by each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7676f1bbd99e47659502f87b9936453e", "http://www.w3.org/ns/shacl#in", "_:N5b2278fb3a8e4e239193a033f8b4bf04", "localId", "", ""] +["_:N9a582f09d0b7426d81ae74b09a5ed252", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N7f095ac56c3e4bccbcd4348b29980439", "localId", "", ""] +["_:Nb3e77cdb9a14442eafb0659c7081c110", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/endTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:Nf26016059c3e414da185e30155b543f5", "localId", "", ""] +["_:Ndb31c53559be41e0b28e79b74da0b557", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "http://www.w3.org/2000/01/rdf-schema#label", "install", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies all the text and metadata associated with a license in the license\nXML format.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N72dd028519c2443b94229cfc4a2639bc", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["_:N5912892962274966938ef83f3f23c015", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N6f8ca85700744b0e9f7a8672675d1dca", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N30d1dbbf97fb456eb18d38b76c8004d3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nece0b4f721a847f98727202b50f4a753", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "http://www.w3.org/2000/01/rdf-schema#comment", "Availability of dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N894cee407d8747ec8adc2f05ce722a86", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["_:Nc9ccffdec66347509395f75c9845128f", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N576b7fbe3ba74572a6eb065c67761847", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/to", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", "http://www.w3.org/2000/01/rdf-schema#label", "fixedIn", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N4ad4011b5f8c44cbb3e76f5da0885cfd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9e3f2c4f96904bddb1aa46c01701b0f6", "localId", "", ""] +["_:N38aeb59117654398b393a546eaaa5fd9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N17c879855daa4fd7b7d7ef9da34e7ea6", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Nce436d556d4e4606ba37d9ad32d22967", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Nfcc30e48020d4dd2b3493a0cd55ea457", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/identifier", "http://www.w3.org/2000/01/rdf-schema#comment", "Uniquely identifies an external element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N024478cff6eb4ef48dc45dabdb7b0a35", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://purl.org/dc/terms/abstract", "This ontology defines the terms and relationships used in the SPDX specification to describe system packages", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd951591fca6c47c2985dd159db6ad52c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "globalId", "", ""] +["_:Na96bc2776ef4488595f136d0fbac26a6", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/namespace", "globalId", "", ""] +["_:N61b9a25cae674e199ce6572456d8e72f", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N694be39aecbe44d49f3850275de952ec", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "globalId", "", ""] +["_:N7b50bf552c054e5baab961ecc882b722", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", "globalId", "", ""] +["_:Nbd013d07f45a42d99931fe619ee4ca95", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N7583808b54c947658126a7846ad7cc76", "localId", "", ""] +["_:Nbbbec88245754e9d9390b9a11f0b67c2", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N54d1f829ecc441b9b7d9248324cbea6b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", "globalId", "", ""] +["_:N8b86dbc23a22407a9380fbd9376d3b83", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4f9424fdcb0643a6b8dbd2c83de164a1", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", "http://www.w3.org/2000/01/rdf-schema#comment", "A concrete subclass of AnyLicenseInfo used by Individuals in the\nExpandedLicensing profile.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", "http://www.w3.org/2000/01/rdf-schema#label", "securityPenTestReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N951ec4cbce414b3bab847840bf18d59f", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", "globalId", "", ""] +["_:Na82fb3a822a04f6180f1ca7808276d8f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc6bdb22311b243119db2aee3b54fabe4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Abstract ancestor class for all vulnerability assessments", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["_:Nfcc30e48020d4dd2b3493a0cd55ea457", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nadd6173eaf8b4550a3ec8c90524cc599", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4d86b5ad122d431bbf443326643a51df", "localId", "", ""] +["_:Nabd40767fbd84edea7e048b911a681e4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/startTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the time from which an element is applicable / valid.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Tool", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N58b8de667bb54771976a5e86a8a8139a", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["_:Nd77e569c4d2d4d2c9bb29ea462bc94cc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N39638ea4b52f4236b7a808cb979d2f4b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N4d2df683a0ea4c39be288b78f9e61ca4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N184c02d9c66a4e9d988d681d20c5ddc6", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bom", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the CVSS base, temporal, threat, or environmental severity type.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3de741ac343042e6ac53564501076e44", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne0ff4ba19d0a41c18c6ccfc733f2193d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/severity", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["_:N4278c3d777ea4ebd81cd23af80459c2d", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["_:N73833299f42a4f78b3a3379f9d2302d7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N38e1279dca3f4e53be4eb3245a0e4ec2", "localId", "", ""] +["_:N30a10bdc909f4c4bb84f02821147b416", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf6a05248229d4fe292d04534a4c4573d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["_:Nb2747510507b404f9243bfd7225f629d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nf81435c80dee4c1db825f1917f62e947", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "globalId", "", ""] +["_:N61753ca6fa484199b143356d20b0476e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N5a2b8b0073a54a3db4d6092f1c5043ed", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/algorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "http://www.w3.org/2000/01/rdf-schema#label", "manifest", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N7b5b4ad7f9a54d91a292ac0738539050", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", "http://www.w3.org/2000/01/rdf-schema#label", "metrics", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "http://www.w3.org/2000/01/rdf-schema#comment", "A mathematical algorithm that maps data of arbitrary size to a bit string.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", "http://www.w3.org/2000/01/rdf-schema#label", "noAssertion", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is documented by each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc2ac7680f26b40408ebfc2b4bb40def7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Hash", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:Nc6bdb22311b243119db2aee3b54fabe4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/lineRange", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", "http://www.w3.org/2000/01/rdf-schema#comment", "Low/no risk is posed by an AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", "http://www.w3.org/2000/01/rdf-schema#label", "hasOptionalDependency", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N963f7603cd844b03bd4631e0713b1635", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", "globalId", "", ""] +["_:N70cf024bfa9e40a08de101b510631f60", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4f925ef656b840928e22aa51252c2976", "localId", "", ""] +["_:Na3b27046864941989a486e5a70e0edb4", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Ndc659c8552d54ab684aadbdacdbd7a8d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf142b126cd744b69be8d6c35ee1361e4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", "http://www.w3.org/2000/01/rdf-schema#comment", "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ncff880d9e9c24887adcf512cbce2a444", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/ns/shacl#property", "_:Na1ce1658c3be4bc0b082944caae9ddea", "localId", "", ""] +["_:N74551d5c49b94ece99a5fdec0d58d233", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", "globalId", "", ""] +["_:N0e4d30a5dd60459dbbb5efc7333deb37", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "globalId", "", ""] +["_:N73e74213eec84d8daaa36a51dab963d6", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", "globalId", "", ""] +["_:Nf3c62ca118b94d17a1ef6b04e407421c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", "globalId", "", ""] +["_:N8692a82c280845c3a6fa37c02ddae229", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N7091d1b764924e4db3551e0b422e61ba", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N1d4668e7f12244a7a9407b898c9b0534", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/value", "http://www.w3.org/2000/01/rdf-schema#comment", "A value used in a generic key-value pair.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/score", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["_:N28c7097edd884a9b92697ec6b6729dc9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", "http://www.w3.org/2000/01/rdf-schema#comment", "A relationship has specific context implications during an element's testing phase, during development.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", "http://www.w3.org/2000/01/rdf-schema#label", "hasDynamicLink", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/2000/01/rdf-schema#comment", "Refers to any unit of content that can be associated with a distribution of\nsoftware.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the tooling that was used during the creation of the Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "http://www.w3.org/2000/01/rdf-schema#comment", "An Individual Value for Element representing a set of Elements of unknown\nidentify or cardinality (number).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildType", "http://www.w3.org/2000/01/rdf-schema#comment", "A buildType is a hint that is used to indicate the toolchain, platform, or\ninfrastructure that the build was invoked on.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N453a2981f56c4d3a943752e7740f87fd", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N6e913b09266e498887238fae6898e289", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N6bd3d2cfd9cd4f248e354deb40a851ff", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N072d6f5c7eee40859e3a93d05034536f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4a3178783c58491bb646a056a8dbb37a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to an alternative web page.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc71de92f1cc649fcab4d77d974dac329", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nfc3f4dc279d7471b83aa1a9df09f8d3f", "localId", "", ""] +["_:N4f7ca95fbfad4d20810e92ab09220394", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", "http://www.w3.org/2000/01/rdf-schema#label", "reportedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ne883dfda4a7445ceb1e70f39ddd03fea", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nbd0d551be201428eb241c70d0e315cfa", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalRef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N79b4dcdd054d4ca8a87fc86377c9366b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N8115c0678af046f9bb8fe56f1541b92b", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "globalId", "", ""] +["_:N2456bf573caa4efeab27607dfed5a451", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb40076de31ba4cc08826656559e10385", "localId", "", ""] +["_:N5912892962274966938ef83f3f23c015", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/Organization", "globalId", "", ""] +["_:Nd3d538fe1cb544b5808c51dffd844c81", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N269b628c85f04f5d8a10fa3c500745a4", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "globalId", "", ""] +["_:N95c7a63c89e94f8d9ceb0dd0c34ac9e3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N348ad67a2abe4f9d929b1e20acc594b5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", "http://www.w3.org/2000/01/rdf-schema#label", "noSupport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nef3e82bf7eac41aa8dc101eabd0f1815", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", "globalId", "", ""] +["_:Nadd5d6fa295c47ee82d49e5fde059110", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N0dc54ccc3f8d4afe897d7be97f9f6928", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N6946aaeee89545da9d91b8527c54139a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", "http://www.w3.org/2000/01/rdf-schema#label", "hasTestCase", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N8eab6125211e4549a03d744617823ad5", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", "http://www.w3.org/2000/01/rdf-schema#label", "hasDeletedFile", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "http://www.w3.org/ns/shacl#property", "_:Na92e8ceda7e548bb9a144c2e9c857639", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N74551d5c49b94ece99a5fdec0d58d233", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd385c846dfa14371a0a3697f7168b4c1", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N91adaf3024344ddcbcbf3f943faaad6b", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N8f24e4128c124ec08b9e80f45a43dd1e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/statement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", "http://www.w3.org/2000/01/rdf-schema#comment", "A software agent.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N951ec4cbce414b3bab847840bf18d59f", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N451bba51c46a4c9d9a2343aef3356453", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "globalId", "", ""] +["_:N4e6142c3e2dd4f3f9e2aed1df9452bc7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N716ee87802fd4b6f98bfcff38ca5ff8a", "localId", "", ""] +["_:Nc37985fef6884679b49d387a2ef08d3f", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Na3b27046864941989a486e5a70e0edb4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/hashValue", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "http://www.w3.org/2000/01/rdf-schema#label", "crystalsKyber", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", "http://www.w3.org/2000/01/rdf-schema#label", "hasOptionalComponent", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc1bb7a1b7d034342906511e27e066abc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf21725c3245f4286b67bd679d3351c59", "localId", "", ""] +["_:Nd05558aa816f416f8c26895bb8d1d9bb", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies a vulnerability and its associated information.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["_:N4382805b6a5947d38ffcfd8b182bddbf", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "http://www.w3.org/2002/07/owl#sameAs", "https://spdx.org/", "globalId", "", ""] +["_:Ne3b40c9739164b2eb0ae163374d9c4ac", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/rootElement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Property describing the start time of a build.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "http://www.w3.org/2000/01/rdf-schema#label", "medium", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N7a66c734ced842b4913ff95c5f5cf452", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nf0752cee7bef48efaa39267516a6b21a", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes the type of the given dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Designates a `from` Vulnerability has been fixed by the `to` Agent(s).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N7091d1b764924e4db3551e0b422e61ba", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nf41c7f62f52f4c10b14344ec13dfe1e5", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nb6e99584403541df96486fcac6d79017", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4538304380bf48b895869aa8dbea3275", "localId", "", ""] +["_:Ne223bb746dc9463bbbe16ca844619e98", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N45481eab750645b4929b7b63c8ca7916", "localId", "", ""] +["_:N06465237afe4406eb4803558f7a57c08", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/builtTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", "http://www.w3.org/2000/01/rdf-schema#label", "noAssertion", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["_:N024478cff6eb4ef48dc45dabdb7b0a35", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", "globalId", "", ""] +["_:Nce9a69dc19af4e1394f03174c67c5857", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N9e3f2c4f96904bddb1aa46c01701b0f6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", "http://www.w3.org/2000/01/rdf-schema#label", "low", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N453a2981f56c4d3a943752e7740f87fd", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", "http://www.w3.org/2000/01/rdf-schema#label", "support", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ne11c75cafdb0438299216847b06716cf", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N2c7697a923534e9988689746f1d03e41", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", "http://www.w3.org/2000/01/rdf-schema#label", "hasDistributionArtifact", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nb28702ad1ccc478ba7b8aa42bc12985d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na3d930b22d4f462cb8bcb86adb108e16", "localId", "", ""] +["_:N4b7945a329d940d7a4167237a4e60e53", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "http://www.w3.org/2000/01/rdf-schema#label", "high", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N2056bd91659a4260a6eb99a0cbdd9f14", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nf94717c65e4f4b86b4df261ecf26650d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N576b7fbe3ba74572a6eb065c67761847", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", "http://www.w3.org/2000/01/rdf-schema#label", "design", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N6eb9ec15081f404a99935ff4e2aaa14b", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Agent", "http://www.w3.org/2000/01/rdf-schema#comment", "Agent represents anything with the potential to act on a system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na42e3794f624483e818646ed683c5ba2", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N734a831b529349fb969fd328dc6dcb1c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/element", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:Ne03121e956234709bc0f8f288597ff50", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N78c7513398064da1a55c5df1b3c96444", "localId", "", ""] +["_:Nf44042158d4d4c85a5bd6a0fcb538498", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/File", "http://www.w3.org/2000/01/rdf-schema#comment", "Refers to any object that stores content on a computer.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/ns/shacl#property", "_:N61753ca6fa484199b143356d20b0476e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:Nc22ee04d695b4582bd604f6206900620", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/algorithm", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", "http://www.w3.org/2000/01/rdf-schema#comment", "A LicenseAddition participating in a 'with addition' model.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", "http://www.w3.org/2000/01/rdf-schema#label", "hasDeclaredLicense", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N187a93895c7b43bea96131212a0ba3f5", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nce6e2333750a40619f2e93e40be35d7e", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specified the time and date when a vulnerability was withdrawn.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:Nc37985fef6884679b49d387a2ef08d3f", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", "http://www.w3.org/2000/01/rdf-schema#label", "hasEvidence", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb81407b76fc94f228f1f5ad011d931a5", "localId", "", ""] +["_:Nf0752cee7bef48efaa39267516a6b21a", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Na1ce1658c3be4bc0b082944caae9ddea", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", "http://www.w3.org/2000/01/rdf-schema#comment", "A relationship has specific context implications during an element's build phase, during development.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N7a66c734ced842b4913ff95c5f5cf452", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nadc18a90b6ca4cc3af0fb2aa7418dda8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc2ac7680f26b40408ebfc2b4bb40def7", "localId", "", ""] +["_:Nd8679c5e3311467ca097a4151ac8fa54", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies an external Element used within an SpdxDocument but defined\nexternal to that SpdxDocument.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["_:N0e4d30a5dd60459dbbb5efc7333deb37", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N10ab85203a394bd3ba6ef86074d64233", "localId", "", ""] +["_:N95b6da49b56e4298924cd2f153f00905", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes what the given dataset should be used for.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nf507b9bee5ae4254bafe4ce3c72a9f18", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N7c9974a53d5443c5831f3e7dc56073d0", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", "http://www.w3.org/2000/01/rdf-schema#label", "trackStar", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", "http://www.w3.org/2000/01/rdf-schema#comment", "Contains a URL where the License or LicenseAddition can be found in use.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ndc4f18efad334d78a498ea9df84fbd02", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the amount of energy consumed when finetuning the AI model that is\nbeing used in the AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", "http://www.w3.org/2000/01/rdf-schema#label", "extension", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", "http://www.w3.org/2000/01/rdf-schema#comment", "Information about the relationship between two Elements.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N61753ca6fa484199b143356d20b0476e", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Tool", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Vulnerability has had an exploit created against it by each `to` Agent.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbd14f0a1267744e89f6930e710689414", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Ndfe4dc1d7d574b10a92ee8955837ad9d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "globalId", "", ""] +["_:Na96bc2776ef4488595f136d0fbac26a6", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", "http://www.w3.org/2000/01/rdf-schema#label", "hasHost", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N4c8c5257e6c144099de859c3f43b1961", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N97120636b11b4b158892706019486fb5", "localId", "", ""] +["_:N45481eab750645b4929b7b63c8ca7916", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", "globalId", "", ""] +["_:N87131d5acc2b478ba16230f714aa0bb0", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "http://www.w3.org/ns/shacl#property", "_:N2056bd91659a4260a6eb99a0cbdd9f14", "localId", "", ""] +["_:N30d5cdb21c144005b1d74c81aa0e129e", "http://www.w3.org/ns/shacl#in", "_:Nbffaba2351c747ef8e380b89888a5f14", "localId", "", ""] +["_:N80dac4ea19f44488ae2dc09ba1429116", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#positiveInteger", "globalId", "", ""] +["_:N2b94274553ab4bc2bbc78307f39b3327", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Naa7e95f812804669b3e89daed8d27b21", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N451bba51c46a4c9d9a2343aef3356453", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N731241b6024d4e109893eb1354404ec5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nbd14f0a1267744e89f6930e710689414", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N25b71b41baf8408a91b66336f376a5b6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N29e8eb1e03be45ae92093e6937585f14", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N954579de61d84bef909737ad4568a536", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", "https://spdx.org/rdf/3.0.1/terms/Core/created", "2024-11-22T03:00:01Z", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "", ""] +["_:N16cb468a2dcd423bb3654b71a6f00062", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", "globalId", "", ""] +["_:Ndb50eefe33ac4feda6cfb13073b5324e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/2000/01/rdf-schema#comment", "Abstract class for the portion of an AnyLicenseInfo representing a license.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N94e6bbd4fb004035a4cbdb3e969a1fbb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ncf68ed04ac534a92808a38217fa55530", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N453a2981f56c4d3a943752e7740f87fd", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", "http://www.w3.org/2000/01/rdf-schema#comment", "A license addition that is not listed on the SPDX Exceptions List.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N072d6f5c7eee40859e3a93d05034536f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "globalId", "", ""] +["_:N02fadd3757064be6a0b797d8675b611e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Ne7cb91f8739a4acdb1e220785f261efb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N38aeb59117654398b393a546eaaa5fd9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/annotationType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "http://www.w3.org/2002/07/owl#sameAs", "https://spdx.org/rdf/3.0.1/terms/Licensing/None", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Software/Package", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "http://www.w3.org/2000/01/rdf-schema#label", "file", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:Nc704d39d408f41caa9805e140ff0016a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["_:N47d32bc3b4e04c9ab083ec76d4f22585", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", "globalId", "", ""] +["_:N6f8ca85700744b0e9f7a8672675d1dca", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/startTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N30a10bdc909f4c4bb84f02821147b416", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/statement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N03140b327b9d4620b37b847528c7140b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4d2df683a0ea4c39be288b78f9e61ca4", "localId", "", ""] +["_:Nd1b797da281643468add752e036349fd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N40bcef929ef64825a68929a36aefa27c", "localId", "", ""] +["_:Nb0ab9a298e9845b1b1b770398def929d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nabd40767fbd84edea7e048b911a681e4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nc704d39d408f41caa9805e140ff0016a", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is configuration data.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbd45f3e248c84b27b2e1a0da67d47a71", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", "http://www.w3.org/2000/01/rdf-schema#comment", "A name used in a CdxPropertyEntry name-value pair.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", "http://www.w3.org/2000/01/rdf-schema#label", "amendedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "An Individual Value for License when no assertion can be made about its actual\nvalue.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N8adbab8e05cf4258a0b7e9eedbd03e5f", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nc7f12b88e8f5489dacbbfeb81192696a", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N80dac4ea19f44488ae2dc09ba1429116", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/ns/shacl#property", "_:N2b94274553ab4bc2bbc78307f39b3327", "localId", "", ""] +["_:N23a349d7f4a14351adf4c70293152926", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N6e913b09266e498887238fae6898e289", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/attributionText", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N0b353053b3cd41e89351acf39abb719c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:Ndcdb30d7deca45a8bc3e563144933f0e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N6be5db9035a14b779b13bfa0a5a51c3e", "localId", "", ""] +["_:Na96bc2776ef4488595f136d0fbac26a6", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes a mechanism to update the dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N8711a8ae5ca942d1bbd795a0144ca9a7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N13f4d81403034faaa93ea1abc3bd3d91", "localId", "", ""] +["_:N32f50a51e84f4a2499a5d17f54bbed6b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N694be39aecbe44d49f3850275de952ec", "localId", "", ""] +["_:Na5a538a0052340c0ba01747cca3d3da8", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to instructions for reporting newly discovered security vulnerabilities for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N8f24e4128c124ec08b9e80f45a43dd1e", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", "http://www.w3.org/2000/01/rdf-schema#label", "productMetadata", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N4466be96ec5a4942b916c3f1fad2d3ee", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N904326509fc04cc4be66ea123ed9fdc4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", "http://www.w3.org/2000/01/rdf-schema#comment", "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N48b3e9d109d34fdeaa6cbef58c05c171", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N220b4463e39147e99e8eeeb9974c5370", "localId", "", ""] +["_:N7d2dbee05b72455c995a675186de5fd1", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/identifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Nf028d12b2d0f4f6cb20747b6b39a8b5b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ncb6c9deb0ba44382a0b957b7ea80228c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", "globalId", "", ""] +["_:Nd6f4245b3ebe44e6b100782b191deb97", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["_:N1358bfc70dc14db6aa3a799228bc2fdd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4091b2fb3d5c417fad7305927740d1d5", "localId", "", ""] +["_:Nbd0d551be201428eb241c70d0e315cfa", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd0cfba2a98544626a8566f29105598e9", "localId", "", ""] +["_:Nc9235a4485e64fff9b1298095061a58e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N05edbc4959e844438800e546abaebaea", "localId", "", ""] +["_:N68e2aefd82ab40c59cc6c2bfeab0adc4", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N0c49370c41124d50ac6081418cb2432d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N511c01e1b6a146c3bf99fe3e88272f2e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N00fcf1f501a749fc9cbbdbdf23a7aaa8", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/description", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "globalId", "", ""] +["_:Nfbd5a9c0923c423a84d0bb8fef89f4a3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/metric", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/ns/shacl#property", "_:N58b8de667bb54771976a5e86a8a8139a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N6f8ca85700744b0e9f7a8672675d1dca", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N3d9237b249544033acbf7d94cac2b424", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "globalId", "", ""] +["_:N64a80dfe5e954cf59753ab8a96e4eff3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", "globalId", "", ""] +["_:Na1cdda0a73e94e598b769cac4a5a5cb8", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "A license that is not listed on the SPDX License List.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N9c1ccbc2b86f454395a450f736b67eec", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0f4d0a9a8e7d46a0b9cf255274bcce6b", "localId", "", ""] +["_:Nbc8ae53aacf942ca88840a6c1d655d6c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the type of an external identifier.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bom", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N243ef6907efb40d38e00f4430d63fc19", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "globalId", "", ""] +["_:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an exploit assessment of a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an EPSS assessment for a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "globalId", "", ""] +["_:Nfa72871f5924444491d18910ec431abb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:Nbdc672a90df4480da8648bd31507d48e", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["_:Nf142b126cd744b69be8d6c35ee1361e4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N5b2e4dda703849e4933338ff0970e968", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N2b94274553ab4bc2bbc78307f39b3327", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to related security information of unspecified type.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N72dd028519c2443b94229cfc4a2639bc", "http://www.w3.org/ns/shacl#not", "_:N0a961d271f304c8cbb2e0a1307a9d8ad", "localId", "", ""] +["_:N89d361d3f1d94de5b28ee82b1d3da3de", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", "globalId", "", ""] +["_:Ndaeba75fb43b4db7b777e9b00ecd7064", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "http://www.w3.org/2000/01/rdf-schema#label", "library", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N4b7945a329d940d7a4167237a4e60e53", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Nc6d18260ddfa478b84c2dc19c2059aa2", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N3c163fcab8684aa09c61e78b4cbb9b38", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nb28702ad1ccc478ba7b8aa42bc12985d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", "http://www.w3.org/2000/01/rdf-schema#label", "availableFrom", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N7d2dbee05b72455c995a675186de5fd1", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nccde3ac271484f91b83ed5fb2e1d70c9", "http://www.w3.org/ns/shacl#in", "_:N0f568f8825144082a14a0e000b8ff13f", "localId", "", ""] +["_:N619e2a32fb994ed69f916340e12ed7f3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N315dc3dd043c41a49ffaaba74d10eeb0", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nddcc9ac569c4442b894f208d7722b4f8", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:Ndaeba75fb43b4db7b777e9b00ecd7064", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:Nc22ee04d695b4582bd604f6206900620", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["_:N4a56b875349e44729e9aca40972c86cd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "globalId", "", ""] +["_:N4538304380bf48b895869aa8dbea3275", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", "http://www.w3.org/2000/01/rdf-schema#label", "text", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "http://www.w3.org/2000/01/rdf-schema#label", "sha384", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ne4baf3becb8740a79f8bceb49f40679f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd91122440e7149a28656eb9394e082b2", "localId", "", ""] +["_:N6bd3d2cfd9cd4f248e354deb40a851ff", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N618f8c59ed9345ca8692a68f777a0fb0", "localId", "", ""] +["_:N6ac0694afb0c40c1bb0988b0569f0cb4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:Na449b0b56e3540618b2a2698204edde9", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Na1cdda0a73e94e598b769cac4a5a5cb8", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", "http://www.w3.org/2000/01/rdf-schema#label", "altWebPage", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "Used when the type does not match any of the other options.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["_:Nc8b9ea4213214eccb17ccccf3790161d", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N132cde65c9b14a1694d400388aecf0cc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "http://www.w3.org/2000/01/rdf-schema#comment", "A license exception that is listed on the SPDX Exceptions list.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", "http://www.w3.org/2000/01/rdf-schema#label", "copiedTo", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N9bd771ac02cc41519919a01d4deca105", "http://www.w3.org/ns/shacl#in", "_:N96c753d614db4e7b844bcb3b5f9ff291", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", "http://www.w3.org/2000/01/rdf-schema#label", "runtime", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "3.0.1", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N763c69315ee040a88ca27b5205984626", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "http://www.w3.org/2000/01/rdf-schema#label", "sha1", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/File", "http://www.w3.org/ns/shacl#property", "_:N2b7fa052bf664f2a9e1923831d282602", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N236307149ca247fcad8df1b0dd41fcfc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", "globalId", "", ""] +["_:N269b628c85f04f5d8a10fa3c500745a4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", "globalId", "", ""] +["_:N4538304380bf48b895869aa8dbea3275", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne223bb746dc9463bbbe16ca844619e98", "localId", "", ""] +["_:N163b018b3d984833a5523252ed920c58", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", "globalId", "", ""] +["_:N511c01e1b6a146c3bf99fe3e88272f2e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd0ec388aab40469ab0a4297c30e0c906", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies an AI package and its associated information.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N1256cfafa26e453a9d5f8b08cc5920d7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4182e8c878544ebb842682b1ece2bd3a", "localId", "", ""] +["_:N9b79adf6684a4d328dc28ae0ee98d95d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N5eab3a0a527f4705bdb2f04b7c39e36c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", "http://www.w3.org/2000/01/rdf-schema#comment", "A concrete subclass of Element used by Individuals in the\nCore profile.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/ns/shacl#property", "_:N0b728d22a9674ecc87af12fde5aae61c", "localId", "", ""] +["_:N2f8145031850475ba01bc466221debed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "globalId", "", ""] +["_:Nf9bf03371d92462f91a54baa946fd625", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N7b50bf552c054e5baab961ecc882b722", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf593d6da70614e2581430bd37d9cd4ef", "localId", "", ""] +["_:N4278c3d777ea4ebd81cd23af80459c2d", "http://www.w3.org/ns/shacl#in", "_:N82b5fa65536b400a809bd5f3104f6ec0", "localId", "", ""] +["_:N4e4b35788e1b4064b856bcd8d2cc6670", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", "http://www.w3.org/2000/01/rdf-schema#label", "kev", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/ns/shacl#property", "_:Nd2a11bb8a1a14a82994d02e9dd610275", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Sbom", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N0753f471dae945e885cde15702c705bb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N619e2a32fb994ed69f916340e12ed7f3", "localId", "", ""] +["_:N2b7fa052bf664f2a9e1923831d282602", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a module of a piece of software.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", "http://www.w3.org/2000/01/rdf-schema#label", "cpe23", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Na92e8ceda7e548bb9a144c2e9c857639", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N9dbe04a2eaac4271aafe4a7650ec4e15", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ncb6c9deb0ba44382a0b957b7ea80228c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne7cb91f8739a4acdb1e220785f261efb", "localId", "", ""] +["_:N96c753d614db4e7b844bcb3b5f9ff291", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", "http://www.w3.org/2000/01/rdf-schema#label", "mavenCentral", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "http://www.w3.org/2000/01/rdf-schema#label", "md6", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "http://www.w3.org/2000/01/rdf-schema#label", "blake2b512", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N8b5253826157456ba3297cf9f4f8db15", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", "globalId", "", ""] +["_:N516b1b46dbb04f1c953906f0388bf8b4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "http://www.w3.org/2000/01/rdf-schema#label", "critical", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N83935261300041758021c5a3fbdae6c0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "globalId", "", ""] +["_:Ne20cfbefa1424ba79abfc89287f1eef3", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/metric", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N3ba51db196c04386ae47cb64aab6c95c", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["_:N1d4668e7f12244a7a9407b898c9b0534", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Naa7e95f812804669b3e89daed8d27b21", "localId", "", ""] +["_:Nc3c21678fc9a459784f054a6954a9aa8", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N5011f0cdb4544a70b796520ecd436a25", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N4f925ef656b840928e22aa51252c2976", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Nce6e2333750a40619f2e93e40be35d7e", "localId", "", ""] +["_:N91d11db27b28462b8545b78734a27503", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", "globalId", "", ""] +["_:N626b5ad29167479dabae9a9177315404", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N96120491adc84204822952240ddadf13", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb0ab9a298e9845b1b1b770398def929d", "localId", "", ""] +["_:Nb3e77cdb9a14442eafb0659c7081c110", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", "http://www.w3.org/2000/01/rdf-schema#label", "generates", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", "http://www.w3.org/2000/01/rdf-schema#label", "secureSoftwareAttestation", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", "http://www.w3.org/2000/01/rdf-schema#comment", "the artifact is in active development and is not considered ready for formal support from the supplier.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc5485992ed4e4cbea07fa6d87ee716ac", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc85a3a5deac54465a32d993ba5434b00", "localId", "", ""] +["_:Nf6a05248229d4fe292d04534a4c4573d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N83935261300041758021c5a3fbdae6c0", "localId", "", ""] +["_:N737b3d5b3c8f4cb7b5fb665b52f1dd96", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ne820a8ec67114d53b03a71f5f7be31f5", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N80dc66a1ccec469392596c5291fa2864", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["_:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N461fe7f9c28b4d81a4fb17726fc9adf6", "localId", "", ""] +["_:N763c69315ee040a88ca27b5205984626", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/prefix", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/ns/shacl#property", "_:Nf7fd042770064703a84cd9039273e4f7", "localId", "", ""] +["_:Ne03121e956234709bc0f8f288597ff50", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", "globalId", "", ""] +["_:N3b695bebf32746039b555b8460ffe552", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", "http://www.w3.org/2000/01/rdf-schema#label", "doesNotAffect", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nbffaba2351c747ef8e380b89888a5f14", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N288949a61054447689377b531414e0b7", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/exploited", "http://www.w3.org/2000/01/rdf-schema#comment", "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N2b94274553ab4bc2bbc78307f39b3327", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/key", "http://www.w3.org/2000/01/rdf-schema#comment", "A key used in a generic key-value pair.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nad909dcc4fad4339a9eb809fabd6a871", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/limitation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nccde3ac271484f91b83ed5fb2e1d70c9", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N4e4b35788e1b4064b856bcd8d2cc6670", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:Ndb31c53559be41e0b28e79b74da0b557", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/ns/shacl#property", "_:N942417ca6d844df0914d75b099a457f8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the level of support associated with an artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "http://www.w3.org/2000/01/rdf-schema#comment", "A mapping between prefixes and namespace partial URIs.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na42e3794f624483e818646ed683c5ba2", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Nf9bf03371d92462f91a54baa946fd625", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/lineRange", "globalId", "", ""] +["_:Nc6d18260ddfa478b84c2dc19c2059aa2", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N377b547285074591a904911ef1fc1977", "localId", "", ""] +["_:N78c7513398064da1a55c5df1b3c96444", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "http://www.w3.org/2000/01/rdf-schema#comment", "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N0b728d22a9674ecc87af12fde5aae61c", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", "globalId", "", ""] +["_:N73e74213eec84d8daaa36a51dab963d6", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N75f6c4472b7b45349200afcce0dbacef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N91fee785616543dd9952683d70d387bf", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the VEX justification type.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N06465237afe4406eb4803558f7a57c08", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/prefix", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N4ac93d52ef544d5cb73aeaeb279b7567", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", "globalId", "", ""] +["_:N00fcf1f501a749fc9cbbdbdf23a7aaa8", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Ndbf7c5384f2242b98dd62b6a8d6a503f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "globalId", "", ""] +["_:Nf71f6300b14a4726a20ffad899bed919", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nc9ddcdf86e874968aa8f5ba821975eb4", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N105628f6c8b040edb9db617f35f30bec", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", "http://www.w3.org/2000/01/rdf-schema#comment", "Records a hyperparameter used to build the AI model contained in the AI\npackage.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "globalId", "", ""] +["_:Nfbb5f5e996be44989d31d47d46540443", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N163fe4499b2a454a9641b23118bf53ae", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N5011f0cdb4544a70b796520ecd436a25", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N0bf807da343b4645904db560abf69583", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["_:Nadd5d6fa295c47ee82d49e5fde059110", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", "globalId", "", ""] +["_:Ne778a773be4f408192f2ed37c6143a5d", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "http://www.w3.org/ns/shacl#property", "_:Na1cdda0a73e94e598b769cac4a5a5cb8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a single or a collection of source files.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:Nc63741a7112e471ba97ce37e05f2dac1", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a resource outside the scope of SPDX-3.0 content related to an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "http://www.w3.org/2000/01/rdf-schema#label", "source", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", "http://www.w3.org/2000/01/rdf-schema#label", "complete", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nf71f6300b14a4726a20ffad899bed919", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", "https://spdx.org/rdf/3.0.1/terms/Core/created", "2024-11-22T03:00:01Z", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "", ""] +["_:Nb916f2dfc1c640bd8e0dac9bb5956172", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/justificationType", "globalId", "", ""] +["_:Nbc1332652da345c49ad3c948238f404b", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Person", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["_:Nce9a69dc19af4e1394f03174c67c5857", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N64a80dfe5e954cf59753ab8a96e4eff3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["_:Nfe1814d375d7456e843deb8cde1cf341", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", "http://www.w3.org/2000/01/rdf-schema#comment", "This individual element was defined by the spec.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbbe9948554644fd8b49899d278739242", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "http://www.w3.org/2000/01/rdf-schema#comment", "A class for describing the energy consumption incurred by an AI model in\ndifferent stages of its lifecycle.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N8adbab8e05cf4258a0b7e9eedbd03e5f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes a relationship between one or more elements.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N73f9586a8a7d4b978afcb9cfe998050b", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["_:N897df0f6e23b488988a2d2db8aad5bc4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nfa72871f5924444491d18910ec431abb", "localId", "", ""] +["_:N7b5b4ad7f9a54d91a292ac0738539050", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb28702ad1ccc478ba7b8aa42bc12985d", "localId", "", ""] +["_:N70cf024bfa9e40a08de101b510631f60", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "http://www.w3.org/2000/01/rdf-schema#label", "md4", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc9ddcdf86e874968aa8f5ba821975eb4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Na267e7b88a344e4fbd0c59a6dc760e65", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "globalId", "", ""] +["_:N66b43817d95d4468bf805207af159230", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", "http://www.w3.org/2000/01/rdf-schema#comment", "Records the type of the model used in the AI software.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N90cb783276d74a2881e21a08abf01e2f", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/standardName", "http://www.w3.org/2000/01/rdf-schema#comment", "The name of a relevant standard that may apply to an artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na92e8ceda7e548bb9a144c2e9c857639", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N288949a61054447689377b531414e0b7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:Nca9532c3dd0b421e95d0800b68e3442a", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "Other exploit catalogs", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbd47cac50394462f9015e00ec4b449a6", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/key", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", "http://www.w3.org/2000/01/rdf-schema#label", "securityAdvisory", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N675847984777421d9fb9b171cdf0bb53", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/externalRef", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a purchase order for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", "http://www.w3.org/2000/01/rdf-schema#label", "securityAdversaryModel", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/2000/01/rdf-schema#comment", "Class that describes a build instance of software/artifacts.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N261c61aa119e4f4e9ce3c9387fb29c9f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb9165bd1d4e8406eb56e237a892cfba4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N80dc66a1ccec469392596c5291fa2864", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", "globalId", "", ""] +["_:Nc6d18260ddfa478b84c2dc19c2059aa2", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "http://www.w3.org/2000/01/rdf-schema#comment", "When a CVSS score is between 0.1 - 3.9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N5d195bb929fc404584503e9c9b17a526", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "http://www.w3.org/2000/01/rdf-schema#label", "sha3_384", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N5912892962274966938ef83f3f23c015", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "http://www.w3.org/2000/01/rdf-schema#comment", "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N5e678b3ba38745b58c0103b8e085d5c8", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#positiveInteger", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/ns/shacl#property", "_:Nc22ee04d695b4582bd604f6206900620", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "http://www.w3.org/2000/01/rdf-schema#comment", "Makes no assertion about the field.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N59f692071bb64860ab9f02cfb4670088", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N27a8c8f61e944083abcc670fe4586df8", "localId", "", ""] +["_:N05edbc4959e844438800e546abaebaea", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "globalId", "", ""] +["_:Nff8e6ed55f604249b913b2bbc6d8411d", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", "http://www.w3.org/2000/01/rdf-schema#comment", "The field describes the availability of a dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nfbb5f5e996be44989d31d47d46540443", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildId", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "http://www.w3.org/2000/01/rdf-schema#comment", "A key with an associated value.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is used to install software on disk.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7c7a260c778e4d4491ba75a0fe083ebe", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N73f9586a8a7d4b978afcb9cfe998050b", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/catalogType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Property that describes the time at which a build stops.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N58c62d134f5e41d78440946685ecf0cc", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/summary", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N88e97455b377466daa24bff58cde8f0d", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", "http://www.w3.org/2000/01/rdf-schema#label", "attend", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["_:Nfc8b91023a9e4e08ae989e08b6c0b9ec", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf7e1508801cf4398b830fad84fe53388", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nae8e63939c7c4cf4aa4ba555362d775c", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Ndfe4dc1d7d574b10a92ee8955837ad9d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0e31c4b45c4b442e9f1d32ab917a76ae", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N168bcfc831bd4f85b6a82742eb7ad4f5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", "globalId", "", ""] +["_:Nad909dcc4fad4339a9eb809fabd6a871", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "globalId", "", ""] +["_:Na92e8ceda7e548bb9a144c2e9c857639", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N45b62edbd5f3406dba20232288ec19fd", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", "http://www.w3.org/2000/01/rdf-schema#comment", "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["_:Nc9ddcdf86e874968aa8f5ba821975eb4", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", "http://www.w3.org/2000/01/rdf-schema#label", "directDownload", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nfe1814d375d7456e843deb8cde1cf341", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:N5e678b3ba38745b58c0103b8e085d5c8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", "http://www.w3.org/2000/01/rdf-schema#label", "ai", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", "http://www.w3.org/2000/01/rdf-schema#label", "build", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a version control system related to a software artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "http://www.w3.org/2000/01/rdf-schema#comment", "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N5b2278fb3a8e4e239193a033f8b4bf04", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf3c62ca118b94d17a1ef6b04e407421c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", "http://www.w3.org/2000/01/rdf-schema#comment", "A string in the license expression format.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Naf01116eff7c4759be95f8f97c257d9c", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N2b94274553ab4bc2bbc78307f39b3327", "http://www.w3.org/ns/shacl#in", "_:Nadd6173eaf8b4550a3ec8c90524cc599", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies who or what supplied the artifact or VulnAssessmentRelationship\nreferenced by the Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N79e0fdc8a753446e8e1931aab90b02ae", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", "globalId", "", ""] +["_:N9e3f2c4f96904bddb1aa46c01701b0f6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8ad3af20ea5248df91865def0b7a98de", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/ns/shacl#property", "_:Na3925605d49b4db382603ae946c37f51", "localId", "", ""] +["_:N7c9974a53d5443c5831f3e7dc56073d0", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N0f4d0a9a8e7d46a0b9cf255274bcce6b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N70cf024bfa9e40a08de101b510631f60", "localId", "", ""] +["_:Nf10e65ca64f84003827c23ef339743e5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:Nbbe9948554644fd8b49899d278739242", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N7b50bf552c054e5baab961ecc882b722", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the type of the content identifier.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "globalId", "", ""] +["_:Ne81afbff18a74c75ac853da24ab327a0", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Timestamp of impact statement.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4dda90621fe746a2972ace6f1e26f9c9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na00b6f47e860415881f7e8a524a04316", "localId", "", ""] +["_:N91fee785616543dd9952683d70d387bf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N94e6bbd4fb004035a4cbdb3e969a1fbb", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N47d32bc3b4e04c9ab083ec76d4f22585", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "globalId", "", ""] +["_:N58c3f747313349d396ead702e2de2953", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", "globalId", "", ""] +["_:N0cac787ed3f3421fa6687df4da790a0c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N44928392b4d8458f847c7fd69533d2ee", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne68051bb209048da9a57bc5dbaf28bf0", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", "http://www.w3.org/2000/01/rdf-schema#comment", "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbac401e4be1249dd86dd149952baf59b", "http://www.w3.org/ns/shacl#not", "_:N5bda6a3731444310990a06326743f6aa", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Organization", "http://www.w3.org/2000/01/rdf-schema#comment", "A group of people who work together in an organized way for a shared purpose.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N0d2bee57931544d786ff3bc0afb223b0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8f1dd8dbe42e46fb934adf94515048b1", "localId", "", ""] +["_:Nc22ee04d695b4582bd604f6206900620", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", "globalId", "", ""] +["_:Nd385c846dfa14371a0a3697f7168b4c1", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", "globalId", "", ""] +["_:N8a37deb026864cdca312209746e2caaa", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf3dfbb7f98e84c61b58f5b17e3ae9f19", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "http://www.w3.org/2000/01/rdf-schema#comment", "Abstract class representing a license combination consisting of one or more licenses.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne820a8ec67114d53b03a71f5f7be31f5", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", "http://www.w3.org/2000/01/rdf-schema#comment", "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na82fb3a822a04f6180f1ca7808276d8f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N13acbf7806c648f19f147c9073a04385", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/metric", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", "http://www.w3.org/2000/01/rdf-schema#label", "noAssertion", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N0d09683a42354debacdd0b0625119609", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N8f1dd8dbe42e46fb934adf94515048b1", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N991d42b910e64656b45d7c4ce9e7f5e3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", "globalId", "", ""] +["_:Nae8e63939c7c4cf4aa4ba555362d775c", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N0f4d0a9a8e7d46a0b9cf255274bcce6b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N5ab248e680454bbcb3ed254de24ac49f", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/ns/shacl#property", "_:Nbd14f0a1267744e89f6930e710689414", "localId", "", ""] +["_:Na267e7b88a344e4fbd0c59a6dc760e65", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nbb0a3a63cdba4f078c6de6eef7ff6579", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/builtTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", "http://www.w3.org/2000/01/rdf-schema#label", "file", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nb81407b76fc94f228f1f5ad011d931a5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc82d9b6d9a4a40d6b95e4cd04612ac98", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", "http://www.w3.org/2000/01/rdf-schema#comment", "A value used in a CdxPropertyEntry name-value pair.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/decisionType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N1a0a0b40de254f55a8372bba19b60496", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:N61b9a25cae674e199ce6572456d8e72f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "http://www.w3.org/ns/shacl#property", "_:N63f963c2c8a4467bb803f9af7eaafd3d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/ns/shacl#property", "_:Nddcc9ac569c4442b894f208d7722b4f8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", "http://www.w3.org/2000/01/rdf-schema#label", "qualityAssessmentReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/key", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N4382805b6a5947d38ffcfd8b182bddbf", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/score", "globalId", "", ""] +["_:Nf7fd042770064703a84cd9039273e4f7", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "globalId", "", ""] +["_:Nac0a6f045e7e4efd9dbaf01201286a14", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N2c7697a923534e9988689746f1d03e41", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", "http://www.w3.org/2000/01/rdf-schema#label", "gitoid", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/ns/shacl#property", "_:Nf5531d9c16ff4f589dff19f480634c29", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "globalId", "", ""] +["_:N2b7fa052bf664f2a9e1923831d282602", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes the preprocessing steps that were applied to the raw data to create the given dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N9bd771ac02cc41519919a01d4deca105", "localId", "", ""] +["_:N4f6d0abf94b14a189b945346f00ba9dc", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/created", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N72a328f4b7e14cb194d99b35236c3430", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", "http://www.w3.org/2000/01/rdf-schema#comment", "data that is classified into a discrete number of categories, such as the eye color of a population of people.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "http://www.w3.org/ns/shacl#property", "_:N3b695bebf32746039b555b8460ffe552", "localId", "", ""] +["_:N6f8ca85700744b0e9f7a8672675d1dca", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", "globalId", "", ""] +["_:N17c879855daa4fd7b7d7ef9da34e7ea6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", "globalId", "", ""] +["_:Nd91122440e7149a28656eb9394e082b2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", "http://www.w3.org/2000/01/rdf-schema#label", "development", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N1647e706f6764e7d9ec4e0aa8979d0c6", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/extension", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies an Extension characterization of some aspect of an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N53970517ea09401691d51549f8e0fd90", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/completeness", "globalId", "", ""] +["_:Nc15495aea74e4883afce40f042a057d5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", "http://www.w3.org/2000/01/rdf-schema#comment", "A license expression participating in a license set.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "globalId", "", ""] +["_:N89d641eef49d4a5f9ef42bfe5c4221bd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to additional license information related to an artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N8bdb3da6da754d98843024e1dcbe3e43", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["_:Nf6541e98d99947d9a7ccb49088b43ea0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["_:N230a41f8c8d549b8844a37595ce56867", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the mailing list used by the maintainer for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", "http://www.w3.org/2000/01/rdf-schema#comment", "Defines the beginning of a range.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N618f8c59ed9345ca8692a68f777a0fb0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N36b7d391e5cf402199bf454d82f5735c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference build metadata related to a published package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N13acbf7806c648f19f147c9073a04385", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N7a48123f699948b5867af1fec0d7b88e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ne11c75cafdb0438299216847b06716cf", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", "globalId", "", ""] +["_:N4881d1614aa0403894d16c3ca276d790", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N9bd771ac02cc41519919a01d4deca105", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N65301d1be04341678842dfc049e2a33c", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/builtTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the time an artifact was built.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N85ad449141be453592e9e80c2bc379f4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/environment", "globalId", "", ""] +["_:N7676f1bbd99e47659502f87b9936453e", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "http://www.w3.org/2000/01/rdf-schema#comment", "A property name with an associated value.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne4baf3becb8740a79f8bceb49f40679f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Nb916f2dfc1c640bd8e0dac9bb5956172", "localId", "", ""] +["_:N8ec4229c1a674693bde766506ca93e87", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/2000/01/rdf-schema#comment", "An SPDX Element containing an SPDX license expression string.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N88e97455b377466daa24bff58cde8f0d", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", "http://www.w3.org/2000/01/rdf-schema#label", "query", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/ns/shacl#property", "_:Nc38c872821b548ee8f430a027b2d711f", "localId", "", ""] +["_:N3ba51db196c04386ae47cb64aab6c95c", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", "globalId", "", ""] +["_:N80dac4ea19f44488ae2dc09ba1429116", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/import", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "globalId", "", ""] +["_:N64ae0543871444f6b7d2a497fcf55186", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/completeness", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N763c69315ee040a88ca27b5205984626", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/from", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N41fda4edc0294fce84cdb5688d8ef9ef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/ns/shacl#property", "_:N13396ee366a94de388e2aff47754e81f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N06465237afe4406eb4803558f7a57c08", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nd3d538fe1cb544b5808c51dffd844c81", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N4f6d0abf94b14a189b945346f00ba9dc", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N72a328f4b7e14cb194d99b35236c3430", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ncf68ed04ac534a92808a38217fa55530", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "http://www.w3.org/ns/shacl#property", "_:N250a4372ab014e66ba3eec07accb85dc", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "http://www.w3.org/2000/01/rdf-schema#comment", "An Individual Value for Element representing a set of Elements with\ncardinality (number/count) of zero.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "http://www.w3.org/2000/01/rdf-schema#label", "firmware", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N13f4d81403034faaa93ea1abc3bd3d91", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ncff880d9e9c24887adcf512cbce2a444", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Na5a538a0052340c0ba01747cca3d3da8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", "globalId", "", ""] +["_:N0cac787ed3f3421fa6687df4da790a0c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", "globalId", "", ""] +["_:N2456bf573caa4efeab27607dfed5a451", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", "globalId", "", ""] +["_:Nc8b9ea4213214eccb17ccccf3790161d", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Person", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/ns/shacl#property", "_:N5912892962274966938ef83f3f23c015", "localId", "", ""] +["_:Nc51fb19223644705a84f646344b7e9d3", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N675847984777421d9fb9b171cdf0bb53", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/ns/shacl#property", "_:N68e2aefd82ab40c59cc6c2bfeab0adc4", "localId", "", ""] +["_:Ne70b85feb564419597741ca637d61d03", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", "http://www.w3.org/2000/01/rdf-schema#comment", "Records if sensitive personal information is used during model training or\ncould be used during the inference.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes all the preprocessing steps applied to the training data before the\nmodel training.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N5d195bb929fc404584503e9c9b17a526", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N5a2b8b0073a54a3db4d6092f1c5043ed", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "http://www.w3.org/2000/01/rdf-schema#comment", "Enumeration of the valid profiles.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/ns/shacl#property", "_:N72a328f4b7e14cb194d99b35236c3430", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/byteRange", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "globalId", "", ""] +["_:Nc4286224070a4248ad8590c45a7c8bc6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element provides a requirement needed as input for another Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "http://www.w3.org/2000/01/rdf-schema#comment", "An Organization representing the SPDX Project.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N13396ee366a94de388e2aff47754e81f", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nf7fd042770064703a84cd9039273e4f7", "http://www.w3.org/ns/shacl#pattern", "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:Ncae19f1586924a439b37e75eb5b57ed4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "http://www.w3.org/2000/01/rdf-schema#comment", "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/statement", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nce9a69dc19af4e1394f03174c67c5857", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides information about the creation of the Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N91d11db27b28462b8545b78734a27503", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", "http://www.w3.org/2000/01/rdf-schema#label", "green", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is an Artifact that can be run on a computer.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4d86b5ad122d431bbf443326643a51df", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N88e97455b377466daa24bff58cde8f0d", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N4571ded3acc34f068931feecaa278a44", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N1aac3c1c2ffb45d79910e133d9ec02f9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "http://www.w3.org/2000/01/rdf-schema#label", "evidence", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Hash", "http://www.w3.org/ns/shacl#property", "_:N4e4b35788e1b4064b856bcd8d2cc6670", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", "http://www.w3.org/2000/01/rdf-schema#label", "urlScheme", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Agent", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "http://www.w3.org/2000/01/rdf-schema#label", "low", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7f095ac56c3e4bccbcd4348b29980439", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na461e12485ec495f9d16f08504499025", "localId", "", ""] +["_:N61753ca6fa484199b143356d20b0476e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:N72dd028519c2443b94229cfc4a2639bc", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", "http://www.w3.org/2000/01/rdf-schema#label", "limitedSupport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", "http://www.w3.org/2000/01/rdf-schema#label", "descendantOf", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nd8679c5e3311467ca097a4151ac8fa54", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N06465237afe4406eb4803558f7a57c08", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a container image which can be used by a container runtime application.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "globalId", "", ""] +["_:N763c69315ee040a88ca27b5205984626", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/percentile", "http://www.w3.org/2000/01/rdf-schema#comment", "The percentile of the current probability score.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "http://www.w3.org/2000/01/rdf-schema#comment", "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N5ab248e680454bbcb3ed254de24ac49f", "http://www.w3.org/ns/shacl#pattern", "^[^\\/]+\\/[^\\/]+$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N32f50a51e84f4a2499a5d17f54bbed6b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "globalId", "", ""] +["_:N716ee87802fd4b6f98bfcff38ca5ff8a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd951591fca6c47c2985dd159db6ad52c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a CVSS version 3 assessment for a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N8ad3af20ea5248df91865def0b7a98de", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", "http://www.w3.org/2000/01/rdf-schema#comment", "The file represents a directory and all content stored in that directory.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na00b6f47e860415881f7e8a524a04316", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", "globalId", "", ""] +["_:N14d2ccc3ee7749088945c0ba96e7a88a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N2dbc8b0a30da433a94050a3ab1190bb8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Na44640dae5c34e6ab6f3759a75426eb0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", "https://spdx.org/rdf/3.0.1/terms/Core/created", "2024-11-22T03:00:01Z", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "", ""] +["_:Nbdc672a90df4480da8648bd31507d48e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/parameter", "globalId", "", ""] +["_:N963f7603cd844b03bd4631e0713b1635", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/extension", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/identifier", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N5ab248e680454bbcb3ed254de24ac49f", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/contentType", "globalId", "", ""] +["_:N034bf868068348fb92f2f33976cad5ae", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N6eb9ec15081f404a99935ff4e2aaa14b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildId", "http://www.w3.org/2000/01/rdf-schema#comment", "A buildId is a locally unique identifier used by a builder to identify a unique\ninstance of a build produced by it.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne0ff4ba19d0a41c18c6ccfc733f2193d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4e1bd25f594a483ab492b4c24a5748eb", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", "http://www.w3.org/2000/01/rdf-schema#label", "hasInput", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nd385c846dfa14371a0a3697f7168b4c1", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is documentation.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", "http://www.w3.org/2000/01/rdf-schema#comment", "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne81afbff18a74c75ac853da24ab327a0", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/catalogType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", "http://www.w3.org/2000/01/rdf-schema#label", "dataset", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7d2dbee05b72455c995a675186de5fd1", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", "http://www.w3.org/2000/01/rdf-schema#label", "cpe22", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nf26016059c3e414da185e30155b543f5", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:Nfbd5a9c0923c423a84d0bb8fef89f4a3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nadc18a90b6ca4cc3af0fb2aa7418dda8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/ns/shacl#property", "_:Nc4156282a9c34b6190b0869cdc1793db", "localId", "", ""] +["_:N954579de61d84bef909737ad4568a536", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/sbomType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/comment", "http://www.w3.org/2000/01/rdf-schema#comment", "Provide consumers with comments by the creator of the Element about the\nElement.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd0d48abef81b4c44a952c0925a6e30a9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9bb1cced9aa14e08b36ebf9f952b1d01", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", "http://www.w3.org/2000/01/rdf-schema#label", "privacyAssessment", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N4881d1614aa0403894d16c3ca276d790", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "http://www.w3.org/ns/shacl#property", "_:Nd05558aa816f416f8c26895bb8d1d9bb", "localId", "", ""] +["_:Nb07efffce0ba43a2bcac0e3a90a48609", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", "globalId", "", ""] +["_:Nc1bb7a1b7d034342906511e27e066abc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes potentially noisy elements of the dataset.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne5e123ab8f7d4aa4b35a7442690fe19d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N072d6f5c7eee40859e3a93d05034536f", "localId", "", ""] +["_:Nfbd3df443088485abe551fc6374a3c4c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", "http://www.w3.org/2000/01/rdf-schema#comment", "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a software application.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:Nb850dda843534d3ab3ffbadf70766fef", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N7eb015d497fc4c09bb8530f59c65624d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", "globalId", "", ""] +["_:N4091b2fb3d5c417fad7305927740d1d5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", "globalId", "", ""] +["_:Ne1917fc7b2894ab7a09e78e8e8b21989", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nbc8ae53aacf942ca88840a6c1d655d6c", "localId", "", ""] +["_:Nc3c21678fc9a459784f054a6954a9aa8", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nb345ac20ec3244e480ec30eee26dc06e", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "http://www.w3.org/ns/shacl#property", "_:N187a93895c7b43bea96131212a0ba3f5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N904326509fc04cc4be66ea123ed9fdc4", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Na3925605d49b4db382603ae946c37f51", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "http://www.w3.org/2000/01/rdf-schema#comment", "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N024478cff6eb4ef48dc45dabdb7b0a35", "localId", "", ""] +["_:Nf028d12b2d0f4f6cb20747b6b39a8b5b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", "http://www.w3.org/2000/01/rdf-schema#comment", "A canonical, unique, immutable identifier of the artifact content, that may be\nused for verifying its identity and/or integrity.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd77657e0b19d459c931f64f48ed7e1a6", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#property", "_:Nd33af007bad14a4594f7039df1c5df75", "localId", "", ""] +["_:N694e3d4238ff4006b46b450b91f4179a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9a582f09d0b7426d81ae74b09a5ed252", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Tool", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/ns/shacl#property", "_:Ne11c75cafdb0438299216847b06716cf", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Organization", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is an ancestor of each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/environment", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "http://www.w3.org/2000/01/rdf-schema#label", "archive", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", "http://www.w3.org/2000/01/rdf-schema#label", "kilowattHour", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", "http://www.w3.org/2000/01/rdf-schema#label", "hasProvidedDependency", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", "http://www.w3.org/2000/01/rdf-schema#comment", "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N0781395df11e44a6a3186f0fa8908958", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a reference number that can be used to understand how to parse and\ninterpret an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:Nc37985fef6884679b49d387a2ef08d3f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/2000/01/rdf-schema#comment", "A collection of SPDX Elements that could potentially be serialized.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/ns/shacl#property", "_:N0d09683a42354debacdd0b0625119609", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["_:Nb9165bd1d4e8406eb56e237a892cfba4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", "http://www.w3.org/2000/01/rdf-schema#label", "expandsTo", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nf10e65ca64f84003827c23ef339743e5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne1917fc7b2894ab7a09e78e8e8b21989", "localId", "", ""] +["_:N833dac5833c24d35a16d11f2e318aeef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd90adf23ae66491daa68ac6dd4501bdf", "localId", "", ""] +["_:Nece0b4f721a847f98727202b50f4a753", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "globalId", "", ""] +["_:Na5a538a0052340c0ba01747cca3d3da8", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/locationHint", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#label", "componentAnalysisReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nd83655f2100e4025b2eefd465fc154ab", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0c3b30ca2bdf4cb1839bdc608bc41186", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", "http://www.w3.org/2000/01/rdf-schema#label", "serializedInArtifact", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", "http://www.w3.org/2000/01/rdf-schema#label", "packageUrl", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N168bcfc831bd4f85b6a82742eb7ad4f5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ned1f0afb78d3460c9478383abf3da36b", "localId", "", ""] +["_:N2f8145031850475ba01bc466221debed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nfb655ff9dcc6442baa6046d411f0624c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/catalogType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the exploit catalog type.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/ns/shacl#property", "_:N8f24e4128c124ec08b9e80f45a43dd1e", "localId", "", ""] +["_:Nf4609fa7f53e4898a47341b507b5e03e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:N210fbcf85b384009a2cee68e4a7e6b78", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N02daaf1ea3874989948c16e26274de9f", "localId", "", ""] +["_:Ne68051bb209048da9a57bc5dbaf28bf0", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N97120636b11b4b158892706019486fb5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", "globalId", "", ""] +["_:N8186b6d9dc534ac1b7a906d040a88d6a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9b79adf6684a4d328dc28ae0ee98d95d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/ns/shacl#property", "_:N73e74213eec84d8daaa36a51dab963d6", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ne94d7f462c66468a8c52086b6b54de89", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", "globalId", "", ""] +["_:N682abb8a6bbc40e9947aa2d9d66eec4d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "globalId", "", ""] +["_:N10ab85203a394bd3ba6ef86074d64233", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "globalId", "", ""] +["_:Ne778a773be4f408192f2ed37c6143a5d", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/2000/01/rdf-schema#comment", "An assertion made in relation to one or more elements.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to an artifact containing the sources for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7c9974a53d5443c5831f3e7dc56073d0", "http://www.w3.org/ns/shacl#not", "_:N8358def5fd2b4668b759d786315e799f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the type of the external identifier.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N5e678b3ba38745b58c0103b8e085d5c8", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/ns/shacl#property", "_:Nebecc80c7e4045d1b3ad15ab0c1d04ec", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:Na3b27046864941989a486e5a70e0edb4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/subject", "http://www.w3.org/2000/01/rdf-schema#comment", "An Element an annotator has made an assertion about.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4e4b35788e1b4064b856bcd8d2cc6670", "http://www.w3.org/ns/shacl#in", "_:Nce436d556d4e4606ba37d9ad32d22967", "localId", "", ""] +["_:Ne06f01bddfb24f69a9e1c0ba9694b11d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", "http://www.w3.org/2000/01/rdf-schema#label", "underInvestigationFor", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the software support channel or other support information for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na3925605d49b4db382603ae946c37f51", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N90cb783276d74a2881e21a08abf01e2f", "http://www.w3.org/ns/shacl#not", "_:N986501d57648498ea8ed156092baf32c", "localId", "", ""] +["_:Nd73c69088f734dffb4cc9539c637aecf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N58c3f747313349d396ead702e2de2953", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N5ddf9ddcd2bc446f8729bd7a23566faf", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/namespace", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an unambiguous mechanism for conveying a URI fragment portion of an\nElement ID.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the safety risk level.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/probability", "http://www.w3.org/2000/01/rdf-schema#comment", "A probability score between 0 and 1 of a vulnerability being exploited.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the documentation for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", "http://www.w3.org/2000/01/rdf-schema#comment", "Conveys information about how VEX status was determined.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nb9165bd1d4e8406eb56e237a892cfba4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0753f471dae945e885cde15702c705bb", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N88ce0438020d4326924db53dec9bd6b5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", "globalId", "", ""] +["_:Nb4381a5cee3143a482af28cf9a364f3c", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nbbbec88245754e9d9390b9a11f0b67c2", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the time when a vulnerability was published.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#property", "_:Nbbbec88245754e9d9390b9a11f0b67c2", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "http://www.w3.org/2000/01/rdf-schema#label", "application", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "http://www.w3.org/2000/01/rdf-schema#label", "documentation", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the type of the external reference.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Nf7fd042770064703a84cd9039273e4f7", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["_:N98018fef19484e2fae944af82b21920e", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Agent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/contentType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["_:N7676f1bbd99e47659502f87b9936453e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", "http://www.w3.org/2000/01/rdf-schema#label", "deployed", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nccde3ac271484f91b83ed5fb2e1d70c9", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N4e4b35788e1b4064b856bcd8d2cc6670", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:N00fcf1f501a749fc9cbbdbdf23a7aaa8", "localId", "", ""] +["_:N79e0fdc8a753446e8e1931aab90b02ae", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Naa7e95f812804669b3e89daed8d27b21", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ne68051bb209048da9a57bc5dbaf28bf0", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Sbom", "http://www.w3.org/2000/01/rdf-schema#comment", "A collection of SPDX Elements describing a single package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "http://www.w3.org/2000/01/rdf-schema#comment", "Information about the relationship between two Elements.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nf7e1508801cf4398b830fad84fe53388", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:Nccde3ac271484f91b83ed5fb2e1d70c9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", "globalId", "", ""] +["_:N40bcef929ef64825a68929a36aefa27c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4d92ede494e34e51ba6eca91292dc0dc", "localId", "", ""] +["_:Na461e12485ec495f9d16f08504499025", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N73833299f42a4f78b3a3379f9d2302d7", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element represents a runtime environment.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N6aa0e623203745d7b1fb18b485918354", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc4286224070a4248ad8590c45a7c8bc6", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N7c7a260c778e4d4491ba75a0fe083ebe", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", "globalId", "", ""] +["_:Ne1917fc7b2894ab7a09e78e8e8b21989", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "globalId", "", ""] +["_:Nc51fb19223644705a84f646344b7e9d3", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N576b7fbe3ba74572a6eb065c67761847", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides the location for more information regarding an external identifier.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N1a8882804ac24104946e7afa0b36905a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc7b49cc0a08745e08e5ba42ee492184f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "http://www.w3.org/2000/01/rdf-schema#comment", "When a CVSS score is between 4.0 - 6.9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N619e2a32fb994ed69f916340e12ed7f3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/ns/shacl#property", "_:N98018fef19484e2fae944af82b21920e", "localId", "", ""] +["_:N68767751c5f64fc1afe82f2dcbae6636", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", "globalId", "", ""] +["_:Nb2f2a5ddadbe4718954d50737f92e201", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an independently reproducible mechanism that permits verification of a specific Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", "http://www.w3.org/2000/01/rdf-schema#label", "vulnerableCodeNotPresent", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N5d195bb929fc404584503e9c9b17a526", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", "http://www.w3.org/2000/01/rdf-schema#comment", "Property that describes the URI of the build configuration source file.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", "http://www.w3.org/2000/01/rdf-schema#label", "hasAddedFile", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N5a2b8b0073a54a3db4d6092f1c5043ed", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N186b972a57284ae1946b3f7d8e762830", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", "globalId", "", ""] +["_:N45b62edbd5f3406dba20232288ec19fd", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a static analysis report for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N66b43817d95d4468bf805207af159230", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N4e4b35788e1b4064b856bcd8d2cc6670", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/algorithm", "globalId", "", ""] +["_:Nc38c872821b548ee8f430a027b2d711f", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "globalId", "", ""] +["_:N516b1b46dbb04f1c953906f0388bf8b4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", "globalId", "", ""] +["_:N58021835a49a4b959f9428f8df7f7198", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "http://www.w3.org/2000/01/rdf-schema#comment", "Indicates presence of the field.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/fileKind", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N1d4668e7f12244a7a9407b898c9b0534", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nff33e8337dc8421d9e74b338e35a75d5", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N07cb32d0626a45cfbea37a7dd2a8b854", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N250a4372ab014e66ba3eec07accb85dc", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", "http://www.w3.org/2000/01/rdf-schema#comment", "The relationship is known not to be exhaustive.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7091d1b764924e4db3551e0b422e61ba", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the Software profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", "http://www.w3.org/ns/shacl#property", "_:N963f7603cd844b03bd4631e0713b1635", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Sbom", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:Nc8b9ea4213214eccb17ccccf3790161d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/namespace", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ne21f363965114243b81ce67f76575de3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf6541e98d99947d9a7ccb49088b43ea0", "localId", "", ""] +["_:N3de741ac343042e6ac53564501076e44", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", "http://www.w3.org/2000/01/rdf-schema#label", "hasStaticLink", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", "http://www.w3.org/2000/01/rdf-schema#comment", "CISA's Known Exploited Vulnerability (KEV) Catalog", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:Ne778a773be4f408192f2ed37c6143a5d", "localId", "", ""] +["_:N0dc54ccc3f8d4afe897d7be97f9f6928", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element generates each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nc8b9ea4213214eccb17ccccf3790161d", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "globalId", "", ""] +["_:N8e672d95ff7d48e68c1ed7ecf019b269", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N5bda6a3731444310990a06326743f6aa", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:N942417ca6d844df0914d75b099a457f8", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#property", "_:N4881d1614aa0403894d16c3ca276d790", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://purl.org/dc/terms/references", "https://spdx.dev/specifications/", "globalId", "", ""] +["_:N8b5253826157456ba3297cf9f4f8db15", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nff9c0c2a18f24f76bfa32806ec48ce59", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nadd5d6fa295c47ee82d49e5fde059110", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/parameter", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbd45f3e248c84b27b2e1a0da67d47a71", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N54d1f829ecc441b9b7d9248324cbea6b", "localId", "", ""] +["_:N7583808b54c947658126a7846ad7cc76", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Nf71f6300b14a4726a20ffad899bed919", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "http://www.w3.org/ns/shacl#property", "_:N50c6944cf3544d0ab17d40d70d7715c3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N00d83dee7aa44a7991821a46e83e5164", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "globalId", "", ""] +["_:Ne20cfbefa1424ba79abfc89287f1eef3", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Hash", "globalId", "", ""] +["_:Nc2ac7680f26b40408ebfc2b4bb40def7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nfd592b5830bc43009e433a4172fb036b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", "http://www.w3.org/2000/01/rdf-schema#comment", "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "An Individual Value for License where the SPDX data creator determines that no\nlicense is present.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nff9c0c2a18f24f76bfa32806ec48ce59", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N64ae0543871444f6b7d2a497fcf55186", "localId", "", ""] +["_:N4e1bd25f594a483ab492b4c24a5748eb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N1314ef461724483f9bd5c56d939b17c4", "localId", "", ""] +["_:Ncedd59bf4f1a4436ac8325d34d020df5", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "http://www.w3.org/2000/01/rdf-schema#comment", "Categories of confidentiality level.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N618f8c59ed9345ca8692a68f777a0fb0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://purl.org/dc/terms/title", "System Package Data Exchange (SPDX) Ontology", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Neff5f08fa9fd4aaeb51026e2484443c7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", "globalId", "", ""] +["_:N63f963c2c8a4467bb803f9af7eaafd3d", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N931294357284457f9a6f643757b29e72", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N687efc23ea2c4c0b9a09c9ca45dc49b3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N66b43817d95d4468bf805207af159230", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", "http://www.w3.org/2000/01/rdf-schema#label", "categorical", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N2061c93cd5774c61823bf76c952d5242", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies whether the License is listed as approved by the\nOpen Source Initiative (OSI).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nff33e8337dc8421d9e74b338e35a75d5", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ncae19f1586924a439b37e75eb5b57ed4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/exploited", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["_:N453a2981f56c4d3a943752e7740f87fd", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", "https://spdx.org/rdf/3.0.1/terms/Core/created", "2024-11-22T03:00:01Z", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nedaa28cbd856413e95e7805cf2d255dd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N2f8145031850475ba01bc466221debed", "localId", "", ""] +["_:Nf7fd042770064703a84cd9039273e4f7", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "http://www.w3.org/2000/01/rdf-schema#comment", "The class that helps note down the quantity of energy consumption and the unit\nused for measurement.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", "http://www.w3.org/2000/01/rdf-schema#label", "documentation", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", "http://www.w3.org/2000/01/rdf-schema#label", "video", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", "globalId", "", ""] +["_:N0e471571470240e5872be57bfd58fed9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ndbf7c5384f2242b98dd62b6a8d6a503f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", "http://www.w3.org/2000/01/rdf-schema#label", "timestamp", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N377b547285074591a904911ef1fc1977", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nd83655f2100e4025b2eefd465fc154ab", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "globalId", "", ""] +["_:N73f9586a8a7d4b978afcb9cfe998050b", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N904326509fc04cc4be66ea123ed9fdc4", "http://www.w3.org/ns/shacl#in", "_:N10002d3538094764a9c6d3893234cd04", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a Software Composition Analysis (SCA) report.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nfb655ff9dcc6442baa6046d411f0624c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8711a8ae5ca942d1bbd795a0144ca9a7", "localId", "", ""] +["_:N72a328f4b7e14cb194d99b35236c3430", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/comment", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "http://www.w3.org/ns/shacl#property", "_:Nf44042158d4d4c85a5bd6a0fcb538498", "localId", "", ""] +["_:N461fe7f9c28b4d81a4fb17726fc9adf6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", "globalId", "", ""] +["_:Ndb50eefe33ac4feda6cfb13073b5324e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8b86dbc23a22407a9380fbd9376d3b83", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "https://www.omg.org/spec/Commons/AnnotationVocabulary/copyright", "Copyright (C) 2024 SPDX Project", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nb345ac20ec3244e480ec30eee26dc06e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:Nf9bf03371d92462f91a54baa946fd625", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:Nb4381a5cee3143a482af28cf9a364f3c", "localId", "", ""] +["_:N187a93895c7b43bea96131212a0ba3f5", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N236307149ca247fcad8df1b0dd41fcfc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N88ce0438020d4326924db53dec9bd6b5", "localId", "", ""] +["_:N82be0a238ea44c658a60ca20e0c8c6fa", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:N4b7945a329d940d7a4167237a4e60e53", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/ns/shacl#property", "_:Ne03121e956234709bc0f8f288597ff50", "localId", "", ""] +["_:N50c6944cf3544d0ab17d40d70d7715c3", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N1647e706f6764e7d9ec4e0aa8979d0c6", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", "globalId", "", ""] +["_:N73e74213eec84d8daaa36a51dab963d6", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:Nf0752cee7bef48efaa39267516a6b21a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Hash", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Organization", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "http://www.w3.org/2000/01/rdf-schema#comment", "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N8f1dd8dbe42e46fb934adf94515048b1", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", "http://www.w3.org/2000/01/rdf-schema#comment", "Portion of an AnyLicenseInfo representing a set of licensing information where\nonly one of the elements applies.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nadd6173eaf8b4550a3ec8c90524cc599", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "globalId", "", ""] +["_:N4ac93d52ef544d5cb73aeaeb279b7567", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N07868b0098174c478ac47f3fbc946ff0", "localId", "", ""] +["_:Nd33af007bad14a4594f7039df1c5df75", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N74551d5c49b94ece99a5fdec0d58d233", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ne94d7f462c66468a8c52086b6b54de89", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb07efffce0ba43a2bcac0e3a90a48609", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildId", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N14d2ccc3ee7749088945c0ba96e7a88a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a quality assessment for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Nb850dda843534d3ab3ffbadf70766fef", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "3.0.1", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/endTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/summary", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nf5531d9c16ff4f589dff19f480634c29", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/ns/shacl#property", "_:Ne3b40c9739164b2eb0ae163374d9c4ac", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N187a93895c7b43bea96131212a0ba3f5", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/value", "globalId", "", ""] +["_:N65301d1be04341678842dfc049e2a33c", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", "globalId", "", ""] +["_:N825f749765e348a0abfef75f63c1588a", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", "http://www.w3.org/2000/01/rdf-schema#label", "contains", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N0d09683a42354debacdd0b0625119609", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N0c49370c41124d50ac6081418cb2432d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nd0cfba2a98544626a8566f29105598e9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://purl.org/dc/terms/created", "2024-04-05", "http://www.w3.org/2001/XMLSchema#date", "", ""] +["_:N16cb468a2dcd423bb3654b71a6f00062", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N7b5b4ad7f9a54d91a292ac0738539050", "localId", "", ""] +["_:Nc9ccffdec66347509395f75c9845128f", "http://www.w3.org/ns/shacl#not", "_:N8eab6125211e4549a03d744617823ad5", "localId", "", ""] +["_:Nf71f6300b14a4726a20ffad899bed919", "http://www.w3.org/ns/shacl#in", "_:N2aa73eafba6f4d55938fb60c96ff2379", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", "http://www.w3.org/2000/01/rdf-schema#label", "exploitCreatedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#property", "_:Nfe1814d375d7456e843deb8cde1cf341", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to additional product metadata such as reference within organization's product catalog.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nb345ac20ec3244e480ec30eee26dc06e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", "globalId", "", ""] +["_:N511c01e1b6a146c3bf99fe3e88272f2e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", "globalId", "", ""] +["_:Nbf6c9a626dad41fa8a0422cb3ddab7a3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Na1ce1658c3be4bc0b082944caae9ddea", "http://www.w3.org/ns/shacl#not", "_:Nff8e6ed55f604249b913b2bbc6d8411d", "localId", "", ""] +["_:Nda791debefe5491aa84d61433873c630", "http://www.w3.org/ns/shacl#in", "_:N1a0279389d714631b1d12935e9f2b014", "localId", "", ""] +["_:N07cb32d0626a45cfbea37a7dd2a8b854", "http://www.w3.org/ns/shacl#pattern", "^[^\\/]+\\/[^\\/]+$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "http://www.w3.org/2000/01/rdf-schema#label", "container", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nd2a11bb8a1a14a82994d02e9dd610275", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N0781395df11e44a6a3186f0fa8908958", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", "http://www.w3.org/2000/01/rdf-schema#label", "structured", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Na267e7b88a344e4fbd0c59a6dc760e65", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N184c02d9c66a4e9d988d681d20c5ddc6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Provide context for a relationship that occurs in the lifecycle.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Nb245e59ae52342bea2f1feb05bb80e79", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N6aa0e623203745d7b1fb18b485918354", "localId", "", ""] +["_:Na3b27046864941989a486e5a70e0edb4", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N90cb783276d74a2881e21a08abf01e2f", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Na449b0b56e3540618b2a2698204edde9", "localId", "", ""] +["_:Nd05558aa816f416f8c26895bb8d1d9bb", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/contentType", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides information about the content type of an Element or a Property.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne81afbff18a74c75ac853da24ab327a0", "http://www.w3.org/ns/shacl#minCount", "2", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["_:Ne0ff4ba19d0a41c18c6ccfc733f2193d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "globalId", "", ""] +["_:Nf0752cee7bef48efaa39267516a6b21a", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides additional purpose information of the software artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "http://www.w3.org/ns/shacl#property", "_:N45b62edbd5f3406dba20232288ec19fd", "localId", "", ""] +["_:Nc51fb19223644705a84f646344b7e9d3", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nf284f365ba5c4e4da40d7d7900d82744", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/probability", "globalId", "", ""] +["_:N7676f1bbd99e47659502f87b9936453e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/scope", "globalId", "", ""] +["_:Nf26016059c3e414da185e30155b543f5", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/extension", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/percentile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N105628f6c8b040edb9db617f35f30bec", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ncff880d9e9c24887adcf512cbce2a444", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne3e1ac11e78640fab50085207414679f", "localId", "", ""] +["_:N4571ded3acc34f068931feecaa278a44", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nce436d556d4e4606ba37d9ad32d22967", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne5e123ab8f7d4aa4b35a7442690fe19d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", "http://www.w3.org/2000/01/rdf-schema#comment", "Indicates the amount of energy consumption incurred by an AI model.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "http://www.w3.org/2000/01/rdf-schema#label", "bom", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Na79e142094fb464da3de3ceb4108e4ff", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", "globalId", "", ""] +["_:Nc71de92f1cc649fcab4d77d974dac329", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", "globalId", "", ""] +["_:N47d32bc3b4e04c9ab083ec76d4f22585", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/sbomType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["_:N30d1dbbf97fb456eb18d38b76c8004d3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "globalId", "", ""] +["_:N9bd771ac02cc41519919a01d4deca105", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Nc51fb19223644705a84f646344b7e9d3", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "globalId", "", ""] +["_:N0c3b30ca2bdf4cb1839bdc608bc41186", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0713bbcf2b1f4e23b912a81e12b5d270", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "http://www.w3.org/2000/01/rdf-schema#label", "blake3", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N3bf9008e5422473bb689602da04ccca1", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/subject", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", "http://www.w3.org/2000/01/rdf-schema#label", "describes", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/File", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ne70b85feb564419597741ca637d61d03", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N4a3178783c58491bb646a056a8dbb37a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N615be2b8b7174608b24884d12a2039ad", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N58c62d134f5e41d78440946685ecf0cc", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes the anonymization methods used.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", "http://www.w3.org/2000/01/rdf-schema#label", "hasSpecification", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the amount of energy consumed when training the AI model that is\nbeing used in the AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides relevant information about the AI software, not including the model\ndescription.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "http://www.w3.org/ns/shacl#property", "_:N516b1b46dbb04f1c953906f0388bf8b4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a privacy assessment for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc6d7eec7a63445c8a64113d0e59ce02c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "globalId", "", ""] +["_:Nfd592b5830bc43009e433a4172fb036b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/locator", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Ne93ae5d0cb664d7ab2554eaa72a23f25", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne94d7f462c66468a8c52086b6b54de89", "localId", "", ""] +["_:N50c6944cf3544d0ab17d40d70d7715c3", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/ns/shacl#property", "_:N3bf9008e5422473bb689602da04ccca1", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Na449b0b56e3540618b2a2698204edde9", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a CVSS version 4 assessment for a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["_:N45b62edbd5f3406dba20232288ec19fd", "http://www.w3.org/ns/shacl#in", "_:N0eb0fa7732fb4a2db7455731d6a1ce53", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["_:N7a66c734ced842b4913ff95c5f5cf452", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N3c163fcab8684aa09c61e78b4cbb9b38", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/to", "globalId", "", ""] +["_:N4a56b875349e44729e9aca40972c86cd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N3de741ac343042e6ac53564501076e44", "localId", "", ""] +["_:Nc6bdb22311b243119db2aee3b54fabe4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Na3b27046864941989a486e5a70e0edb4", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N91adaf3024344ddcbcbf3f943faaad6b", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Ne883dfda4a7445ceb1e70f39ddd03fea", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/comment", "globalId", "", ""] +["_:N4d92ede494e34e51ba6eca91292dc0dc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nfc8b91023a9e4e08ae989e08b6c0b9ec", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Organization", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N931294357284457f9a6f643757b29e72", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", "http://www.w3.org/2000/01/rdf-schema#comment", "A relationship has specific context implications during the execution phase of an element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "http://www.w3.org/ns/shacl#property", "_:Nbb0a3a63cdba4f078c6de6eef7ff6579", "localId", "", ""] +["_:Nc6d7eec7a63445c8a64113d0e59ce02c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N30a10bdc909f4c4bb84f02821147b416", "localId", "", ""] +["_:Nbd013d07f45a42d99931fe619ee4ca95", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N0bf807da343b4645904db560abf69583", "http://www.w3.org/ns/shacl#in", "_:N1bd597d8851e43b79e3bde3fb6388627", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N7091d1b764924e4db3551e0b422e61ba", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "Used when the type does not match any of the other options.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Nd3d538fe1cb544b5808c51dffd844c81", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element has been tested on the `to` Element(s).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "This individual element was defined by the spec.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N2056bd91659a4260a6eb99a0cbdd9f14", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/locator", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["_:Nf21725c3245f4286b67bd679d3351c59", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N916e8c3c85774fcd96b700a20240ca75", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/subject", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nfc8b91023a9e4e08ae989e08b6c0b9ec", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N453a2981f56c4d3a943752e7740f87fd", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/scope", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["_:N17c879855daa4fd7b7d7ef9da34e7ea6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8ff2b7ece321489a9ff262a2c697c89c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N73e74213eec84d8daaa36a51dab963d6", "http://www.w3.org/ns/shacl#in", "_:Ne93ae5d0cb664d7ab2554eaa72a23f25", "localId", "", ""] +["_:Nf284f365ba5c4e4da40d7d7900d82744", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "http://www.w3.org/2000/01/rdf-schema#comment", "A canonical, unique, immutable identifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/justificationType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", "http://www.w3.org/2000/01/rdf-schema#label", "security", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:N737b3d5b3c8f4cb7b5fb665b52f1dd96", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/environment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Ne41f054fce23460dba46863153e67567", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "globalId", "", ""] +["_:Na5ef7f1675b84ce99e4f4ca36d200a91", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Na2b089e6c69d4697ae4de61d18f020f7", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/ns/shacl#property", "_:Ne883dfda4a7445ceb1e70f39ddd03fea", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", "http://www.w3.org/2000/01/rdf-schema#comment", "Records any relevant background information or additional comments\nabout the origin of the package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N47d32bc3b4e04c9ab083ec76d4f22585", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N13acbf7806c648f19f147c9073a04385", "localId", "", ""] +["_:Ndb06ff981cef4e94bfdbec22badacd4d", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["_:Nbbbec88245754e9d9390b9a11f0b67c2", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", "http://www.w3.org/2000/01/rdf-schema#comment", "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd77e569c4d2d4d2c9bb29ea462bc94cc", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", "http://www.w3.org/2000/01/rdf-schema#comment", "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", "http://www.w3.org/2000/01/rdf-schema#label", "hasOutput", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N7d2dbee05b72455c995a675186de5fd1", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/buildId", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ne7777394524c4639973161dd3aff2db3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N33da303c78e142a2acc0db12f3ee6686", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nc85a3a5deac54465a32d993ba5434b00", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "globalId", "", ""] +["_:Ne3e1ac11e78640fab50085207414679f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", "http://www.w3.org/2000/01/rdf-schema#comment", "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom\nLicense Addition to its URI ID.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N4182e8c878544ebb842682b1ece2bd3a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["_:Nd6f4245b3ebe44e6b100782b191deb97", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N87131d5acc2b478ba16230f714aa0bb0", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N80dac4ea19f44488ae2dc09ba1429116", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", "http://www.w3.org/2000/01/rdf-schema#comment", "Property describes the invocation entrypoint of a build.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", "http://www.w3.org/2000/01/rdf-schema#comment", "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/File", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element represents software that controls hardware devices.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd951591fca6c47c2985dd159db6ad52c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4f7ca95fbfad4d20810e92ab09220394", "localId", "", ""] +["_:N1a0279389d714631b1d12935e9f2b014", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", "globalId", "", ""] +["_:N91adaf3024344ddcbcbf3f943faaad6b", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ndc4add4edebe43f4821fb10dd712e481", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8a37deb026864cdca312209746e2caaa", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N3b695bebf32746039b555b8460ffe552", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a file system image that can be written to a disk (or virtual) partition.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nf94717c65e4f4b86b4df261ecf26650d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", "globalId", "", ""] +["_:N825f749765e348a0abfef75f63c1588a", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/byteRange", "globalId", "", ""] +["_:N0b728d22a9674ecc87af12fde5aae61c", "http://www.w3.org/ns/shacl#in", "_:N3899f43be1b142148dc7af5c1cd6a1b9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a test used to verify functionality on an software element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N250a4372ab014e66ba3eec07accb85dc", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "globalId", "", ""] +["_:Na96bc2776ef4488595f136d0fbac26a6", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N0bf807da343b4645904db560abf69583", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Agent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "http://www.w3.org/ns/shacl#property", "_:N7a48123f699948b5867af1fec0d7b88e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:Ndb06ff981cef4e94bfdbec22badacd4d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N1d4668e7f12244a7a9407b898c9b0534", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N0b3155ddb4cc46678a8dadb3eb9e5e43", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Nfcc30e48020d4dd2b3493a0cd55ea457", "localId", "", ""] +["_:N2aa73eafba6f4d55938fb60c96ff2379", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8b5253826157456ba3297cf9f4f8db15", "localId", "", ""] +["_:N833dac5833c24d35a16d11f2e318aeef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", "globalId", "", ""] +["_:N63f963c2c8a4467bb803f9af7eaafd3d", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/context", "globalId", "", ""] +["_:N7a48123f699948b5867af1fec0d7b88e", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", "http://www.w3.org/2000/01/rdf-schema#comment", "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:Nebecc80c7e4045d1b3ad15ab0c1d04ec", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["_:N33da303c78e142a2acc0db12f3ee6686", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N02fadd3757064be6a0b797d8675b611e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nef3e82bf7eac41aa8dc101eabd0f1815", "localId", "", ""] +["_:N904326509fc04cc4be66ea123ed9fdc4", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", "http://www.w3.org/2000/01/rdf-schema#label", "bower", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", "http://www.w3.org/2000/01/rdf-schema#comment", "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4e4b35788e1b4064b856bcd8d2cc6670", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nd2a11bb8a1a14a82994d02e9dd610275", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N615be2b8b7174608b24884d12a2039ad", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "globalId", "", ""] +["_:Nbc1332652da345c49ad3c948238f404b", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an SSVC assessment for a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/name", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", "http://www.w3.org/2000/01/rdf-schema#comment", "there is no support for the artifact from the supplier, consumer assumes any support obligations.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a bill of materials.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/fileKind", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes if a given file is a directory or non-directory kind of file.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nba03adbea09d477299a596cac9fd8319", "http://www.w3.org/ns/shacl#not", "_:Ndbfe3b48ba714fb990a0e903863ea1ed", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", "http://www.w3.org/2000/01/rdf-schema#comment", "Artifact representing a serialization instance of SPDX data containing the\ndefinition of a particular Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", "http://www.w3.org/2000/01/rdf-schema#label", "hasDocumentation", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N2847f93323fd468eab2b926c5715c994", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4a56b875349e44729e9aca40972c86cd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/severity", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nadd5d6fa295c47ee82d49e5fde059110", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N80dac4ea19f44488ae2dc09ba1429116", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nf507b9bee5ae4254bafe4ce3c72a9f18", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/element", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "http://www.w3.org/2000/01/rdf-schema#comment", "any hashing algorithm that does not exist in this list of entries", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne03121e956234709bc0f8f288597ff50", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", "http://www.w3.org/2000/01/rdf-schema#label", "npm", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N7583808b54c947658126a7846ad7cc76", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4466be96ec5a4942b916c3f1fad2d3ee", "localId", "", ""] +["_:N10f5cc15b506459db381c02764d60e76", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the Lite profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nbc8ae53aacf942ca88840a6c1d655d6c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N58021835a49a4b959f9428f8df7f7198", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/2000/01/rdf-schema#comment", "A distinct article or unit within the digital domain.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a map of a property names to a values.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N29cadfcf5dfa4e73b1b0f56fa6e4352f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb2747510507b404f9243bfd7225f629d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nb916f2dfc1c640bd8e0dac9bb5956172", "http://www.w3.org/ns/shacl#in", "_:N57e86c05425144f4a08e64395a0d5e1d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is amended by each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["_:N942417ca6d844df0914d75b099a457f8", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N2aa14aff363e4fc1ab2ed86f71eb8873", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", "http://www.w3.org/2000/01/rdf-schema#label", "lite", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N3bf9008e5422473bb689602da04ccca1", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:N37829b662873490d9964f7bbbc300fce", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/ns/shacl#property", "_:Nf71f6300b14a4726a20ffad899bed919", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Hash", "http://www.w3.org/ns/shacl#property", "_:Naf01116eff7c4759be95f8f97c257d9c", "localId", "", ""] +["_:Ndb31c53559be41e0b28e79b74da0b557", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", "http://www.w3.org/2000/01/rdf-schema#label", "source", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "http://www.w3.org/ns/shacl#property", "_:Nca9532c3dd0b421e95d0800b68e3442a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Person", "http://www.w3.org/2000/01/rdf-schema#comment", "An individual human being.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", "http://www.w3.org/2000/01/rdf-schema#label", "license", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Hash", "http://www.w3.org/2000/01/rdf-schema#comment", "A mathematically calculated representation of a grouping of data.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc7f12b88e8f5489dacbbfeb81192696a", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", "globalId", "", ""] +["_:Nc22ee04d695b4582bd604f6206900620", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "http://www.w3.org/2000/01/rdf-schema#comment", "Indicates absence of the field.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N78c7513398064da1a55c5df1b3c96444", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", "globalId", "", ""] +["_:N13396ee366a94de388e2aff47754e81f", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N53970517ea09401691d51549f8e0fd90", "http://www.w3.org/ns/shacl#in", "_:N77f1a43a35e5447c83116261ae574acc", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/ns/shacl#property", "_:N7091d1b764924e4db3551e0b422e61ba", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Nbc1332652da345c49ad3c948238f404b", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Naf01116eff7c4759be95f8f97c257d9c", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/hashValue", "globalId", "", ""] +["_:N5a0ed5449f124c1e9ea7b05f0826cabd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne64dea82135241279d97934d928f2d35", "localId", "", ""] +["_:Na449b0b56e3540618b2a2698204edde9", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N05edbc4959e844438800e546abaebaea", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:N825f749765e348a0abfef75f63c1588a", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N89d38dc48bd64f1d894f7f8c5494c264", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0d2bee57931544d786ff3bc0afb223b0", "localId", "", ""] +["_:N98018fef19484e2fae944af82b21920e", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/ns/shacl#property", "_:Nb345ac20ec3244e480ec30eee26dc06e", "localId", "", ""] +["_:N6aa0e623203745d7b1fb18b485918354", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", "globalId", "", ""] +["_:N675847984777421d9fb9b171cdf0bb53", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:Nc9ddcdf86e874968aa8f5ba821975eb4", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["_:Nd91122440e7149a28656eb9394e082b2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nb2f2a5ddadbe4718954d50737f92e201", "localId", "", ""] +["_:N23a349d7f4a14351adf4c70293152926", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", "globalId", "", ""] +["_:Ndaeba75fb43b4db7b777e9b00ecd7064", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N187a93895c7b43bea96131212a0ba3f5", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N4dcad64fd9cf4af2b8d6ea98d6c5450a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", "http://www.w3.org/2000/01/rdf-schema#comment", "The second-highest level of risk posed by an AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", "http://www.w3.org/2000/01/rdf-schema#comment", "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#label", "staticAnalysisReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Ne06f01bddfb24f69a9e1c0ba9694b11d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/decisionType", "http://www.w3.org/2000/01/rdf-schema#comment", "Provide the enumeration of possible decisions in the\n[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc6d18260ddfa478b84c2dc19c2059aa2", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bom", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N7eb015d497fc4c09bb8530f59c65624d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nbd0d551be201428eb241c70d0e315cfa", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N95b6da49b56e4298924cd2f153f00905", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "http://www.w3.org/ns/shacl#property", "_:N7c7a260c778e4d4491ba75a0fe083ebe", "localId", "", ""] +["_:N87131d5acc2b478ba16230f714aa0bb0", "http://www.w3.org/ns/shacl#pattern", "^[^\\/]+\\/[^\\/]+$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "globalId", "", ""] +["_:N10002d3538094764a9c6d3893234cd04", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:Nbdc672a90df4480da8648bd31507d48e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/byteRange", "http://www.w3.org/2000/01/rdf-schema#comment", "Defines the byte range in the original host file that the snippet information\napplies to.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:N951ec4cbce414b3bab847840bf18d59f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/contentType", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N220b4463e39147e99e8eeeb9974c5370", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N75f6c4472b7b45349200afcce0dbacef", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes how the dataset was collected.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N87131d5acc2b478ba16230f714aa0bb0", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/contentType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N163b018b3d984833a5523252ed920c58", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N626b5ad29167479dabae9a9177315404", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N00d83dee7aa44a7991821a46e83e5164", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nce6e2333750a40619f2e93e40be35d7e", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:N0713bbcf2b1f4e23b912a81e12b5d270", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nbd013d07f45a42d99931fe619ee4ca95", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/locationHint", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["_:N0781395df11e44a6a3186f0fa8908958", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "http://www.w3.org/2000/01/rdf-schema#label", "vulnerableCodeNotInExecutePath", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Neff5f08fa9fd4aaeb51026e2484443c7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N16cb468a2dcd423bb3654b71a6f00062", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N2aa14aff363e4fc1ab2ed86f71eb8873", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N6ac0694afb0c40c1bb0988b0569f0cb4", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "http://www.w3.org/ns/shacl#property", "_:Nd6f4245b3ebe44e6b100782b191deb97", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N5a0ed5449f124c1e9ea7b05f0826cabd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "globalId", "", ""] +["_:Nbffaba2351c747ef8e380b89888a5f14", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", "http://www.w3.org/2000/01/rdf-schema#label", "certificationReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Na3925605d49b4db382603ae946c37f51", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N683c5b7b252949bda929dd4befe8bb50", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N5a2b8b0073a54a3db4d6092f1c5043ed", "http://www.w3.org/ns/shacl#in", "_:Nc1bb7a1b7d034342906511e27e066abc", "localId", "", ""] +["_:N95c7a63c89e94f8d9ceb0dd0c34ac9e3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N4278c3d777ea4ebd81cd23af80459c2d", "localId", "", ""] +["_:N8711a8ae5ca942d1bbd795a0144ca9a7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N4f9424fdcb0643a6b8dbd2c83de164a1", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", "globalId", "", ""] +["_:N1a0a0b40de254f55a8372bba19b60496", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "http://www.w3.org/2000/01/rdf-schema#label", "executable", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/builtTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N6369a0cffc0445e888c1e30a54a5be5d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ncc35596b6f164968b0bd35143cbc52ea", "localId", "", ""] +["_:N10ab85203a394bd3ba6ef86074d64233", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0b353053b3cd41e89351acf39abb719c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N315dc3dd043c41a49ffaaba74d10eeb0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4e6142c3e2dd4f3f9e2aed1df9452bc7", "localId", "", ""] +["_:Naa7e95f812804669b3e89daed8d27b21", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N03140b327b9d4620b37b847528c7140b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/created", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N1a0a0b40de254f55a8372bba19b60496", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/rootElement", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", "http://www.w3.org/2000/01/rdf-schema#label", "hasMetadata", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N5011f0cdb4544a70b796520ecd436a25", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nf4e0c03b381d4fb584571d8fdd2ca0a7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc15495aea74e4883afce40f042a057d5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/ns/shacl#property", "_:Nf9bf03371d92462f91a54baa946fd625", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "http://www.w3.org/ns/shacl#property", "_:N80dac4ea19f44488ae2dc09ba1429116", "localId", "", ""] +["_:Na2b089e6c69d4697ae4de61d18f020f7", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N731241b6024d4e109893eb1354404ec5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N184c02d9c66a4e9d988d681d20c5ddc6", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N32f50a51e84f4a2499a5d17f54bbed6b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", "http://www.w3.org/2000/01/rdf-schema#label", "core", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/completeness", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N9eda1b52fa264730ab0b383d300e1726", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Na0242fde5c314aa599a3a00cfb01634c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N694e3d4238ff4006b46b450b91f4179a", "localId", "", ""] +["_:N68e2aefd82ab40c59cc6c2bfeab0adc4", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N897df0f6e23b488988a2d2db8aad5bc4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "globalId", "", ""] +["_:N2dbc8b0a30da433a94050a3ab1190bb8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf10e65ca64f84003827c23ef339743e5", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes a sensor used for collecting the data.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4382805b6a5947d38ffcfd8b182bddbf", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "http://www.w3.org/2000/01/rdf-schema#comment", "A type of extension consisting of a list of name value pairs.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", "http://www.w3.org/2000/01/rdf-schema#comment", "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://purl.org/dc/terms/license", "https://spdx.org/licenses/Community-Spec-1.0.html", "globalId", "", ""] +["_:N5b2e4dda703849e4933338ff0970e968", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["_:N037a9f94d4da4593a56a6804fca57483", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "http://www.w3.org/2000/01/rdf-schema#comment", "When a CVSS score is 0.0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", "http://www.w3.org/2000/01/rdf-schema#label", "trainedOn", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/percentile", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#decimal", "globalId", "", ""] +["_:Nda791debefe5491aa84d61433873c630", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N89d641eef49d4a5f9ef42bfe5c4221bd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N230a41f8c8d549b8844a37595ce56867", "localId", "", ""] +["_:N8f24e4128c124ec08b9e80f45a43dd1e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nbac401e4be1249dd86dd149952baf59b", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "http://www.w3.org/2000/01/rdf-schema#label", "model", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N036299b1f2af44eeb966da8a1217ac9e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the Dataset profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ncc35596b6f164968b0bd35143cbc52ea", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", "http://www.w3.org/2000/01/rdf-schema#comment", "The version of the SPDX License List used in the license expression.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", "http://www.w3.org/2000/01/rdf-schema#label", "securityOther", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#property", "_:Nd77657e0b19d459c931f64f48ed7e1a6", "localId", "", ""] +["_:Nf58f6bed32c5414ca98526a5d6a7b6dc", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nf593d6da70614e2581430bd37d9cd4ef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", "globalId", "", ""] +["_:Ne64dea82135241279d97934d928f2d35", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nbf6c9a626dad41fa8a0422cb3ddab7a3", "localId", "", ""] +["_:Ncf68ed04ac534a92808a38217fa55530", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/domain", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:Na2b089e6c69d4697ae4de61d18f020f7", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/score", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", "http://www.w3.org/2000/01/rdf-schema#label", "high", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "3.0.1", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nfbb5f5e996be44989d31d47d46540443", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N73e74213eec84d8daaa36a51dab963d6", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/import", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an ExternalMap of Element identifiers.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["_:Nf593d6da70614e2581430bd37d9cd4ef", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N132cde65c9b14a1694d400388aecf0cc", "localId", "", ""] +["_:N0e31c4b45c4b442e9f1d32ab917a76ae", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0e471571470240e5872be57bfd58fed9", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:Nbac401e4be1249dd86dd149952baf59b", "localId", "", ""] +["_:Ndb06ff981cef4e94bfdbec22badacd4d", "http://www.w3.org/ns/shacl#in", "_:N0e4d30a5dd60459dbbb5efc7333deb37", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N02daaf1ea3874989948c16e26274de9f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N06a4b77ca26e4742a10723dc3349c395", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/name", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the name of an Element as designated by the creator.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N59f692071bb64860ab9f02cfb4670088", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", "http://www.w3.org/2000/01/rdf-schema#comment", "data type is not known.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/ns/shacl#property", "_:N5a2b8b0073a54a3db4d6092f1c5043ed", "localId", "", ""] +["_:N54d1f829ecc441b9b7d9248324cbea6b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N96120491adc84204822952240ddadf13", "localId", "", ""] +["_:N70cbc4a60eda4e648df0df882fab278d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4c8c5257e6c144099de859c3f43b1961", "localId", "", ""] +["_:Nf21725c3245f4286b67bd679d3351c59", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "globalId", "", ""] +["_:Ne778a773be4f408192f2ed37c6143a5d", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "http://www.w3.org/ns/shacl#property", "_:N904326509fc04cc4be66ea123ed9fdc4", "localId", "", ""] +["_:N261545ecf40d4f65bf47dc050598e90f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment", "http://www.w3.org/2000/01/rdf-schema#comment", "Records the results of general safety risk assessment of the AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/lineRange", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "globalId", "", ""] +["_:Ncba4137ebcf84a728acd12bde91130e9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8ec4229c1a674693bde766506ca93e87", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nccde3ac271484f91b83ed5fb2e1d70c9", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", "globalId", "", ""] +["_:N4278c3d777ea4ebd81cd23af80459c2d", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/severity", "globalId", "", ""] +["_:Nac0a6f045e7e4efd9dbaf01201286a14", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", "globalId", "", ""] +["_:N38e1279dca3f4e53be4eb3245a0e4ec2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "http://www.w3.org/2000/01/rdf-schema#comment", "The affected code is not reachable through the execution of the code, including non-anticipated states of the product.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc9ccffdec66347509395f75c9845128f", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N4382805b6a5947d38ffcfd8b182bddbf", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/parameter", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/value", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/ns/shacl#property", "_:Nae8e63939c7c4cf4aa4ba555362d775c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "http://www.w3.org/2000/01/rdf-schema#comment", "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nfd592b5830bc43009e433a4172fb036b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9b9dc778bc5c415fad7f82cf4f6047d2", "localId", "", ""] +["_:N3899f43be1b142148dc7af5c1cd6a1b9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0274510beacf46b0b7cd7048ff3cbb4d", "localId", "", ""] +["_:N9b9dc778bc5c415fad7f82cf4f6047d2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/fileKind", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", "globalId", "", ""] +["_:Nce6e2333750a40619f2e93e40be35d7e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "http://www.w3.org/2000/01/rdf-schema#label", "md2", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nd8679c5e3311467ca097a4151ac8fa54", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N2b7fa052bf664f2a9e1923831d282602", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nd0d48abef81b4c44a952c0925a6e30a9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "http://www.w3.org/2000/01/rdf-schema#label", "deviceDriver", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Sbom", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N0b3155ddb4cc46678a8dadb3eb9e5e43", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N1dd7c94072d1478ca91bee2c7af967a8", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N3ba51db196c04386ae47cb64aab6c95c", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nd8679c5e3311467ca097a4151ac8fa54", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", "http://www.w3.org/2000/01/rdf-schema#comment", "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N0e31c4b45c4b442e9f1d32ab917a76ae", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:Nc9235a4485e64fff9b1298095061a58e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "globalId", "", ""] +["_:N73f9586a8a7d4b978afcb9cfe998050b", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "http://www.w3.org/2000/01/rdf-schema#label", "sha3_512", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:N7d2dbee05b72455c995a675186de5fd1", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["_:Nece0b4f721a847f98727202b50f4a753", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N210fbcf85b384009a2cee68e4a7e6b78", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/limitation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/lineRange", "http://www.w3.org/2000/01/rdf-schema#comment", "Defines the line range in the original host file that the snippet information\napplies to.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Nda71586c3c6541b4a6a907d316dca405", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", "globalId", "", ""] +["_:N1647e706f6764e7d9ec4e0aa8979d0c6", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/homePage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "http://www.w3.org/2000/01/rdf-schema#label", "module", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nbdc672a90df4480da8648bd31507d48e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N4a3178783c58491bb646a056a8dbb37a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "http://www.w3.org/2000/01/rdf-schema#comment", "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/buildType", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N034bf868068348fb92f2f33976cad5ae", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#nonNegativeInteger", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", "http://www.w3.org/ns/shacl#property", "_:N47d32bc3b4e04c9ab083ec76d4f22585", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the SSVC decision type.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Na92e8ceda7e548bb9a144c2e9c857639", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N8ff2b7ece321489a9ff262a2c697c89c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N542022ab56194a2184bd872572ca204b", "localId", "", ""] +["_:N1aac3c1c2ffb45d79910e133d9ec02f9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "globalId", "", ""] +["_:Nca9532c3dd0b421e95d0800b68e3442a", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N986501d57648498ea8ed156092baf32c", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "A License participating in an 'or later' model.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne70b85feb564419597741ca637d61d03", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N13acbf7806c648f19f147c9073a04385", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N30d5cdb21c144005b1d74c81aa0e129e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", "http://www.w3.org/2000/01/rdf-schema#label", "mailingList", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N9eda1b52fa264730ab0b383d300e1726", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/locationHint", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides an indication of where to retrieve an external Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", "http://www.w3.org/2000/01/rdf-schema#label", "packagedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N542022ab56194a2184bd872572ca204b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N036299b1f2af44eeb966da8a1217ac9e", "localId", "", ""] +["_:Nf5531d9c16ff4f589dff19f480634c29", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N48b3e9d109d34fdeaa6cbef58c05c171", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", "globalId", "", ""] +["_:N0eb0fa7732fb4a2db7455731d6a1ce53", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N91d11db27b28462b8545b78734a27503", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", "http://www.w3.org/2000/01/rdf-schema#comment", "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N8bdb3da6da754d98843024e1dcbe3e43", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N02daaf1ea3874989948c16e26274de9f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "globalId", "", ""] +["_:Na92e8ceda7e548bb9a144c2e9c857639", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N1bd597d8851e43b79e3bde3fb6388627", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Neff5f08fa9fd4aaeb51026e2484443c7", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Nd11df36dd5014f759eab790e847b9857", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/scope", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N0d2bee57931544d786ff3bc0afb223b0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", "globalId", "", ""] +["_:N942417ca6d844df0914d75b099a457f8", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", "http://www.w3.org/2000/01/rdf-schema#label", "design", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N88ce0438020d4326924db53dec9bd6b5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N722c45f262084ffa9b063b852952397b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nf6f1751e3ea84341bdeec66f7c44a8ce", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/rootElement", "http://www.w3.org/2000/01/rdf-schema#comment", "This property is used to denote the root Element(s) of a tree of elements contained in a BOM.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", "http://www.w3.org/2000/01/rdf-schema#label", "build", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N91fee785616543dd9952683d70d387bf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N95b6da49b56e4298924cd2f153f00905", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the full text of a LicenseAddition.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the Extension profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a License author's preferred text to indicate that a file is covered\nby the License.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/2000/01/rdf-schema#comment", "A collection of Elements, not necessarily with unifying context.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4dda90621fe746a2972ace6f1e26f9c9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/limitation", "http://www.w3.org/2000/01/rdf-schema#comment", "Captures a limitation of the AI software.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:Nb916f2dfc1c640bd8e0dac9bb5956172", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N8692a82c280845c3a6fa37c02ddae229", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N58c62d134f5e41d78440946685ecf0cc", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/sbomType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/", "http://purl.org/dc/terms/creator", "SPDX Project", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/ns/shacl#property", "_:N894cee407d8747ec8adc2f05ce722a86", "localId", "", ""] +["_:Nd2a11bb8a1a14a82994d02e9dd610275", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "http://www.w3.org/2000/01/rdf-schema#label", "adler32", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the full text of a LicenseAddition, in SPDX templating format.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ndde9f898797c42b989ef522557debf64", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", "http://www.w3.org/2000/01/rdf-schema#comment", "Kilowatt-hour.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["_:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", "http://www.w3.org/2000/01/rdf-schema#label", "build", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nad909dcc4fad4339a9eb809fabd6a871", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nf4e0c03b381d4fb584571d8fdd2ca0a7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", "globalId", "", ""] +["_:N57e86c05425144f4a08e64395a0d5e1d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N833dac5833c24d35a16d11f2e318aeef", "localId", "", ""] +["_:N7f2c8d25f5df4c27b35c70d38090eab3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N8186b6d9dc534ac1b7a906d040a88d6a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", "http://www.w3.org/2000/01/rdf-schema#label", "funding", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", "https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/homePage", "http://www.w3.org/2000/01/rdf-schema#comment", "A place for the SPDX document creator to record a website that serves as the\npackage's home page.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", "http://www.w3.org/2000/01/rdf-schema#label", "other", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", "http://www.w3.org/2000/01/rdf-schema#comment", "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Ne70b85feb564419597741ca637d61d03", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", "http://www.w3.org/2000/01/rdf-schema#label", "clickthrough", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", "http://www.w3.org/2000/01/rdf-schema#comment", "Represents the energy quantity.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N737b3d5b3c8f4cb7b5fb665b52f1dd96", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/standardName", "globalId", "", ""] +["_:N06a4b77ca26e4742a10723dc3349c395", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N03140b327b9d4620b37b847528c7140b", "localId", "", ""] +["_:Nf6f1751e3ea84341bdeec66f7c44a8ce", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0c49370c41124d50ac6081418cb2432d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", "http://www.w3.org/2000/01/rdf-schema#label", "analyzed", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "globalId", "", ""] +["_:N5f694c64068844ca80652791ca7749d9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N4dda90621fe746a2972ace6f1e26f9c9", "localId", "", ""] +["_:Nf5531d9c16ff4f589dff19f480634c29", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "http://www.w3.org/2000/01/rdf-schema#label", "platform", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", "http://www.w3.org/2000/01/rdf-schema#comment", "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the full text of a License, in SPDX templating format.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N377b547285074591a904911ef1fc1977", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Hash", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/ns/shacl#property", "_:N4aa1ea2c440f4aecb7a6656a599fbf22", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/score", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N82be0a238ea44c658a60ca20e0c8c6fa", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", "globalId", "", ""] +["_:N85ad449141be453592e9e80c2bc379f4", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["_:N9a582f09d0b7426d81ae74b09a5ed252", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", "globalId", "", ""] +["_:N1a0a0b40de254f55a8372bba19b60496", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/ns/shacl#property", "_:Nb3e77cdb9a14442eafb0659c7081c110", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N57e86c05425144f4a08e64395a0d5e1d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N3bf9008e5422473bb689602da04ccca1", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/summary", "http://www.w3.org/2000/01/rdf-schema#comment", "A short description of an Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nfc3f4dc279d7471b83aa1a9df09f8d3f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N64a80dfe5e954cf59753ab8a96e4eff3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the download Uniform Resource Identifier for the package at the time\nthat the document was created.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element contains each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", "http://www.w3.org/2000/01/rdf-schema#label", "swhid", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", "http://www.w3.org/2000/01/rdf-schema#comment", "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/2000/01/rdf-schema#comment", "A map of Element identifiers that are used within an SpdxDocument but defined\nexternal to that SpdxDocument.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", "http://www.w3.org/2000/01/rdf-schema#comment", "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", "http://www.w3.org/2000/01/rdf-schema#label", "scrapingScript", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/locator", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["_:Na3743aad0c334d06a729f81988609c9f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", "globalId", "", ""] +["_:N8e672d95ff7d48e68c1ed7ecf019b269", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/exploited", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", "http://www.w3.org/2000/01/rdf-schema#comment", "The third-highest level of risk posed by an AI system.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["_:N024478cff6eb4ef48dc45dabdb7b0a35", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N29e8eb1e03be45ae92093e6937585f14", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", "http://www.w3.org/2000/01/rdf-schema#comment", "Used when there is a security related identifier of unspecified type.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", "globalId", "", ""] +["_:N037a9f94d4da4593a56a6804fca57483", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N163b018b3d984833a5523252ed920c58", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "globalId", "", ""] +["_:Nd33af007bad14a4594f7039df1c5df75", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nce6e2333750a40619f2e93e40be35d7e", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N30d5cdb21c144005b1d74c81aa0e129e", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N91d11db27b28462b8545b78734a27503", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", "http://www.w3.org/2000/01/rdf-schema#label", "configures", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N61b9a25cae674e199ce6572456d8e72f", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nb3e77cdb9a14442eafb0659c7081c110", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the Security profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N72dd028519c2443b94229cfc4a2639bc", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/2000/01/rdf-schema#comment", "Base domain class from which all other SPDX-3.0 domain classes derive.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N44928392b4d8458f847c7fd69533d2ee", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N0b3155ddb4cc46678a8dadb3eb9e5e43", "localId", "", ""] +["_:N4f925ef656b840928e22aa51252c2976", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ndb50eefe33ac4feda6cfb13073b5324e", "localId", "", ""] +["_:N4ad4011b5f8c44cbb3e76f5da0885cfd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", "globalId", "", ""] +["_:Ndcdb30d7deca45a8bc3e563144933f0e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", "http://www.w3.org/2000/01/rdf-schema#label", "hasPrerequisite", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N47d32bc3b4e04c9ab083ec76d4f22585", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", "globalId", "", ""] +["_:N261c61aa119e4f4e9ce3c9387fb29c9f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "globalId", "", ""] +["_:N507c6135f8424e8db67fe59ae93eb464", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc6d7eec7a63445c8a64113d0e59ce02c", "localId", "", ""] +["_:N2a72f2e0c3d44dd5ac4c0633f336d556", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", "globalId", "", ""] +["_:Nf6541e98d99947d9a7ccb49088b43ea0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N931294357284457f9a6f643757b29e72", "localId", "", ""] +["_:N220b4463e39147e99e8eeeb9974c5370", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", "globalId", "", ""] +["_:Na1cdda0a73e94e598b769cac4a5a5cb8", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:Nba03adbea09d477299a596cac9fd8319", "localId", "", ""] +["_:Ne70b85feb564419597741ca637d61d03", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element has manifest files that contain dependency information in each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nff9c0c2a18f24f76bfa32806ec48ce59", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", "http://www.w3.org/2000/01/rdf-schema#label", "issueTracker", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:Nd385c846dfa14371a0a3697f7168b4c1", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes methods that can be used to explain the results from the AI model.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes a certain part of a file.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "http://www.w3.org/2000/01/rdf-schema#comment", "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/endTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the time from which an element is no longer applicable / valid.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N72a328f4b7e14cb194d99b35236c3430", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/to", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", "http://www.w3.org/ns/shacl#property", "_:N763c69315ee040a88ca27b5205984626", "localId", "", ""] +["_:Nd11df36dd5014f759eab790e847b9857", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", "https://spdx.org/rdf/3.0.1/terms/Core/created", "2024-11-22T03:00:01Z", "http://www.w3.org/2001/XMLSchema#dateTimeStamp", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", "http://www.w3.org/ns/shacl#property", "_:N5011f0cdb4544a70b796520ecd436a25", "localId", "", ""] +["_:N288949a61054447689377b531414e0b7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N41fda4edc0294fce84cdb5688d8ef9ef", "localId", "", ""] +["_:Nca9532c3dd0b421e95d0800b68e3442a", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/comment", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", "http://www.w3.org/2000/01/rdf-schema#label", "hasAssessmentFor", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nb8a14d0c45314542aa2d6a98232399be", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nb0ab9a298e9845b1b1b770398def929d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "http://www.w3.org/2000/01/rdf-schema#label", "device", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", "http://www.w3.org/2000/01/rdf-schema#label", "inlineMitigationsAlreadyExist", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/justificationType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N2c7697a923534e9988689746f1d03e41", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf4e0c03b381d4fb584571d8fdd2ca0a7", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N70cbc4a60eda4e648df0df882fab278d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/domain", "http://www.w3.org/2000/01/rdf-schema#comment", "Captures the domain in which the AI package can be used.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", "http://www.w3.org/2000/01/rdf-schema#label", "securityThreatModel", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a set of values to be used to describe the common types of SBOMs that\ntools may create.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N6e913b09266e498887238fae6898e289", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", "globalId", "", ""] +["_:N4aa1ea2c440f4aecb7a6656a599fbf22", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["_:N269b628c85f04f5d8a10fa3c500745a4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:Nce6e2333750a40619f2e93e40be35d7e", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N3b50e4323e8b4d388d8d522e18a49070", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nac0a6f045e7e4efd9dbaf01201286a14", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", "http://www.w3.org/2000/01/rdf-schema#comment", "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "http://www.w3.org/2000/01/rdf-schema#label", "diskImage", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", "http://www.w3.org/2000/01/rdf-schema#label", "vulnerableCodeCannotBeControlledByAdversary", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N348ad67a2abe4f9d929b1e20acc594b5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N52399fdf517c416ebb2e470463b71b5d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N8692a82c280845c3a6fa37c02ddae229", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:N80dc66a1ccec469392596c5291fa2864", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/prefix", "http://www.w3.org/2000/01/rdf-schema#comment", "A substitute for a URI.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "http://www.w3.org/2000/01/rdf-schema#comment", "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "globalId", "", ""] +["_:N2a72f2e0c3d44dd5ac4c0633f336d556", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["_:N3b695bebf32746039b555b8460ffe552", "http://www.w3.org/ns/shacl#not", "_:Nb8a14d0c45314542aa2d6a98232399be", "localId", "", ""] +["_:N4d2df683a0ea4c39be288b78f9e61ca4", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "globalId", "", ""] +["_:N66b43817d95d4468bf805207af159230", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", "globalId", "", ""] +["_:Nd33af007bad14a4594f7039df1c5df75", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", "http://www.w3.org/2000/01/rdf-schema#comment", "No assertion can be made about the completeness of the relationship.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N8bdb3da6da754d98843024e1dcbe3e43", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N2aa73eafba6f4d55938fb60c96ff2379", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nfe1814d375d7456e843deb8cde1cf341", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/ns/shacl#property", "_:Ne68051bb209048da9a57bc5dbaf28bf0", "localId", "", ""] +["_:Nc38c872821b548ee8f430a027b2d711f", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nd3d538fe1cb544b5808c51dffd844c81", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N98018fef19484e2fae944af82b21920e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", "globalId", "", ""] +["_:N39638ea4b52f4236b7a808cb979d2f4b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:Nbd47cac50394462f9015e00ec4b449a6", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N8ff2b7ece321489a9ff262a2c697c89c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", "globalId", "", ""] +["_:N9eda1b52fa264730ab0b383d300e1726", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Ne820a8ec67114d53b03a71f5f7be31f5", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:Ne11c75cafdb0438299216847b06716cf", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", "http://www.w3.org/2000/01/rdf-schema#comment", "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "3.0.1", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/locator", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:Nd8679c5e3311467ca097a4151ac8fa54", "localId", "", ""] +["_:N951ec4cbce414b3bab847840bf18d59f", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Package", "http://www.w3.org/ns/shacl#property", "_:N9eda1b52fa264730ab0b383d300e1726", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nebecc80c7e4045d1b3ad15ab0c1d04ec", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "http://www.w3.org/ns/shacl#property", "_:N163fe4499b2a454a9641b23118bf53ae", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "http://www.w3.org/ns/shacl#property", "_:Ne70b85feb564419597741ca637d61d03", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nfbd3df443088485abe551fc6374a3c4c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N1256cfafa26e453a9d5f8b08cc5920d7", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N00d83dee7aa44a7991821a46e83e5164", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", "http://www.w3.org/2000/01/rdf-schema#comment", "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nedaa28cbd856413e95e7805cf2d255dd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "globalId", "", ""] +["_:N329ecc1447f349cc968623ddffe6a2f7", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/domain", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", "http://www.w3.org/2000/01/rdf-schema#label", "invokedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", "http://www.w3.org/2000/01/rdf-schema#comment", "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", "http://www.w3.org/2000/01/rdf-schema#label", "componentNotPresent", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N0eb0fa7732fb4a2db7455731d6a1ce53", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd73c69088f734dffb4cc9539c637aecf", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nfb655ff9dcc6442baa6046d411f0624c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "globalId", "", ""] +["_:N687efc23ea2c4c0b9a09c9ca45dc49b3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nc91762ec925048e0a85d224bd2bd6d32", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N377b547285074591a904911ef1fc1977", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", "http://www.w3.org/2000/01/rdf-schema#comment", "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N4dcad64fd9cf4af2b8d6ea98d6c5450a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N264b55b33a4549a6a131d79763879896", "localId", "", ""] +["_:N0a961d271f304c8cbb2e0a1307a9d8ad", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nf284f365ba5c4e4da40d7d7900d82744", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides information about the primary purpose of the software artifact.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", "http://www.w3.org/2000/01/rdf-schema#comment", "Identifies the full text of a License or Addition.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", "http://www.w3.org/2000/01/rdf-schema#label", "foundBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", "http://www.w3.org/2000/01/rdf-schema#label", "hasConcludedLicense", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nf41c7f62f52f4c10b14344ec13dfe1e5", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a machine learning or artificial intelligence model.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd11df36dd5014f759eab790e847b9857", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:N5d195bb929fc404584503e9c9b17a526", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", "http://www.w3.org/2000/01/rdf-schema#comment", "Identify the version of a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Element", "http://www.w3.org/ns/shacl#property", "_:N675847984777421d9fb9b171cdf0bb53", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "http://www.w3.org/2000/01/rdf-schema#label", "sha3_224", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N2847f93323fd468eab2b926c5715c994", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "globalId", "", ""] +["_:Nd385c846dfa14371a0a3697f7168b4c1", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", "globalId", "", ""] +["_:N4466be96ec5a4942b916c3f1fad2d3ee", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N14d2ccc3ee7749088945c0ba96e7a88a", "localId", "", ""] +["_:N1bd597d8851e43b79e3bde3fb6388627", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/vectorString", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N4d86b5ad122d431bbf443326643a51df", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nfbd3df443088485abe551fc6374a3c4c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", "http://www.w3.org/2000/01/rdf-schema#comment", "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N14d7232930234cad917631e1993d7ccd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["_:Na42e3794f624483e818646ed683c5ba2", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:Nfe1814d375d7456e843deb8cde1cf341", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nc38c872821b548ee8f430a027b2d711f", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", "http://www.w3.org/2000/01/rdf-schema#label", "vcs", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", "http://www.w3.org/2000/01/rdf-schema#label", "exportControlAssessment", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "globalId", "", ""] +["_:Nbd47cac50394462f9015e00ec4b449a6", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "http://www.w3.org/2000/01/rdf-schema#label", "sha256", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3c34004e669a4f809790739b55299420", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:Nc7f12b88e8f5489dacbbfeb81192696a", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", "http://www.w3.org/2000/01/rdf-schema#label", "email", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Annotation", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/Build", "http://www.w3.org/ns/shacl#property", "_:N82be0a238ea44c658a60ca20e0c8c6fa", "localId", "", ""] +["_:N1dd7c94072d1478ca91bee2c7af967a8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N34cf4751490f48f9852ff2fa143a6321", "localId", "", ""] +["_:Nc6d18260ddfa478b84c2dc19c2059aa2", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/File", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", "http://www.w3.org/2000/01/rdf-schema#comment", "Defines the original host file that the snippet information applies to.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3899f43be1b142148dc7af5c1cd6a1b9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Records the time when a recommended action was communicated in a VEX statement\nto mitigate a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/description", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Relationship", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ndbfe3b48ba714fb990a0e903863ea1ed", "http://www.w3.org/ns/shacl#hasValue", "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", "http://www.w3.org/2000/01/rdf-schema#label", "cwe", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", "http://www.w3.org/2000/01/rdf-schema#comment", "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/standardName", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", "http://www.w3.org/2000/01/rdf-schema#comment", "Property that describes the digest of the build configuration file used to\ninvoke a build.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", "http://www.w3.org/2000/01/rdf-schema#comment", "Defines the end of a range.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", "http://www.w3.org/2000/01/rdf-schema#label", "serious", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/statement", "http://www.w3.org/2000/01/rdf-schema#comment", "Commentary on an assertion that an annotator has made.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3bf9008e5422473bb689602da04ccca1", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N91adaf3024344ddcbcbf3f943faaad6b", "http://www.w3.org/ns/shacl#in", "_:N2aa14aff363e4fc1ab2ed86f71eb8873", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", "http://www.w3.org/2000/01/rdf-schema#label", "simpleLicensing", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides the license under which the SPDX documentation of the Element can be\nused.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbbbec88245754e9d9390b9a11f0b67c2", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", "http://www.w3.org/2000/01/rdf-schema#label", "purchaseOrder", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N68767751c5f64fc1afe82f2dcbae6636", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N1358bfc70dc14db6aa3a799228bc2fdd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a export control assessment for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbd14f0a1267744e89f6930e710689414", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/identifier", "globalId", "", ""] +["_:Na449b0b56e3540618b2a2698204edde9", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N328adb4bb1ec422084a2169890188a03", "localId", "", ""] +["_:Nf71f6300b14a4726a20ffad899bed919", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nbac401e4be1249dd86dd149952baf59b", "http://www.w3.org/ns/shacl#path", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N8e672d95ff7d48e68c1ed7ecf019b269", "localId", "", ""] +["_:N5ab248e680454bbcb3ed254de24ac49f", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N163fe4499b2a454a9641b23118bf53ae", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", "http://www.w3.org/ns/shacl#property", "_:N453a2981f56c4d3a943752e7740f87fd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", "http://www.w3.org/2000/01/rdf-schema#label", "coordinatedBy", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N626b5ad29167479dabae9a9177315404", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", "globalId", "", ""] +["_:N243ef6907efb40d38e00f4430d63fc19", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9ed65925a89e40e8b7faaa925d739c72", "localId", "", ""] +["_:Nda71586c3c6541b4a6a907d316dca405", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Ndc659c8552d54ab684aadbdacdbd7a8d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "globalId", "", ""] +["_:Ne5e123ab8f7d4aa4b35a7442690fe19d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "globalId", "", ""] +["_:N0274510beacf46b0b7cd7048ff3cbb4d", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "http://www.w3.org/ns/shacl#property", "_:N5ab248e680454bbcb3ed254de24ac49f", "localId", "", ""] +["_:N68e2aefd82ab40c59cc6c2bfeab0adc4", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["_:N4e6142c3e2dd4f3f9e2aed1df9452bc7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/endTime", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", "http://www.w3.org/2000/01/rdf-schema#comment", "Indicates whether the system can perform a decision or action without human\ninvolvement or guidance.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "http://www.w3.org/2000/01/rdf-schema#label", "noAssertion", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "globalId", "", ""] +["_:N66595c518c6248f69bdca82dccebf454", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na82fb3a822a04f6180f1ca7808276d8f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/metric", "http://www.w3.org/2000/01/rdf-schema#comment", "Records the measurement of prediction quality of the AI model.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nd0cfba2a98544626a8566f29105598e9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na79e142094fb464da3de3ceb4108e4ff", "localId", "", ""] +["_:N5f694c64068844ca80652791ca7749d9", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "globalId", "", ""] +["_:N0781395df11e44a6a3186f0fa8908958", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", "http://www.w3.org/2000/01/rdf-schema#label", "review", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nd77657e0b19d459c931f64f48ed7e1a6", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#anyURI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to the patch or source code that fixes a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Nc5485992ed4e4cbea07fa6d87ee716ac", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "http://www.w3.org/2000/01/rdf-schema#label", "blake2b256", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#label", "runtimeAnalysisReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", "http://www.w3.org/ns/shacl#property", "_:Nf41c7f62f52f4c10b14344ec13dfe1e5", "localId", "", ""] +["_:Nfcc30e48020d4dd2b3493a0cd55ea457", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies a data package and its associated information.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "http://www.w3.org/ns/shacl#property", "_:Ndaeba75fb43b4db7b777e9b00ecd7064", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "This individual element was defined by the spec.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nf7fd042770064703a84cd9039273e4f7", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N65301d1be04341678842dfc049e2a33c", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a social media channel for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/locator", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides the location of an exploit catalog.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "data is of a type not included in this list.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nff33e8337dc8421d9e74b338e35a75d5", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/name", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N1d4668e7f12244a7a9407b898c9b0534", "localId", "", ""] +["_:N13f4d81403034faaa93ea1abc3bd3d91", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "globalId", "", ""] +["_:Ndb31c53559be41e0b28e79b74da0b557", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N73e74213eec84d8daaa36a51dab963d6", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Sbom", "http://www.w3.org/ns/shacl#property", "_:N954579de61d84bef909737ad4568a536", "localId", "", ""] +["_:N68e2aefd82ab40c59cc6c2bfeab0adc4", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/Snippet", "http://www.w3.org/ns/shacl#property", "_:Nc6d18260ddfa478b84c2dc19c2059aa2", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ne7777394524c4639973161dd3aff2db3", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", "http://www.w3.org/2000/01/rdf-schema#label", "registration", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nbb0a3a63cdba4f078c6de6eef7ff6579", "http://www.w3.org/ns/shacl#not", "_:Ncedd59bf4f1a4436ac8325d34d020df5", "localId", "", ""] +["_:N58b8de667bb54771976a5e86a8a8139a", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N9bb1cced9aa14e08b36ebf9f952b1d01", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", "http://www.w3.org/2000/01/rdf-schema#comment", "This individual element was defined by the spec.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Ne883dfda4a7445ceb1e70f39ddd03fea", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Nf284f365ba5c4e4da40d7d7900d82744", "localId", "", ""] +["_:Nd0ec388aab40469ab0a4297c30e0c906", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N9c1ccbc2b86f454395a450f736b67eec", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", "http://www.w3.org/2000/01/rdf-schema#comment", "The file represents a single file (default).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/2000/01/rdf-schema#comment", "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", "http://www.w3.org/2000/01/rdf-schema#label", "chat", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N6946aaeee89545da9d91b8527c54139a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N58021835a49a4b959f9428f8df7f7198", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd77e569c4d2d4d2c9bb29ea462bc94cc", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N6be5db9035a14b779b13bfa0a5a51c3e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nd83655f2100e4025b2eefd465fc154ab", "localId", "", ""] +["_:Nb3e77cdb9a14442eafb0659c7081c110", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N683c5b7b252949bda929dd4befe8bb50", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N991d42b910e64656b45d7c4ce9e7f5e3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", "http://www.w3.org/2000/01/rdf-schema#comment", "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`).", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/File", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N2b94274553ab4bc2bbc78307f39b3327", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/justificationType", "http://www.w3.org/2000/01/rdf-schema#comment", "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nba03adbea09d477299a596cac9fd8319", "http://www.w3.org/ns/shacl#message", "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N0f568f8825144082a14a0e000b8ff13f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "globalId", "", ""] +["_:Nae8e63939c7c4cf4aa4ba555362d775c", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N8e672d95ff7d48e68c1ed7ecf019b269", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#boolean", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "http://www.w3.org/2000/01/rdf-schema#label", "crystalsDilithium", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N0d09683a42354debacdd0b0625119609", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "http://www.w3.org/2000/01/rdf-schema#comment", "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nc3c21678fc9a459784f054a6954a9aa8", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides a CVSS version 2.0 assessment for a vulnerability.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:Na267e7b88a344e4fbd0c59a6dc760e65", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element provides low level control over a device's hardware.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N2056bd91659a4260a6eb99a0cbdd9f14", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", "globalId", "", ""] +["_:N0753f471dae945e885cde15702c705bb", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", "http://www.w3.org/2000/01/rdf-schema#label", "runtime", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", "http://www.w3.org/2000/01/rdf-schema#comment", "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3c163fcab8684aa09c61e78b4cbb9b38", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["_:N7a48123f699948b5867af1fec0d7b88e", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Core/comment", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", "http://www.w3.org/2000/01/rdf-schema#comment", "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:Nc9ddcdf86e874968aa8f5ba821975eb4", "localId", "", ""] +["_:N07868b0098174c478ac47f3fbc946ff0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N2061c93cd5774c61823bf76c952d5242", "localId", "", ""] +["_:N95b6da49b56e4298924cd2f153f00905", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nf7fd042770064703a84cd9039273e4f7", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nf41c7f62f52f4c10b14344ec13dfe1e5", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N8bdb3da6da754d98843024e1dcbe3e43", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:Ne778a773be4f408192f2ed37c6143a5d", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", "globalId", "", ""] +["_:Na5ef7f1675b84ce99e4f4ca36d200a91", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N14d7232930234cad917631e1993d7ccd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "http://www.w3.org/2000/01/rdf-schema#comment", "Abstract class representing a License or an OrLaterOperator.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "http://www.w3.org/2000/01/rdf-schema#comment", "When a CVSS score is between 9.0 - 10.0", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ndb31c53559be41e0b28e79b74da0b557", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "http://www.w3.org/2000/01/rdf-schema#label", "test", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "http://www.w3.org/2002/07/owl#sameAs", "https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N45b62edbd5f3406dba20232288ec19fd", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Ne64dea82135241279d97934d928f2d35", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", "http://www.w3.org/2000/01/rdf-schema#label", "binaryArtifact", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N0b728d22a9674ecc87af12fde5aae61c", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/annotationType", "http://www.w3.org/2000/01/rdf-schema#comment", "Describes the type of annotation.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "http://www.w3.org/ns/shacl#property", "_:Nda71586c3c6541b4a6a907d316dca405", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the unit in which energy is measured.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:N9bb1cced9aa14e08b36ebf9f952b1d01", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na3743aad0c334d06a729f81988609c9f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the value of the content identifier.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/ns/shacl#property", "_:Nc9ccffdec66347509395f75c9845128f", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "http://www.w3.org/2000/01/rdf-schema#label", "configuration", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N44928392b4d8458f847c7fd69533d2ee", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", "globalId", "", ""] +["_:N6eb9ec15081f404a99935ff4e2aaa14b", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N62b8677868664944abc9f19745aed957", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne4baf3becb8740a79f8bceb49f40679f", "localId", "", ""] +["_:Nf3dfbb7f98e84c61b58f5b17e3ae9f19", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/externalRef", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N82be0a238ea44c658a60ca20e0c8c6fa", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Nf44042158d4d4c85a5bd6a0fcb538498", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#positiveInteger", "globalId", "", ""] +["_:Nb3e77cdb9a14442eafb0659c7081c110", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:N4278c3d777ea4ebd81cd23af80459c2d", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies a time when a vulnerability assessment was modified", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is modified by each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bom", "http://www.w3.org/2000/01/rdf-schema#comment", "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", "http://www.w3.org/2000/01/rdf-schema#label", "cve", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", "http://www.w3.org/2000/01/rdf-schema#label", "gitoid", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/decisionType", "http://www.w3.org/2000/01/rdf-schema#range", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "globalId", "", ""] +["_:Nf7e1508801cf4398b830fad84fe53388", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N62b8677868664944abc9f19745aed957", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/sbomType", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides information about the type of an SBOM.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nb245e59ae52342bea2f1feb05bb80e79", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", "http://www.w3.org/2000/01/rdf-schema#comment", "The `from` Element is a descendant of each `to` Element.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nff33e8337dc8421d9e74b338e35a75d5", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:Ncae19f1586924a439b37e75eb5b57ed4", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/domain", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N30d5cdb21c144005b1d74c81aa0e129e", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nc91762ec925048e0a85d224bd2bd6d32", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", "globalId", "", ""] +["_:N95b6da49b56e4298924cd2f153f00905", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Ndb06ff981cef4e94bfdbec22badacd4d", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Na5a538a0052340c0ba01747cca3d3da8", "http://www.w3.org/ns/shacl#not", "_:N8115c0678af046f9bb8fe56f1541b92b", "localId", "", ""] +["_:Nf41c7f62f52f4c10b14344ec13dfe1e5", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nfcc30e48020d4dd2b3493a0cd55ea457", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Security/score", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", "http://www.w3.org/2000/01/rdf-schema#label", "testedOn", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc38c872821b548ee8f430a027b2d711f", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Software/homePage", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", "http://www.w3.org/ns/shacl#property", "_:Ndc4f18efad334d78a498ea9df84fbd02", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["_:N0b728d22a9674ecc87af12fde5aae61c", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/algorithm", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Nd11df36dd5014f759eab790e847b9857", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/Element", "globalId", "", ""] +["_:N105628f6c8b040edb9db617f35f30bec", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ned1f0afb78d3460c9478383abf3da36b", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Na8cf54eee3ac40cca0ed6cfdaef6a576", "localId", "", ""] +["_:N734a831b529349fb969fd328dc6dcb1c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N25b71b41baf8408a91b66336f376a5b6", "localId", "", ""] +["_:Nb850dda843534d3ab3ffbadf70766fef", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Ndc4f18efad334d78a498ea9df84fbd02", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#BlankNodeOrIRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:Nda791debefe5491aa84d61433873c630", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", "http://www.w3.org/2000/01/rdf-schema#comment", "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N6be5db9035a14b779b13bfa0a5a51c3e", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element refers to a chipset, processor, or electronic board.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "http://www.w3.org/2000/01/rdf-schema#comment", "Categories of presence or absence.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:Nbd14f0a1267744e89f6930e710689414", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nf44042158d4d4c85a5bd6a0fcb538498", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N6eb9ec15081f404a99935ff4e2aaa14b", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N06a4b77ca26e4742a10723dc3349c395", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "globalId", "", ""] +["_:Nccde3ac271484f91b83ed5fb2e1d70c9", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N36b7d391e5cf402199bf454d82f5735c", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Bundle", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/value", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#comment", "A reference to a dynamic analysis report for a package.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/to", "http://www.w3.org/2000/01/rdf-schema#comment", "References an Element on the right-hand side of a relationship.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#comment", "Abstract ancestor class for all VEX relationships", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:Nf3dfbb7f98e84c61b58f5b17e3ae9f19", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N565a78360e28494ea80897aadf944c0c", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", "http://www.w3.org/ns/shacl#property", "_:N79e0fdc8a753446e8e1931aab90b02ae", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#IRI", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies the type of an external reference.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:N5011f0cdb4544a70b796520ecd436a25", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "http://www.w3.org/2000/01/rdf-schema#label", "data", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N1358bfc70dc14db6aa3a799228bc2fdd", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#ObjectProperty", "globalId", "", ""] +["_:Nf507b9bee5ae4254bafe4ce3c72a9f18", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["_:N0f568f8825144082a14a0e000b8ff13f", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N89d641eef49d4a5f9ef42bfe5c4221bd", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/limitation", "http://www.w3.org/2000/01/rdf-schema#range", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", "http://www.w3.org/2000/01/rdf-schema#label", "image", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc91762ec925048e0a85d224bd2bd6d32", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Nf028d12b2d0f4f6cb20747b6b39a8b5b", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", "http://www.w3.org/2000/01/rdf-schema#label", "ancestorOf", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:Nc85a3a5deac54465a32d993ba5434b00", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:Ne7777394524c4639973161dd3aff2db3", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", "3.0.1", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N163fe4499b2a454a9641b23118bf53ae", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:N29e8eb1e03be45ae92093e6937585f14", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "http://www.w3.org/1999/02/22-rdf-syntax-ns#nil", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", "http://www.w3.org/ns/shacl#property", "_:N88e97455b377466daa24bff58cde8f0d", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", "http://www.w3.org/2000/01/rdf-schema#comment", "Specifies whether a license or additional text identifier has been marked as\ndeprecated.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", "http://www.w3.org/2000/01/rdf-schema#label", "hasTest", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", "http://www.w3.org/2000/01/rdf-schema#label", "dynamicAnalysisReport", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N328adb4bb1ec422084a2169890188a03", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["_:Nadc18a90b6ca4cc3af0fb2aa7418dda8", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", "http://www.w3.org/2000/01/rdf-schema#comment", "the element follows the Build profile specification", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", "http://www.w3.org/ns/shacl#property", "_:N66b43817d95d4468bf805207af159230", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "http://www.w3.org/2000/01/rdf-schema#label", "no", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#NamedIndividual", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", "http://www.w3.org/2000/01/rdf-schema#comment", "Any other units of energy measurement.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", "http://www.w3.org/2000/01/rdf-schema#label", "test", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element is a plan, guideline or strategy how to create, perform or analyze an application.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/Artifact", "http://www.w3.org/ns/shacl#property", "_:N06465237afe4406eb4803558f7a57c08", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N6f8ca85700744b0e9f7a8672675d1dca", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/key", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#DatatypeProperty", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", "http://www.w3.org/ns/shacl#property", "_:N7676f1bbd99e47659502f87b9936453e", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", "http://www.w3.org/ns/shacl#property", "_:N8692a82c280845c3a6fa37c02ddae229", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/2002/07/owl#Class", "globalId", "", ""] +["_:N06465237afe4406eb4803558f7a57c08", "http://www.w3.org/ns/shacl#pattern", "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$", "http://www.w3.org/2001/XMLSchema#string", "", ""] +["_:N30d5cdb21c144005b1d74c81aa0e129e", "http://www.w3.org/ns/shacl#class", "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", "globalId", "", ""] +["_:Nb81407b76fc94f228f1f5ad011d931a5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", "globalId", "", ""] +["_:N4091b2fb3d5c417fad7305927740d1d5", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N683c5b7b252949bda929dd4befe8bb50", "localId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", "http://www.w3.org/2000/01/rdf-schema#comment", "Enumeration of the different kinds of SPDX file.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", "globalId", "", ""] +["_:N73833299f42a4f78b3a3379f9d2302d7", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", "globalId", "", ""] +["_:N034bf868068348fb92f2f33976cad5ae", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", "http://www.w3.org/2000/01/rdf-schema#subClassOf", "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/completeness", "http://www.w3.org/2000/01/rdf-schema#comment", "Provides information about the completeness of relationships.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", "http://www.w3.org/1999/02/22-rdf-syntax-ns#type", "http://www.w3.org/ns/shacl#NodeShape", "globalId", "", ""] +["_:N6946aaeee89545da9d91b8527c54139a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", "globalId", "", ""] +["_:N4382805b6a5947d38ffcfd8b182bddbf", "http://www.w3.org/ns/shacl#maxCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "http://www.w3.org/2000/01/rdf-schema#comment", "The Element doesn't fit into any of the other categories.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N3c34004e669a4f809790739b55299420", "http://www.w3.org/1999/02/22-rdf-syntax-ns#rest", "_:N5a0ed5449f124c1e9ea7b05f0826cabd", "localId", "", ""] +["_:Nbd14f0a1267744e89f6930e710689414", "http://www.w3.org/ns/shacl#nodeKind", "http://www.w3.org/ns/shacl#Literal", "globalId", "", ""] +["_:Nc37985fef6884679b49d387a2ef08d3f", "http://www.w3.org/ns/shacl#path", "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", "globalId", "", ""] +["_:Nb850dda843534d3ab3ffbadf70766fef", "http://www.w3.org/ns/shacl#minCount", "1", "http://www.w3.org/2001/XMLSchema#integer", "", ""] +["_:Nd0ec388aab40469ab0a4297c30e0c906", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", "http://www.w3.org/2000/01/rdf-schema#comment", "no assertion about the type of support is made. This is considered the default if no other support type is used.", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["_:N737b3d5b3c8f4cb7b5fb665b52f1dd96", "http://www.w3.org/ns/shacl#datatype", "http://www.w3.org/2001/XMLSchema#string", "globalId", "", ""] +["_:N8186b6d9dc534ac1b7a906d040a88d6a", "http://www.w3.org/1999/02/22-rdf-syntax-ns#first", "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", "globalId", "", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", "http://www.w3.org/2000/01/rdf-schema#comment", "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "http://www.w3.org/2000/01/rdf-schema#comment", "[Dilithium](https://pq-crystals.org/dilithium/)", "http://www.w3.org/1999/02/22-rdf-syntax-ns#langString", "en", ""] +["https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", "http://www.w3.org/ns/shacl#property", "_:Nfbb5f5e996be44989d31d47d46540443", "localId", "", ""] diff --git a/rdf/spdx-model.json-ld b/rdf/spdx-model.json-ld new file mode 100644 index 0000000000..df4b0456ed --- /dev/null +++ b/rdf/spdx-model.json-ld @@ -0,0 +1,15999 @@ +[ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "registration" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A license addition that is not listed on the SPDX Exceptions List." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The third-highest level of risk posed by an AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "medium" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A map of Element identifiers that are used within an SpdxDocument but defined\nexternal to that SpdxDocument." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nebecc80c7e4045d1b3ad15ab0c1d04ec" + }, + { + "@id": "_:Nb345ac20ec3244e480ec30eee26dc06e" + }, + { + "@id": "_:N894cee407d8747ec8adc2f05ce722a86" + }, + { + "@id": "_:Nd2a11bb8a1a14a82994d02e9dd610275" + } + ] + }, + { + "@id": "_:Nebecc80c7e4045d1b3ad15ab0c1d04ec", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId" + } + ] + }, + { + "@id": "_:Nb345ac20ec3244e480ec30eee26dc06e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing" + } + ] + }, + { + "@id": "_:N894cee407d8747ec8adc2f05ce722a86", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locationHint" + } + ] + }, + { + "@id": "_:Nd2a11bb8a1a14a82994d02e9dd610275", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "swid" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifier", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Uniquely identifies an external element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A software agent." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of a content identifier." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "blake2b256" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a CVSS version 2.0 assessment for a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Na2b089e6c69d4697ae4de61d18f020f7" + }, + { + "@id": "_:Nb850dda843534d3ab3ffbadf70766fef" + } + ] + }, + { + "@id": "_:Na2b089e6c69d4697ae4de61d18f020f7", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" + } + ] + }, + { + "@id": "_:Nb850dda843534d3ab3ffbadf70766fef", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a machine learning or artificial intelligence model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "model" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is an ancestor of each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "ancestorOf" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is available from the additional supplier described by each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "availableFrom" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a runtime analysis report for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "runtimeAnalysisReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An Individual Value for License when no assertion can be made about its actual\nvalue." + } + ], + "http://www.w3.org/2002/07/owl#sameAs": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasAssessmentFor" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A buildId is a locally unique identifier used by a builder to identify a unique\ninstance of a build produced by it." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a file system image that can be written to a disk (or virtual) partition." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "filesystemImage" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "fixedIn" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityPenTestReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a container image which can be used by a container runtime application." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "container" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/", + "@type": [ + "http://www.w3.org/2002/07/owl#Ontology" + ], + "http://purl.org/dc/terms/abstract": [ + { + "@language": "en", + "@value": "This ontology defines the terms and relationships used in the SPDX specification to describe system packages" + } + ], + "http://purl.org/dc/terms/created": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#date", + "@value": "2024-04-05" + } + ], + "http://purl.org/dc/terms/creator": [ + { + "@language": "en", + "@value": "SPDX Project" + } + ], + "http://purl.org/dc/terms/license": [ + { + "@id": "https://spdx.org/licenses/Community-Spec-1.0.html" + } + ], + "http://purl.org/dc/terms/references": [ + { + "@id": "https://spdx.dev/specifications/" + } + ], + "http://purl.org/dc/terms/title": [ + { + "@language": "en", + "@value": "System Package Data Exchange (SPDX) Ontology" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@language": "en", + "@value": "System Package Data Exchange (SPDX) Ontology" + } + ], + "http://www.w3.org/2002/07/owl#versionIRI": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/" + } + ], + "https://www.omg.org/spec/Commons/AnnotationVocabulary/copyright": [ + { + "@language": "en", + "@value": "Copyright (C) 2024 SPDX Project" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/percentile", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The percentile of the current probability score." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasDeclaredLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/Organization" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An Organization representing the SPDX Project." + } + ], + "http://www.w3.org/2002/07/owl#sameAs": [ + { + "@id": "https://spdx.org/" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides information about the primary purpose of the software artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An Individual Value for License where the SPDX data creator determines that no\nlicense is present." + } + ], + "http://www.w3.org/2002/07/owl#sameAs": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/None" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "runtime" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is video based, such as a collection of movie clips featuring Tom Hanks." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "video" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "query" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Used when someone reviews the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "review" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element provides a requirement needed as input for another Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "requirement" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "When a CVSS score is 0.0" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "none" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the unit of energy consumption." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the software support channel or other support information for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "support" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the algorithm used for calculating the hash value." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the unit in which energy is measured." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes the preprocessing steps that were applied to the raw data to create the given dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the ExpandedLicensing profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "expandedLicensing" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element depends on each `to` Element, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "dependsOn" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a software framework." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "framework" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a set of values to be used to describe the common types of SBOMs that\ntools may create." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "inlineMitigationsAlreadyExist" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A collection of SPDX Elements that could potentially be serialized." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N4aa1ea2c440f4aecb7a6656a599fbf22" + }, + { + "@id": "_:Ndc4f18efad334d78a498ea9df84fbd02" + }, + { + "@id": "_:Nc22ee04d695b4582bd604f6206900620" + } + ] + }, + { + "@id": "_:N4aa1ea2c440f4aecb7a6656a599fbf22", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/import" + } + ] + }, + { + "@id": "_:Ndc4f18efad334d78a498ea9df84fbd02", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap" + } + ] + }, + { + "@id": "_:Nc22ee04d695b4582bd604f6206900620", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A canonical, unique, immutable identifier" + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N45b62edbd5f3406dba20232288ec19fd" + }, + { + "@id": "_:N453a2981f56c4d3a943752e7740f87fd" + } + ] + }, + { + "@id": "_:N45b62edbd5f3406dba20232288ec19fd", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType" + } + ] + }, + { + "@id": "_:N453a2981f56c4d3a943752e7740f87fd", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes relevant information about different steps of the training process." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/lineRange", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Defines the line range in the original host file that the snippet information\napplies to." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/locator", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides the location of an exploit catalog." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides the location for more information regarding an external identifier." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "there is no support for the artifact from the supplier, consumer assumes any support obligations." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "noSupport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records the results of general safety risk assessment of the AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/completeness", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides information about the completeness of relationships." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Data points in the dataset are highly confidential and can only be shared with named recipients." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "red" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The field describes the availability of a dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Used to associate a `from` Artifact with each `to` Vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasAssociatedVulnerability" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to an artifact containing the sources for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sourceArtifact" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Annotation", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An assertion made in relation to one or more elements." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N91adaf3024344ddcbcbf3f943faaad6b" + }, + { + "@id": "_:N07cb32d0626a45cfbea37a7dd2a8b854" + }, + { + "@id": "_:N8f24e4128c124ec08b9e80f45a43dd1e" + }, + { + "@id": "_:N3bf9008e5422473bb689602da04ccca1" + } + ] + }, + { + "@id": "_:N91adaf3024344ddcbcbf3f943faaad6b", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/annotationType" + } + ] + }, + { + "@id": "_:N07cb32d0626a45cfbea37a7dd2a8b854", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^[^\\/]+\\/[^\\/]+$" + } + ] + }, + { + "@id": "_:N8f24e4128c124ec08b9e80f45a43dd1e", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/statement" + } + ] + }, + { + "@id": "_:N3bf9008e5422473bb689602da04ccca1", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasAddedFile" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes all the preprocessing steps applied to the training data before the\nmodel training." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha3_384" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a certification report for a package from an accredited/independent body." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "certificationReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to funding information related to a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "funding" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies whether the License is listed as approved by the\nOpen Source Initiative (OSI)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Abstract ancestor class for all VEX relationships" + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Na5a538a0052340c0ba01747cca3d3da8" + }, + { + "@id": "_:N1d4668e7f12244a7a9407b898c9b0534" + }, + { + "@id": "_:N0781395df11e44a6a3186f0fa8908958" + } + ] + }, + { + "@id": "_:Na5a538a0052340c0ba01747cca3d3da8", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N8115c0678af046f9bb8fe56f1541b92b" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:N8115c0678af046f9bb8fe56f1541b92b", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + } + ] + }, + { + "@id": "_:N1d4668e7f12244a7a9407b898c9b0534", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion" + } + ] + }, + { + "@id": "_:N0781395df11e44a6a3186f0fa8908958", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "build" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha224" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides information about the creation of the Element." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nf7fd042770064703a84cd9039273e4f7" + }, + { + "@id": "_:Nca9532c3dd0b421e95d0800b68e3442a" + }, + { + "@id": "_:N68e2aefd82ab40c59cc6c2bfeab0adc4" + }, + { + "@id": "_:N98018fef19484e2fae944af82b21920e" + }, + { + "@id": "_:N61753ca6fa484199b143356d20b0476e" + } + ] + }, + { + "@id": "_:Nf7fd042770064703a84cd9039273e4f7", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/specVersion" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + } + ] + }, + { + "@id": "_:Nca9532c3dd0b421e95d0800b68e3442a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + } + ] + }, + { + "@id": "_:N68e2aefd82ab40c59cc6c2bfeab0adc4", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/created" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:N98018fef19484e2fae944af82b21920e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdBy" + } + ] + }, + { + "@id": "_:N61753ca6fa484199b143356d20b0476e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Vulnerability has had an exploit created against it by each `to` Agent." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "exploitCreatedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/summary", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A short description of an Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasConcludedLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of the external identifier." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Dataset may be distributed freely, without restriction." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "clear" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes a sensor used for collecting the data." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "patchedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/byteRange", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Defines the byte range in the original host file that the snippet information\napplies to." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A relationship has specific context implications during development phase of an element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "development" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the security adversary model for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityAdversaryModel" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an EPSS assessment for a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nf284f365ba5c4e4da40d7d7900d82744" + }, + { + "@id": "_:Nc9ddcdf86e874968aa8f5ba821975eb4" + } + ] + }, + { + "@id": "_:Nf284f365ba5c4e4da40d7d7900d82744", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/probability" + } + ] + }, + { + "@id": "_:Nc9ddcdf86e874968aa8f5ba821975eb4", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/percentile" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies who or what supplied the artifact or VulnAssessmentRelationship\nreferenced by the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a single or a collection of source files." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "source" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "foundBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The relative file name of a file to be excluded from the\n`PackageVerificationCode`." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "When a CVSS score is between 9.0 - 10.0" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "critical" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of the content identifier." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element contains each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "contains" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A relationship has specific context implications during an element's testing phase, during development." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "test" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "any hashing algorithm that does not exist in this list of entries" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/specVersion", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a reference number that can be used to understand how to parse and\ninterpret an Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the CVSS vector string for a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property describing the start time of a build." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a static analysis report for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "staticAnalysisReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N963f7603cd844b03bd4631e0713b1635" + } + ] + }, + { + "@id": "_:N963f7603cd844b03bd4631e0713b1635", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 2 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An Individual Value for Element representing a set of Elements of unknown\nidentify or cardinality (number)." + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A tuple of two positive integers that define a range." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N80dac4ea19f44488ae2dc09ba1429116" + }, + { + "@id": "_:Nf44042158d4d4c85a5bd6a0fcb538498" + } + ] + }, + { + "@id": "_:N80dac4ea19f44488ae2dc09ba1429116", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange" + } + ] + }, + { + "@id": "_:Nf44042158d4d4c85a5bd6a0fcb538498", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A mapping between prefixes and namespace partial URIs." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N763c69315ee040a88ca27b5205984626" + }, + { + "@id": "_:Na96bc2776ef4488595f136d0fbac26a6" + } + ] + }, + { + "@id": "_:N763c69315ee040a88ca27b5205984626", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/prefix" + } + ] + }, + { + "@id": "_:Na96bc2776ef4488595f136d0fbac26a6", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespace" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "republishedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to an alternative download location." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "altDownloadLocation" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "cwe" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Person", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An individual human being." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/catalogType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the exploit catalog type." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasDynamicLink" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "md6" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityThreatModel" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The file represents a single file (default)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "file" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/domain", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Captures the domain in which the AI package can be used." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "scrapingScript" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has been trained on the `to` Element(s)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "trainedOn" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Categories of presence or absence." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A License participating in a 'with addition' model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "deployed" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Any other units of energy measurement." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N7c9974a53d5443c5831f3e7dc56073d0" + }, + { + "@id": "_:N4881d1614aa0403894d16c3ca276d790" + }, + { + "@id": "_:Nfe1814d375d7456e843deb8cde1cf341" + }, + { + "@id": "_:Nd33af007bad14a4594f7039df1c5df75" + }, + { + "@id": "_:Nbbbec88245754e9d9390b9a11f0b67c2" + }, + { + "@id": "_:Nd77657e0b19d459c931f64f48ed7e1a6" + }, + { + "@id": "_:N73f9586a8a7d4b978afcb9cfe998050b" + } + ] + }, + { + "@id": "_:N7c9974a53d5443c5831f3e7dc56073d0", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N8358def5fd2b4668b759d786315e799f" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:N8358def5fd2b4668b759d786315e799f", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + } + ] + }, + { + "@id": "_:N4881d1614aa0403894d16c3ca276d790", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText" + } + ] + }, + { + "@id": "_:Nfe1814d375d7456e843deb8cde1cf341", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId" + } + ] + }, + { + "@id": "_:Nd33af007bad14a4594f7039df1c5df75", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml" + } + ] + }, + { + "@id": "_:Nbbbec88245754e9d9390b9a11f0b67c2", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy" + } + ] + }, + { + "@id": "_:Nd77657e0b19d459c931f64f48ed7e1a6", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso" + } + ] + }, + { + "@id": "_:N73f9586a8a7d4b978afcb9cfe998050b", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data that is classified into a discrete number of categories, such as the eye color of a population of people." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "categorical" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sbomType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides information about the type of an SBOM." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "graph" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "gitoid" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the full text of a LicenseAddition, in SPDX templating format." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasEvidence" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The second-highest level of risk posed by an AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "high" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a numerical (0-10) representation of the severity of a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data type is not known." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "noAssertion" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Snippet", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes a certain part of a file." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N825f749765e348a0abfef75f63c1588a" + }, + { + "@id": "_:Nf9bf03371d92462f91a54baa946fd625" + }, + { + "@id": "_:Nc6d18260ddfa478b84c2dc19c2059aa2" + } + ] + }, + { + "@id": "_:N825f749765e348a0abfef75f63c1588a", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/byteRange" + } + ] + }, + { + "@id": "_:Nf9bf03371d92462f91a54baa946fd625", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/lineRange" + } + ] + }, + { + "@id": "_:Nc6d18260ddfa478b84c2dc19c2059aa2", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Portion of an AnyLicenseInfo representing a set of licensing information where\nonly one of the elements applies." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Ne81afbff18a74c75ac853da24ab327a0" + } + ] + }, + { + "@id": "_:Ne81afbff18a74c75ac853da24ab327a0", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 2 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Base domain class from which all other SPDX-3.0 domain classes derive." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nbac401e4be1249dd86dd149952baf59b" + }, + { + "@id": "_:Nff33e8337dc8421d9e74b338e35a75d5" + }, + { + "@id": "_:N61b9a25cae674e199ce6572456d8e72f" + }, + { + "@id": "_:N00fcf1f501a749fc9cbbdbdf23a7aaa8" + }, + { + "@id": "_:N7a66c734ced842b4913ff95c5f5cf452" + }, + { + "@id": "_:Nc3c21678fc9a459784f054a6954a9aa8" + }, + { + "@id": "_:N269b628c85f04f5d8a10fa3c500745a4" + }, + { + "@id": "_:N675847984777421d9fb9b171cdf0bb53" + }, + { + "@id": "_:N951ec4cbce414b3bab847840bf18d59f" + }, + { + "@id": "_:Nf26016059c3e414da185e30155b543f5" + } + ] + }, + { + "@id": "_:Nbac401e4be1249dd86dd149952baf59b", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N5bda6a3731444310990a06326743f6aa" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:N5bda6a3731444310990a06326743f6aa", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ] + }, + { + "@id": "_:Nff33e8337dc8421d9e74b338e35a75d5", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/name" + } + ] + }, + { + "@id": "_:N61b9a25cae674e199ce6572456d8e72f", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/summary" + } + ] + }, + { + "@id": "_:N00fcf1f501a749fc9cbbdbdf23a7aaa8", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/description" + } + ] + }, + { + "@id": "_:N7a66c734ced842b4913ff95c5f5cf452", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + } + ] + }, + { + "@id": "_:Nc3c21678fc9a459784f054a6954a9aa8", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo" + } + ] + }, + { + "@id": "_:N269b628c85f04f5d8a10fa3c500745a4", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing" + } + ] + }, + { + "@id": "_:N675847984777421d9fb9b171cdf0bb53", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRef" + } + ] + }, + { + "@id": "_:N951ec4cbce414b3bab847840bf18d59f", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier" + } + ] + }, + { + "@id": "_:Nf26016059c3e414da185e30155b543f5", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/extension" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "md4" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the Core profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "core" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Dilithium](https://pq-crystals.org/dilithium/)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "crystalsDilithium" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Indicates whether the system can perform a decision or action without human\ninvolvement or guidance." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes methods that can be used to explain the results from the AI model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "amber" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a version control system related to a software artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "vcs" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the instant messaging system used by the maintainer for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "chat" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to instructions for reporting newly discovered security vulnerabilities for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityPolicy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityAdvisory" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Captures the threshold that was used for computation of a metric described in\nthe metric field." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the exploit catalog type." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "timeseries" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the version of a VEX statement." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/context", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "When a CVSS score is between 0.1 - 3.9" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "low" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a software library." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "library" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "diskImage" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies a data package and its associated information." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N78c7513398064da1a55c5df1b3c96444" + }, + { + "@id": "_:N00d83dee7aa44a7991821a46e83e5164" + }, + { + "@id": "_:Nb4381a5cee3143a482af28cf9a364f3c" + }, + { + "@id": "_:Na42e3794f624483e818646ed683c5ba2" + }, + { + "@id": "_:Na267e7b88a344e4fbd0c59a6dc760e65" + }, + { + "@id": "_:N66b43817d95d4468bf805207af159230" + }, + { + "@id": "_:N034bf868068348fb92f2f33976cad5ae" + }, + { + "@id": "_:N8adbab8e05cf4258a0b7e9eedbd03e5f" + }, + { + "@id": "_:N95b6da49b56e4298924cd2f153f00905" + }, + { + "@id": "_:Ndb06ff981cef4e94bfdbec22badacd4d" + }, + { + "@id": "_:N6eb9ec15081f404a99935ff4e2aaa14b" + }, + { + "@id": "_:Nf0752cee7bef48efaa39267516a6b21a" + }, + { + "@id": "_:N2a72f2e0c3d44dd5ac4c0633f336d556" + } + ] + }, + { + "@id": "_:N78c7513398064da1a55c5df1b3c96444", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed" + } + ] + }, + { + "@id": "_:N00d83dee7aa44a7991821a46e83e5164", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel" + } + ] + }, + { + "@id": "_:Nb4381a5cee3143a482af28cf9a364f3c", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess" + } + ] + }, + { + "@id": "_:Na42e3794f624483e818646ed683c5ba2", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing" + } + ] + }, + { + "@id": "_:Na267e7b88a344e4fbd0c59a6dc760e65", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability" + } + ] + }, + { + "@id": "_:N66b43817d95d4468bf805207af159230", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise" + } + ] + }, + { + "@id": "_:N034bf868068348fb92f2f33976cad5ae", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize" + } + ] + }, + { + "@id": "_:N8adbab8e05cf4258a0b7e9eedbd03e5f", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video" + } + ] + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType" + } + ] + }, + { + "@id": "_:N95b6da49b56e4298924cd2f153f00905", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism" + } + ] + }, + { + "@id": "_:Ndb06ff981cef4e94bfdbec22badacd4d", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation" + } + ] + }, + { + "@id": "_:N6eb9ec15081f404a99935ff4e2aaa14b", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse" + } + ] + }, + { + "@id": "_:Nf0752cee7bef48efaa39267516a6b21a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias" + } + ] + }, + { + "@id": "_:N2a72f2e0c3d44dd5ac4c0633f336d556", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/sensor" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A License participating in an 'or later' model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "act" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A license that is listed on the SPDX License List." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Ndaeba75fb43b4db7b777e9b00ecd7064" + }, + { + "@id": "_:Nadd5d6fa295c47ee82d49e5fde059110" + } + ] + }, + { + "@id": "_:Ndaeba75fb43b4db7b777e9b00ecd7064", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion" + } + ] + }, + { + "@id": "_:Nadd5d6fa295c47ee82d49e5fde059110", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Captures the size of the dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#nonNegativeInteger" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/decisionType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provide the enumeration of possible decisions in the\n[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Other exploit catalogs" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Used when the type does not match any of the other options." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the Software profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "software" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` archive expands out as an artifact described by each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "expandsTo" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A license exception that is listed on the SPDX Exceptions list." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N7c7a260c778e4d4491ba75a0fe083ebe" + }, + { + "@id": "_:N5011f0cdb4544a70b796520ecd436a25" + } + ] + }, + { + "@id": "_:N7c7a260c778e4d4491ba75a0fe083ebe", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion" + } + ] + }, + { + "@id": "_:N5011f0cdb4544a70b796520ecd436a25", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "affects" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metric", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records the measurement of prediction quality of the AI model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element refers to a chipset, processor, or electronic board." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "device" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasDistributionArtifact" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "limitedSupport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Used when there is a security related identifier of unspecified type." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityOther" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "trackStar" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes the type of the given dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is of a type not included in this list." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasSpecification" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the amount of energy consumed when finetuning the AI model that is\nbeing used in the AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasOptionalComponent" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Kyber](https://pq-crystals.org/kyber/)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "crystalsKyber" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the safety risk level." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasTestCase" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An Individual Value for Element representing a set of Elements with\ncardinality (number/count) of zero." + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo": [ + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneElement" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Captures a standard that is being complied with." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "eolNotice" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/description", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a detailed description of the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is an operating system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "operatingSystem" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The software is not affected because the vulnerable component is not in the product." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "componentNotPresent" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes the anonymization methods used." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the Security profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "security" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is a descendant of each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "descendantOf" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element represents a runtime environment." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "platform" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Categories of confidentiality level." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides the license under which the SPDX documentation of the Element can be\nused." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Indicates presence of the field." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "yes" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the SimpleLicensing profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "simpleLicensing" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the full text of a License, in SPDX templating format." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the Lite profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "lite" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Refers to one or more Elements that are part of an ElementCollection." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "No assertion can be made about the completeness of the relationship." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "noAssertion" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of an external identifier." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "analyzed" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a CVSS version 4 assessment for a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N4382805b6a5947d38ffcfd8b182bddbf" + }, + { + "@id": "_:N4278c3d777ea4ebd81cd23af80459c2d" + }, + { + "@id": "_:N58c62d134f5e41d78440946685ecf0cc" + } + ] + }, + { + "@id": "_:N4382805b6a5947d38ffcfd8b182bddbf", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" + } + ] + }, + { + "@id": "_:N4278c3d777ea4ebd81cd23af80459c2d", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity" + } + ] + }, + { + "@id": "_:N58c62d134f5e41d78440946685ecf0cc", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records the time when a recommended action was communicated in a VEX statement\nto mitigate a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bundle", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A collection of Elements that have a shared context." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N63f963c2c8a4467bb803f9af7eaafd3d" + } + ] + }, + { + "@id": "_:N63f963c2c8a4467bb803f9af7eaafd3d", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/context" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies an AI package and its associated information." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N8bdb3da6da754d98843024e1dcbe3e43" + }, + { + "@id": "_:N329ecc1447f349cc968623ddffe6a2f7" + }, + { + "@id": "_:Nd385c846dfa14371a0a3697f7168b4c1" + }, + { + "@id": "_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b" + }, + { + "@id": "_:Nf41c7f62f52f4c10b14344ec13dfe1e5" + }, + { + "@id": "_:N024478cff6eb4ef48dc45dabdb7b0a35" + }, + { + "@id": "_:Nad909dcc4fad4339a9eb809fabd6a871" + }, + { + "@id": "_:N13acbf7806c648f19f147c9073a04385" + }, + { + "@id": "_:Nc63741a7112e471ba97ce37e05f2dac1" + }, + { + "@id": "_:N626b5ad29167479dabae9a9177315404" + }, + { + "@id": "_:Ncae19f1586924a439b37e75eb5b57ed4" + }, + { + "@id": "_:N9bd771ac02cc41519919a01d4deca105" + }, + { + "@id": "_:N576b7fbe3ba74572a6eb065c67761847" + }, + { + "@id": "_:N80dc66a1ccec469392596c5291fa2864" + }, + { + "@id": "_:Nccde3ac271484f91b83ed5fb2e1d70c9" + } + ] + }, + { + "@id": "_:N8bdb3da6da754d98843024e1dcbe3e43", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/autonomyType" + } + ] + }, + { + "@id": "_:N329ecc1447f349cc968623ddffe6a2f7", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/domain" + } + ] + }, + { + "@id": "_:Nd385c846dfa14371a0a3697f7168b4c1", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption" + } + ] + }, + { + "@id": "_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter" + } + ] + }, + { + "@id": "_:Nf41c7f62f52f4c10b14344ec13dfe1e5", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication" + } + ] + }, + { + "@id": "_:N024478cff6eb4ef48dc45dabdb7b0a35", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining" + } + ] + }, + { + "@id": "_:Nad909dcc4fad4339a9eb809fabd6a871", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/limitation" + } + ] + }, + { + "@id": "_:N13acbf7806c648f19f147c9073a04385", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metric" + } + ] + }, + { + "@id": "_:Nc63741a7112e471ba97ce37e05f2dac1", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold" + } + ] + }, + { + "@id": "_:N626b5ad29167479dabae9a9177315404", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing" + } + ] + }, + { + "@id": "_:Ncae19f1586924a439b37e75eb5b57ed4", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability" + } + ] + }, + { + "@id": "_:N9bd771ac02cc41519919a01d4deca105", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment" + } + ] + }, + { + "@id": "_:N576b7fbe3ba74572a6eb065c67761847", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance" + } + ] + }, + { + "@id": "_:N80dc66a1ccec469392596c5291fa2864", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel" + } + ] + }, + { + "@id": "_:Nccde3ac271484f91b83ed5fb2e1d70c9", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a bill of materials." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "bom" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to additional product metadata such as reference within organization's product catalog." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "productMetadata" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A LicenseAddition participating in a 'with addition' model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A mathematical algorithm that maps data of arbitrary size to a bit string." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has been tested on the `to` Element(s)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "testedOn" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies an external Element used within an SpdxDocument but defined\nexternal to that SpdxDocument." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of the external reference." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A type of extension consisting of a list of name value pairs." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N516b1b46dbb04f1c953906f0388bf8b4" + } + ] + }, + { + "@id": "_:N516b1b46dbb04f1c953906f0388bf8b4", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of an external reference." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A buildType is a hint that is used to indicate the toolchain, platform, or\ninfrastructure that the build was invoked on." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "endOfSupport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Agent represents anything with the potential to act on a system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is documentation." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "documentation" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the mailing list used by the maintainer for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "mailingList" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "cpe22" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "serializedInArtifact" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies whether a license or additional text identifier has been marked as\ndeprecated." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has manifest files that contain dependency information in each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasDependencyManifest" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N47d32bc3b4e04c9ab083ec76d4f22585" + } + ] + }, + { + "@id": "_:N47d32bc3b4e04c9ab083ec76d4f22585", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property describes the invocation entrypoint of a build." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is recorded from a physical sensor, such as a thermometer reading or biometric device." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sensor" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasMetadata" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdBy", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies who or what created the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a software manifest." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "manifest" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "configures" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "cpe23" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "urlScheme" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is the evidence that a specification or requirement has been fulfilled." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "evidence" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "track" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property describing a parameter used in an instance of a build." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to an alternative web page." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "altWebPage" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/import", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an ExternalMap of Element identifiers." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property that describes the time at which a build stops." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The class that helps note down the quantity of energy consumption and the unit\nused for measurement." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Na1cdda0a73e94e598b769cac4a5a5cb8" + }, + { + "@id": "_:N904326509fc04cc4be66ea123ed9fdc4" + } + ] + }, + { + "@id": "_:Na1cdda0a73e94e598b769cac4a5a5cb8", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity" + } + ] + }, + { + "@id": "_:N904326509fc04cc4be66ea123ed9fdc4", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyUnit" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasRequirement" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "References the Element on the left-hand side of a relationship." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Enumeration of dataset types." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "deployed" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records any relevant background information or additional comments\nabout the origin of the package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is an archived collection of one or more files (.tar, .zip, etc.)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "archive" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a CVSS version 3 assessment for a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nfcc30e48020d4dd2b3493a0cd55ea457" + }, + { + "@id": "_:Na449b0b56e3540618b2a2698204edde9" + }, + { + "@id": "_:N328adb4bb1ec422084a2169890188a03" + } + ] + }, + { + "@id": "_:Nfcc30e48020d4dd2b3493a0cd55ea457", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/score" + } + ] + }, + { + "@id": "_:Na449b0b56e3540618b2a2698204edde9", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/severity" + } + ] + }, + { + "@id": "_:N328adb4bb1ec422084a2169890188a03", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/vectorString" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Defines the original host file that the snippet information applies to." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneElement", + "@type": [ + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "This individual element was defined by the spec." + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The highest level of risk posed by an AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "serious" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Defines the end of a range." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha384" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes the confidentiality level of the data points contained in the dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies a time when a vulnerability assessment was modified" + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "no assertion about the type of support is made. This is considered the default if no other support type is used." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "noAssertion" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specified the time and date when a vulnerability was withdrawn." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_SpdxOrganization", + "@type": [ + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "This individual element was defined by the spec." + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Enumeration of the valid profiles." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The result of applying a hash algorithm to an Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "swhid" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/value", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A value used in a generic key-value pair." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies whether an additional text identifier has been marked as deprecated." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property that describes the digest of the build configuration file used to\ninvoke a build." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "usesTool" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an exploit assessment of a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N91d11db27b28462b8545b78734a27503" + }, + { + "@id": "_:N8e672d95ff7d48e68c1ed7ecf019b269" + }, + { + "@id": "_:Ne820a8ec67114d53b03a71f5f7be31f5" + } + ] + }, + { + "@id": "_:N91d11db27b28462b8545b78734a27503", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/catalogType" + } + ] + }, + { + "@id": "_:N8e672d95ff7d48e68c1ed7ecf019b269", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/exploited" + } + ] + }, + { + "@id": "_:Ne820a8ec67114d53b03a71f5f7be31f5", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/locator" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Low/no risk is posed by an AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "low" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a social media channel for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "socialMedia" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nf71f6300b14a4726a20ffad899bed919" + }, + { + "@id": "_:Nbd14f0a1267744e89f6930e710689414" + }, + { + "@id": "_:Ne883dfda4a7445ceb1e70f39ddd03fea" + }, + { + "@id": "_:N0d09683a42354debacdd0b0625119609" + }, + { + "@id": "_:N13396ee366a94de388e2aff47754e81f" + } + ] + }, + { + "@id": "_:Nf71f6300b14a4726a20ffad899bed919", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType" + } + ] + }, + { + "@id": "_:Nbd14f0a1267744e89f6930e710689414", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifier" + } + ] + }, + { + "@id": "_:Ne883dfda4a7445ceb1e70f39ddd03fea", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + } + ] + }, + { + "@id": "_:N0d09683a42354debacdd0b0625119609", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator" + } + ] + }, + { + "@id": "_:N13396ee366a94de388e2aff47754e81f", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The relationship is known not to be exhaustive." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "incomplete" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "md5" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha3_256" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "syntactic" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes how the dataset was collected." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha3_512" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom\nLicense Addition to its URI ID." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element represents software that controls hardware devices." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "deviceDriver" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies an Element contained in a piece of software where a vulnerability was\nfound." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an independently reproducible mechanism that permits verification of a specific Element." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N10f5cc15b506459db381c02764d60e76" + }, + { + "@id": "_:N7a48123f699948b5867af1fec0d7b88e" + } + ] + }, + { + "@id": "_:N10f5cc15b506459db381c02764d60e76", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:Ne41f054fce23460dba46863153e67567" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:Ne41f054fce23460dba46863153e67567", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ] + }, + { + "@id": "_:N7a48123f699948b5867af1fec0d7b88e", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provide context for a relationship that occurs in the lifecycle." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N7676f1bbd99e47659502f87b9936453e" + } + ] + }, + { + "@id": "_:N7676f1bbd99e47659502f87b9936453e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/scope" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "describes" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "packagedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identify the version of a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An SPDX Element containing an SPDX license expression string." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Ne70b85feb564419597741ca637d61d03" + }, + { + "@id": "_:Nf5531d9c16ff4f589dff19f480634c29" + }, + { + "@id": "_:N1647e706f6764e7d9ec4e0aa8979d0c6" + } + ] + }, + { + "@id": "_:Ne70b85feb564419597741ca637d61d03", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression" + } + ] + }, + { + "@id": "_:Nf5531d9c16ff4f589dff19f480634c29", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + } + ] + }, + { + "@id": "_:N1647e706f6764e7d9ec4e0aa8979d0c6", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[FALCON](https://falcon-sign.info/falcon.pdf)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "falcon" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to additional license information related to an artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "license" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionElement", + "@type": [ + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "This individual element was defined by the spec." + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Information about the relationship between two Elements." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Indicates the amount of energy consumption incurred by an AI model." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "cve" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A string in the license expression format." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the time when a vulnerability was published." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the VEX justification type." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property describing the session in which a build is invoked." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nc51fb19223644705a84f646344b7e9d3" + }, + { + "@id": "_:N163fe4499b2a454a9641b23118bf53ae" + } + ] + }, + { + "@id": "_:Nc51fb19223644705a84f646344b7e9d3", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition" + } + ] + }, + { + "@id": "_:N163fe4499b2a454a9641b23118bf53ae", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/name", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the name of an Element as designated by the creator." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasHost" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "References an Element on the right-hand side of a relationship." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha512" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasPrerequisite" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A mathematically calculated representation of a grouping of data." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N4e4b35788e1b4064b856bcd8d2cc6670" + }, + { + "@id": "_:Naf01116eff7c4759be95f8f97c257d9c" + } + ] + }, + { + "@id": "_:N4e4b35788e1b4064b856bcd8d2cc6670", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm" + } + ] + }, + { + "@id": "_:Naf01116eff7c4759be95f8f97c257d9c", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Abstract class for the portion of an AnyLicenseInfo representing a license." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N72dd028519c2443b94229cfc4a2639bc" + }, + { + "@id": "_:Ne778a773be4f408192f2ed37c6143a5d" + }, + { + "@id": "_:Nc7f12b88e8f5489dacbbfeb81192696a" + }, + { + "@id": "_:Nc37985fef6884679b49d387a2ef08d3f" + }, + { + "@id": "_:N4b7945a329d940d7a4167237a4e60e53" + }, + { + "@id": "_:N79e0fdc8a753446e8e1931aab90b02ae" + }, + { + "@id": "_:Na3b27046864941989a486e5a70e0edb4" + }, + { + "@id": "_:Ndde9f898797c42b989ef522557debf64" + }, + { + "@id": "_:N5e678b3ba38745b58c0103b8e085d5c8" + }, + { + "@id": "_:Nd3d538fe1cb544b5808c51dffd844c81" + } + ] + }, + { + "@id": "_:N72dd028519c2443b94229cfc4a2639bc", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N0a961d271f304c8cbb2e0a1307a9d8ad" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:N0a961d271f304c8cbb2e0a1307a9d8ad", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + } + ] + }, + { + "@id": "_:Ne778a773be4f408192f2ed37c6143a5d", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText" + } + ] + }, + { + "@id": "_:Nc7f12b88e8f5489dacbbfeb81192696a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId" + } + ] + }, + { + "@id": "_:Nc37985fef6884679b49d387a2ef08d3f", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre" + } + ] + }, + { + "@id": "_:N4b7945a329d940d7a4167237a4e60e53", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved" + } + ] + }, + { + "@id": "_:N79e0fdc8a753446e8e1931aab90b02ae", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml" + } + ] + }, + { + "@id": "_:Na3b27046864941989a486e5a70e0edb4", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy" + } + ] + }, + { + "@id": "_:Ndde9f898797c42b989ef522557debf64", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso" + } + ] + }, + { + "@id": "_:N5e678b3ba38745b58c0103b8e085d5c8", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader" + } + ] + }, + { + "@id": "_:Nd3d538fe1cb544b5808c51dffd844c81", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a published list of releases for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "releaseHistory" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An element of hardware and/or software utilized to carry out a particular function." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N3b695bebf32746039b555b8460ffe552" + } + ] + }, + { + "@id": "_:N3b695bebf32746039b555b8460ffe552", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:Nb8a14d0c45314542aa2d6a98232399be" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:Nb8a14d0c45314542aa2d6a98232399be", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/extension", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies an Extension characterization of some aspect of an Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is amended by each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "amendedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespace", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an unambiguous mechanism for conveying a URI fragment portion of an\nElement ID." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provide consumers with comments by the creator of the Element about the\nElement." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies all the text and metadata associated with a license in the license\nXML format." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes if any sensitive personal information is present in the dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasDeletedFile" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "vulnerableCodeCannotBeControlledByAdversary" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is audio based, such as a collection of music from the 80s." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "audio" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A property name with an associated value." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Na92e8ceda7e548bb9a144c2e9c857639" + }, + { + "@id": "_:N2056bd91659a4260a6eb99a0cbdd9f14" + } + ] + }, + { + "@id": "_:Na92e8ceda7e548bb9a144c2e9c857639", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName" + } + ] + }, + { + "@id": "_:N2056bd91659a4260a6eb99a0cbdd9f14", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a module of a piece of software." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "module" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "vulnerabilityExploitabilityAssessment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes a mechanism to update the dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "underInvestigationFor" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Designates elements as products where the impact of a vulnerability is being\ninvestigated." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides information about the primary purpose of an Element." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the Build profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "build" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "attend" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A relationship has specific context implications during an element's build phase, during development." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "build" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha1" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Conveys information about how VEX status was determined." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Indicates the type of support that is associated with an artifact." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "CISA's Known Exploited Vulnerability (KEV) Catalog" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "kev" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An entity that is authorized to issue identification credentials." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provide an enumerated set of lifecycle phases that can provide context to relationships." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A canonical, unique, immutable identifier of the artifact content, that may be\nused for verifying its identity and/or integrity." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A value used in a CdxPropertyEntry name-value pair." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N8692a82c280845c3a6fa37c02ddae229" + }, + { + "@id": "_:N105628f6c8b040edb9db617f35f30bec" + } + ] + }, + { + "@id": "_:N8692a82c280845c3a6fa37c02ddae229", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement" + } + ] + }, + { + "@id": "_:N105628f6c8b040edb9db617f35f30bec", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Contains a URL where the License or LicenseAddition can be found in use." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Represents the energy quantity." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/attributionText", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasInput" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "delegatedTo" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is modified by each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "modifiedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "file" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the patch or source code that fixes a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityFix" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasProvidedDependency" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the full text of a LicenseAddition." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the artifact is in active development and is not considered ready for formal support from the supplier." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "development" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A key with an associated value." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nbd47cac50394462f9015e00ec4b449a6" + }, + { + "@id": "_:N187a93895c7b43bea96131212a0ba3f5" + } + ] + }, + { + "@id": "_:Nbd47cac50394462f9015e00ec4b449a6", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/key" + } + ] + }, + { + "@id": "_:N187a93895c7b43bea96131212a0ba3f5", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/value" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "design" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a export control assessment for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "exportControlAssessment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an SSVC assessment for a vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N30d5cdb21c144005b1d74c81aa0e129e" + } + ] + }, + { + "@id": "_:N30d5cdb21c144005b1d74c81aa0e129e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/decisionType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "vulnerableCodeNotInExecutePath" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/builtTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the time an artifact was built." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/limitation", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Captures a limitation of the AI software." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the issue tracker for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "issueTracker" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A distinct article or unit within the digital domain." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nba03adbea09d477299a596cac9fd8319" + }, + { + "@id": "_:Nc704d39d408f41caa9805e140ff0016a" + }, + { + "@id": "_:N5d195bb929fc404584503e9c9b17a526" + }, + { + "@id": "_:N06465237afe4406eb4803558f7a57c08" + }, + { + "@id": "_:Ndb31c53559be41e0b28e79b74da0b557" + }, + { + "@id": "_:Nd8679c5e3311467ca097a4151ac8fa54" + }, + { + "@id": "_:N737b3d5b3c8f4cb7b5fb665b52f1dd96" + }, + { + "@id": "_:Nda791debefe5491aa84d61433873c630" + } + ] + }, + { + "@id": "_:Nba03adbea09d477299a596cac9fd8319", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:Ndbfe3b48ba714fb990a0e903863ea1ed" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:Ndbfe3b48ba714fb990a0e903863ea1ed", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + } + ] + }, + { + "@id": "_:Nc704d39d408f41caa9805e140ff0016a", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy" + } + ] + }, + { + "@id": "_:N5d195bb929fc404584503e9c9b17a526", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy" + } + ] + }, + { + "@id": "_:N06465237afe4406eb4803558f7a57c08", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/builtTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:Ndb31c53559be41e0b28e79b74da0b557", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:Nd8679c5e3311467ca097a4151ac8fa54", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:N737b3d5b3c8f4cb7b5fb665b52f1dd96", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/standardName" + } + ] + }, + { + "@id": "_:Nda791debefe5491aa84d61433873c630", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion" + } + ] + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element doesn't fit into any of the other categories." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is configuration data." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "configuration" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "gitoid" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "email" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "publishedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a resource outside the scope of SPDX-3.0 content related to an Element." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N0b728d22a9674ecc87af12fde5aae61c" + }, + { + "@id": "_:Nddcc9ac569c4442b894f208d7722b4f8" + }, + { + "@id": "_:N5ab248e680454bbcb3ed254de24ac49f" + }, + { + "@id": "_:N72a328f4b7e14cb194d99b35236c3430" + } + ] + }, + { + "@id": "_:N0b728d22a9674ecc87af12fde5aae61c", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRefType" + } + ] + }, + { + "@id": "_:Nddcc9ac569c4442b894f208d7722b4f8", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locator" + } + ] + }, + { + "@id": "_:N5ab248e680454bbcb3ed254de24ac49f", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^[^\\/]+\\/[^\\/]+$" + } + ] + }, + { + "@id": "_:N72a328f4b7e14cb194d99b35236c3430", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/comment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the type of an annotation." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/exploited", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the documentation for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "documentation" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a quality assessment for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "qualityAssessmentReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasTest" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes one a profile which the creator of this ElementCollection intends to\nconform to." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to the release notes for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "releaseNotes" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The product is not affected because the code underlying the vulnerability is not present in the product." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "vulnerableCodeNotPresent" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "vulnerabilityDisclosureReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasExample" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasOutput" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Makes no assertion about the field." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "noAssertion" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a place for the SPDX data creator to record the package URL string\n(in accordance with the Package URL specification) for a software Package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Used when the type does not match any of the other options." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "other" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference build metadata related to a published package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "buildMeta" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a privacy assessment for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "privacyAssessment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies from where or whom the Element originally came." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The relationship is known to be exhaustive." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "complete" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Abstract class representing a License or an OrLaterOperator." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nbb0a3a63cdba4f078c6de6eef7ff6579" + } + ] + }, + { + "@id": "_:Nbb0a3a63cdba4f078c6de6eef7ff6579", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:Ncedd59bf4f1a4436ac8325d34d020df5" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:Ncedd59bf4f1a4436ac8325d34d020df5", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a Software Composition Analysis (SCA) report." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "componentAnalysisReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data consists only of numeric entries." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "numeric" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies whether the License is listed as free by the\nFree Software Foundation (FSF)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#boolean" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a risk assessment for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "riskAssessment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the AI profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "ai" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "nuget" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Artifact representing a serialization instance of SPDX data containing the\ndefinition of a particular Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is data." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "data" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides information about the content type of an Element or a Property." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records a hyperparameter used to build the AI model contained in the AI\npackage." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "When a CVSS score is between 4.0 - 6.9" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "medium" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A collection of Elements, not necessarily with unifying context." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nc9ccffdec66347509395f75c9845128f" + }, + { + "@id": "_:Nc4156282a9c34b6190b0869cdc1793db" + }, + { + "@id": "_:Ne3b40c9739164b2eb0ae163374d9c4ac" + }, + { + "@id": "_:N0bf807da343b4645904db560abf69583" + } + ] + }, + { + "@id": "_:Nc9ccffdec66347509395f75c9845128f", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N8eab6125211e4549a03d744617823ad5" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:N8eab6125211e4549a03d744617823ad5", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection" + } + ] + }, + { + "@id": "_:Nc4156282a9c34b6190b0869cdc1793db", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/element" + } + ] + }, + { + "@id": "_:Ne3b40c9739164b2eb0ae163374d9c4ac", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement" + } + ] + }, + { + "@id": "_:N0bf807da343b4645904db560abf69583", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite" + } + ] + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/profileConformance" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the full text of a License or Addition." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Information about the relationship between two Elements." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies until when the artifact can be used before its usage needs to be\nreassessed." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the value of the content identifier." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasStaticLink" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Availability of dataset." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the Dataset profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "dataset" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides relevant information about the AI software, not including the model\ndescription." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a map of a property names to a values." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "npm" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locationHint", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an indication of where to retrieve an external Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "md2" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Abstract ancestor class for all vulnerability assessments" + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N90cb783276d74a2881e21a08abf01e2f" + }, + { + "@id": "_:Nf507b9bee5ae4254bafe4ce3c72a9f18" + }, + { + "@id": "_:Naa7e95f812804669b3e89daed8d27b21" + }, + { + "@id": "_:N1a0a0b40de254f55a8372bba19b60496" + }, + { + "@id": "_:N74551d5c49b94ece99a5fdec0d58d233" + }, + { + "@id": "_:Nce6e2333750a40619f2e93e40be35d7e" + } + ] + }, + { + "@id": "_:N90cb783276d74a2881e21a08abf01e2f", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:N986501d57648498ea8ed156092baf32c" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:N986501d57648498ea8ed156092baf32c", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship" + } + ] + }, + { + "@id": "_:Nf507b9bee5ae4254bafe4ce3c72a9f18", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/assessedElement" + } + ] + }, + { + "@id": "_:Naa7e95f812804669b3e89daed8d27b21", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:N1a0a0b40de254f55a8372bba19b60496", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy" + } + ] + }, + { + "@id": "_:N74551d5c49b94ece99a5fdec0d58d233", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:Nce6e2333750a40619f2e93e40be35d7e", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the amount of energy consumed when training the AI model that is\nbeing used in the AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "text" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element is documented by each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasDocumentation" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element provides low level control over a device's hardware." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "firmware" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Defines the beginning of a range." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#positiveInteger" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/File", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Refers to any object that stores content on a computer." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N87131d5acc2b478ba16230f714aa0bb0" + }, + { + "@id": "_:N2b7fa052bf664f2a9e1923831d282602" + } + ] + }, + { + "@id": "_:N87131d5acc2b478ba16230f714aa0bb0", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/contentType" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^[^\\/]+\\/[^\\/]+$" + } + ] + }, + { + "@id": "_:N2b7fa052bf664f2a9e1923831d282602", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/fileKind" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is stored in tabular format or retrieved from a relational database." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "structured" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Property that describes the URI of the build configuration source file." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A license expression participating in a license set." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A license or addition that is not listed on the SPDX License List." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nda71586c3c6541b4a6a907d316dca405" + } + ] + }, + { + "@id": "_:Nda71586c3c6541b4a6a907d316dca405", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/externalRef", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides an IntegrityMethod with which the integrity of an Element can be\nasserted." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "secureSoftwareAttestation" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nb916f2dfc1c640bd8e0dac9bb5956172" + }, + { + "@id": "_:N377b547285074591a904911ef1fc1977" + }, + { + "@id": "_:N6f8ca85700744b0e9f7a8672675d1dca" + } + ] + }, + { + "@id": "_:Nb916f2dfc1c640bd8e0dac9bb5956172", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/justificationType" + } + ] + }, + { + "@id": "_:N377b547285074591a904911ef1fc1977", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatement" + } + ] + }, + { + "@id": "_:N6f8ca85700744b0e9f7a8672675d1dca", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "swhid" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies a vulnerability and its associated information." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Ne11c75cafdb0438299216847b06716cf" + }, + { + "@id": "_:N942417ca6d844df0914d75b099a457f8" + }, + { + "@id": "_:Ne68051bb209048da9a57bc5dbaf28bf0" + } + ] + }, + { + "@id": "_:Ne11c75cafdb0438299216847b06716cf", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/publishedTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:N942417ca6d844df0914d75b099a457f8", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:Ne68051bb209048da9a57bc5dbaf28bf0", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/rootElement", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "This property is used to denote the root Element(s) of a tree of elements contained in a BOM." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "blake2b512" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A relationship has specific context implications during an element's design." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "design" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasOptionalDependency" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "packageUrl" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/probability", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A probability score between 0 and 1 of a vulnerability being exploited." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#decimal" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to metrics related to package such as OpenSSF scorecards." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "metrics" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the CVSS base, temporal, threat, or environmental severity type." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Organization", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A group of people who work together in an organized way for a shared purpose." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Agent" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoneLicense", + "@type": [ + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "This individual element was defined by the spec." + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/creationInfo_NoAssertionLicense", + "@type": [ + "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "This individual element was defined by the spec." + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/created": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp", + "@value": "2024-11-22T03:00:01Z" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/createdBy": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" + } + ], + "https://spdx.org/rdf/3.0.1/terms/Core/specVersion": [ + { + "@value": "3.0.1" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides information about the creation of the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A license that is not listed on the SPDX License List." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes what the given dataset should be used for." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/locator", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides the location of an external reference." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Enumeration of the different kinds of SPDX file." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides a License author's preferred text to indicate that a file is covered\nby the License." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "source" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A name used in a CdxPropertyEntry name-value pair." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a plan, guideline or strategy how to create, perform or analyze an application." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "specification" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/Build", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Class that describes a build instance of software/artifacts." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N4f6d0abf94b14a189b945346f00ba9dc" + }, + { + "@id": "_:N7d2dbee05b72455c995a675186de5fd1" + }, + { + "@id": "_:N82be0a238ea44c658a60ca20e0c8c6fa" + }, + { + "@id": "_:N3ba51db196c04386ae47cb64aab6c95c" + }, + { + "@id": "_:Ne20cfbefa1424ba79abfc89287f1eef3" + }, + { + "@id": "_:Nbdc672a90df4480da8648bd31507d48e" + }, + { + "@id": "_:Nc8b9ea4213214eccb17ccccf3790161d" + }, + { + "@id": "_:Nce9a69dc19af4e1394f03174c67c5857" + }, + { + "@id": "_:N85ad449141be453592e9e80c2bc379f4" + } + ] + }, + { + "@id": "_:N4f6d0abf94b14a189b945346f00ba9dc", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType" + } + ] + }, + { + "@id": "_:N7d2dbee05b72455c995a675186de5fd1", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId" + } + ] + }, + { + "@id": "_:N82be0a238ea44c658a60ca20e0c8c6fa", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint" + } + ] + }, + { + "@id": "_:N3ba51db196c04386ae47cb64aab6c95c", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri" + } + ] + }, + { + "@id": "_:Ne20cfbefa1424ba79abfc89287f1eef3", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Hash" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest" + } + ] + }, + { + "@id": "_:Nbdc672a90df4480da8648bd31507d48e", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter" + } + ] + }, + { + "@id": "_:Nc8b9ea4213214eccb17ccccf3790161d", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:Nce9a69dc19af4e1394f03174c67c5857", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:N85ad449141be453592e9e80c2bc379f4", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element contains a set of changes to update, fix, or improve another Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "patch" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is an Artifact that can be run on a computer." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "executable" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "invokedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "adler32" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Sbom", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A collection of SPDX Elements describing a single package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bom" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N954579de61d84bef909737ad4568a536" + } + ] + }, + { + "@id": "_:N954579de61d84bef909737ad4568a536", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed" + } + ] + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sbomType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/fileKind", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes if a given file is a directory or non-directory kind of file." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "support" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is a collection of images such as pictures of animals." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "image" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A concrete subclass of AnyLicenseInfo used by Individuals in the\nExpandedLicensing profile." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bom", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Bundle" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "doesNotAffect" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IndividualElement", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A concrete subclass of Element used by Individuals in the\nCore profile." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Dataset can be shared within a community of peers and partners." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "green" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Megajoule." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "megajoule" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/statement", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Commentary on an assertion that an annotator has made." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "blake3" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a purchase order for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "purchaseOrder" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/standardName", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The name of a relevant standard that may apply to an artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/justificationType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to binary artifacts related to a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "binaryArtifact" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/created", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies when the Element was originally created." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/homePage", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A place for the SPDX document creator to record a website that serves as the\npackage's home page." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "timestamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element has been copied to each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "copiedTo" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the dataset is publicly available and can be downloaded directly." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "directDownload" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records the biases that the dataset is known to encompass." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records if sensitive personal information is used during model training or\ncould be used during the inference." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha256" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Records the type of the model used in the AI software." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "mavenCentral" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/subject", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An Element an annotator has made an assertion about." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "fixedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Abstract class representing a license combination consisting of one or more licenses." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nd6f4245b3ebe44e6b100782b191deb97" + } + ] + }, + { + "@id": "_:Nd6f4245b3ebe44e6b100782b191deb97", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:Nf58f6bed32c5414ca98526a5d6a7b6dc" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:Nf58f6bed32c5414ca98526a5d6a7b6dc", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to related security information of unspecified type." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "securityOther" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Timestamp of impact statement." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a test used to verify functionality on an software element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "test" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the SSVC decision type." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness." + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A relationship has specific context implications during the execution phase of an element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "runtime" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A distinct article or unit related to Software." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Artifact" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Na1ce1658c3be4bc0b082944caae9ddea" + }, + { + "@id": "_:N2b94274553ab4bc2bbc78307f39b3327" + }, + { + "@id": "_:Ne03121e956234709bc0f8f288597ff50" + }, + { + "@id": "_:Nfbb5f5e996be44989d31d47d46540443" + }, + { + "@id": "_:N58b8de667bb54771976a5e86a8a8139a" + }, + { + "@id": "_:N5912892962274966938ef83f3f23c015" + } + ] + }, + { + "@id": "_:Na1ce1658c3be4bc0b082944caae9ddea", + "http://www.w3.org/ns/shacl#message": [ + { + "@language": "en", + "@value": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead." + } + ], + "http://www.w3.org/ns/shacl#not": [ + { + "@id": "_:Nff8e6ed55f604249b913b2bbc6d8411d" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" + } + ] + }, + { + "@id": "_:Nff8e6ed55f604249b913b2bbc6d8411d", + "http://www.w3.org/ns/shacl#hasValue": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + } + ] + }, + { + "@id": "_:N2b94274553ab4bc2bbc78307f39b3327", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose" + } + ] + }, + { + "@id": "_:Ne03121e956234709bc0f8f288597ff50", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test" + } + ] + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose" + } + ] + }, + { + "@id": "_:Nfbb5f5e996be44989d31d47d46540443", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/copyrightText" + } + ] + }, + { + "@id": "_:N58b8de667bb54771976a5e86a8a8139a", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/attributionText" + } + ] + }, + { + "@id": "_:N5912892962274966938ef83f3f23c015", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "bower" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the time from which an element is no longer applicable / valid." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Provides additional purpose information of the software artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasDataFile" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/annotationType", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes the type of annotation." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Indicates absence of the field." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "no" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/startTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the time from which an element is applicable / valid." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the time an artifact was released." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "coordinatedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference to a dynamic analysis report for a package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "dynamicAnalysisReport" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes potentially noisy elements of the dataset." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/key", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A key used in a generic key-value pair." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The `from` Element generates each `to` Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "generates" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A reference build system used to create or publish the package." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "buildSystem" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "clickthrough" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "An SPDX version 2.X compatible verification method for software packages." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N5a2b8b0073a54a3db4d6092f1c5043ed" + }, + { + "@id": "_:Na3925605d49b4db382603ae946c37f51" + }, + { + "@id": "_:N88e97455b377466daa24bff58cde8f0d" + } + ] + }, + { + "@id": "_:N5a2b8b0073a54a3db4d6092f1c5043ed", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/algorithm" + } + ] + }, + { + "@id": "_:Na3925605d49b4db382603ae946c37f51", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/hashValue" + } + ] + }, + { + "@id": "_:N88e97455b377466daa24bff58cde8f0d", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is a software application." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "application" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the download Uniform Resource Identifier for the package at the time\nthat the document was created." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The file represents a directory and all content stored in that directory." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "directory" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the amount of energy consumed during inference time by an AI model\nthat is being used in the AI system." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Kilowatt-hour." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "kilowattHour" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A class for describing the energy consumption incurred by an AI model in\ndifferent stages of its lifecycle." + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N50c6944cf3544d0ab17d40d70d7715c3" + }, + { + "@id": "_:Nd05558aa816f416f8c26895bb8d1d9bb" + }, + { + "@id": "_:N250a4372ab014e66ba3eec07accb85dc" + } + ] + }, + { + "@id": "_:N50c6944cf3544d0ab17d40d70d7715c3", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption" + } + ] + }, + { + "@id": "_:Nd05558aa816f416f8c26895bb8d1d9bb", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption" + } + ] + }, + { + "@id": "_:N250a4372ab014e66ba3eec07accb85dc", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#BlankNodeOrIRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/scope", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Capture the scope of information about a specific relationship between elements." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The version of the SPDX License List used in the license expression." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "blake2b384" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "the element follows the Extension profile specification" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "extension" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "hasVariant" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Specifies the level of support associated with an artifact." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "reportedBy" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/prefix", + "@type": [ + "http://www.w3.org/2002/07/owl#DatatypeProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "A substitute for a URI." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "The Element is used to install software on disk." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "install" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", + "@type": [ + "http://www.w3.org/2002/07/owl#ObjectProperty" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Identifies the tooling that was used during the creation of the Element." + } + ], + "http://www.w3.org/2000/01/rdf-schema#range": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Tool" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "When a CVSS score is between 7.0 - 8.9" + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "high" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", + "@type": [ + "http://www.w3.org/2002/07/owl#NamedIndividual", + "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)." + } + ], + "http://www.w3.org/2000/01/rdf-schema#label": [ + { + "@value": "sha3_224" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Relationship", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Describes a relationship between one or more elements." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:Nd11df36dd5014f759eab790e847b9857" + }, + { + "@id": "_:N3c163fcab8684aa09c61e78b4cbb9b38" + }, + { + "@id": "_:N73e74213eec84d8daaa36a51dab963d6" + }, + { + "@id": "_:N53970517ea09401691d51549f8e0fd90" + }, + { + "@id": "_:Nae8e63939c7c4cf4aa4ba555362d775c" + }, + { + "@id": "_:Nb3e77cdb9a14442eafb0659c7081c110" + } + ] + }, + { + "@id": "_:Nd11df36dd5014f759eab790e847b9857", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/from" + } + ] + }, + { + "@id": "_:N3c163fcab8684aa09c61e78b4cbb9b38", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/Element" + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/to" + } + ] + }, + { + "@id": "_:N73e74213eec84d8daaa36a51dab963d6", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#minCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/relationshipType" + } + ] + }, + { + "@id": "_:N53970517ea09401691d51549f8e0fd90", + "http://www.w3.org/ns/shacl#class": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness" + } + ], + "http://www.w3.org/ns/shacl#in": [ + { + "@list": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete" + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion" + } + ] + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/completeness" + } + ] + }, + { + "@id": "_:Nae8e63939c7c4cf4aa4ba555362d775c", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/startTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "_:Nb3e77cdb9a14442eafb0659c7081c110", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Core/endTime" + } + ], + "http://www.w3.org/ns/shacl#pattern": [ + { + "@value": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/Package", + "@type": [ + "http://www.w3.org/2002/07/owl#Class", + "http://www.w3.org/ns/shacl#NodeShape" + ], + "http://www.w3.org/2000/01/rdf-schema#comment": [ + { + "@language": "en", + "@value": "Refers to any unit of content that can be associated with a distribution of\nsoftware." + } + ], + "http://www.w3.org/2000/01/rdf-schema#subClassOf": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact" + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#IRI" + } + ], + "http://www.w3.org/ns/shacl#property": [ + { + "@id": "_:N7091d1b764924e4db3551e0b422e61ba" + }, + { + "@id": "_:Nc38c872821b548ee8f430a027b2d711f" + }, + { + "@id": "_:N65301d1be04341678842dfc049e2a33c" + }, + { + "@id": "_:Nbc1332652da345c49ad3c948238f404b" + }, + { + "@id": "_:N9eda1b52fa264730ab0b383d300e1726" + } + ] + }, + { + "@id": "_:N7091d1b764924e4db3551e0b422e61ba", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation" + } + ] + }, + { + "@id": "_:Nc38c872821b548ee8f430a027b2d711f", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/homePage" + } + ] + }, + { + "@id": "_:N65301d1be04341678842dfc049e2a33c", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageVersion" + } + ] + }, + { + "@id": "_:Nbc1332652da345c49ad3c948238f404b", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#anyURI" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/packageUrl" + } + ] + }, + { + "@id": "_:N9eda1b52fa264730ab0b383d300e1726", + "http://www.w3.org/ns/shacl#datatype": [ + { + "@id": "http://www.w3.org/2001/XMLSchema#string" + } + ], + "http://www.w3.org/ns/shacl#maxCount": [ + { + "@type": "http://www.w3.org/2001/XMLSchema#integer", + "@value": 1 + } + ], + "http://www.w3.org/ns/shacl#nodeKind": [ + { + "@id": "http://www.w3.org/ns/shacl#Literal" + } + ], + "http://www.w3.org/ns/shacl#path": [ + { + "@id": "https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo" + } + ] + } +] \ No newline at end of file diff --git a/rdf/spdx-model.jsonld b/rdf/spdx-model.jsonld new file mode 120000 index 0000000000..3551e9715c --- /dev/null +++ b/rdf/spdx-model.jsonld @@ -0,0 +1 @@ +spdx-model.json-ld \ No newline at end of file diff --git a/rdf/spdx-model.longturtle b/rdf/spdx-model.longturtle new file mode 100644 index 0000000000..6969996136 --- /dev/null +++ b/rdf/spdx-model.longturtle @@ -0,0 +1,5491 @@ +PREFIX dcterms: +PREFIX ns1: +PREFIX omg-ann: +PREFIX owl: +PREFIX rdf: +PREFIX rdfs: +PREFIX sh: +PREFIX spdx: +PREFIX xsd: + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Specifies an AI package and its associated information."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:PresenceType ; + sh:in ( + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:class ; + sh:in ( + + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:PresenceType ; + sh:in ( + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Class that describes a build instance of software/artifacts."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:class ns1:Hash ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] ; +. + +ns1:Annotation + a + owl:Class , + sh:NodeShape ; + rdfs:comment "An assertion made in relation to one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ; + ] , + [ + sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:subject ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:statement ; + ] , + [ + sh:class ns1:AnnotationType ; + sh:in ( + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:annotationType ; + ] ; +. + +ns1:LifecycleScopedRelationship + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provide context for a relationship that occurs in the lifecycle."@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ns1:LifecycleScopeType ; + sh:in ( + + + + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:scope ; + ] ; +. + +ns1:NoAssertionElement + a + owl:NamedIndividual , + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements of unknown +identify or cardinality (number)."""@en ; + ns1:creationInfo ; +. + +ns1:NoneElement + a + owl:NamedIndividual , + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements with +cardinality (number/count) of zero."""@en ; + ns1:creationInfo ; +. + +ns1:PackageVerificationCode + a + owl:Class , + sh:NodeShape ; + rdfs:comment "An SPDX version 2.X compatible verification method for software packages."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:class ns1:HashAlgorithm ; + sh:in ( + + + + + + + + + + + + + + + + + + + + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:packageVerificationCodeExcludedFile ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue ; + ] ; +. + +ns1:Person + a owl:Class ; + rdfs:comment "An individual human being."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI ; +. + +ns1:SoftwareAgent + a owl:Class ; + rdfs:comment "A software agent."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI ; +. + +ns1:SpdxDocument + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements that could potentially be serialized."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ns1:ExternalMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:import ; + ] , + [ + sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:dataLicense ; + ] , + [ + sh:class ns1:NamespaceMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:namespaceMap ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Specifies a data package and its associated information."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:in ( + + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:nonNegativeInteger ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ; + sh:in ( + + + + + + + + + + + + + + + ) ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ; + sh:in ( + + + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ns1:PresenceType ; + sh:in ( + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information +where all elements apply."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a owl:Class ; + rdfs:comment "A license that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; +. + + + a owl:Class ; + rdfs:comment "A license addition that is not listed on the SPDX Exceptions List."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information where +only one of the elements applies."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A license that is listed on the SPDX License List."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A license exception that is listed on the SPDX Exceptions list."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:NamedIndividual , + ; + rdfs:comment """An Individual Value for License when no assertion can be made about its actual +value."""@en ; + owl:sameAs ; + ns1:creationInfo ; +. + + + a + owl:NamedIndividual , + ; + rdfs:comment """An Individual Value for License where the SPDX data creator determines that no +license is present."""@en ; + owl:sameAs ; + ns1:creationInfo ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing this version, or any later version, +of the indicated License."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a License which has additional +text applied to it."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A type of extension consisting of a list of name value pairs."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:class ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 2.0 assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 3 assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ; + sh:in ( + + + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 4 assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:in ( + + + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides an EPSS assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides an exploit assessment of a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ; + sh:in ( + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides an SSVC assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:in ( + + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Connects a vulnerability and an element designating the element as a product +affected by the vulnerability."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a owl:Class ; + rdfs:comment """Links a vulnerability and elements representing products (in the VEX sense) where +a fix has been applied and are no longer affected."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Links a vulnerability and one or more elements designating the latter as products +not affected by the vulnerability."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:class ; + sh:in ( + + + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a owl:Class ; + rdfs:comment """Designates elements as products where the impact of a vulnerability is being +investigated."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Specifies a vulnerability and its associated information."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "An SPDX Element containing an SPDX license expression string."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A license or addition that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements describing a single package."@en ; + rdfs:subClassOf ns1:Bom ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:in ( + + + + + + + ) ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Describes a certain part of a file."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] ; +. + + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" ; +. + + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" ; +. + + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" ; +. + + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" ; +. + + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" ; +. + +spdx: + a owl:Ontology ; + rdfs:label "System Package Data Exchange (SPDX) Ontology"@en ; + dcterms:abstract "This ontology defines the terms and relationships used in the SPDX specification to describe system packages"@en ; + dcterms:created "2024-04-05"^^xsd:date ; + dcterms:creator "SPDX Project"@en ; + dcterms:license ; + dcterms:references ; + dcterms:title "System Package Data Exchange (SPDX) Ontology"@en ; + owl:versionIRI spdx: ; + omg-ann:copyright "Copyright (C) 2024 SPDX Project"@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "kilowattHour" ; + rdfs:comment "Kilowatt-hour."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "megajoule" ; + rdfs:comment "Megajoule."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "other" ; + rdfs:comment "Any other units of energy measurement."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "high" ; + rdfs:comment "The second-highest level of risk posed by an AI system."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "low" ; + rdfs:comment "Low/no risk is posed by an AI system."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "medium" ; + rdfs:comment "The third-highest level of risk posed by an AI system."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "serious" ; + rdfs:comment "The highest level of risk posed by an AI system."@en ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Indicates whether the system can perform a decision or action without human +involvement or guidance."""@en ; + rdfs:range ns1:PresenceType ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Captures the domain in which the AI package can be used."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Indicates the amount of energy consumption incurred by an AI model."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Represents the energy quantity."@en ; + rdfs:range xsd:decimal ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Specifies the unit in which energy is measured."@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when finetuning the AI model that is +being used in the AI system."""@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Records a hyperparameter used to build the AI model contained in the AI +package."""@en ; + rdfs:range ns1:DictionaryEntry ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed during inference time by an AI model +that is being used in the AI system."""@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Provides relevant information about the AI software, not including the model +description."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes relevant information about different steps of the training process."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Captures a limitation of the AI software."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Records the measurement of prediction quality of the AI model."@en ; + rdfs:range ns1:DictionaryEntry ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Captures the threshold that was used for computation of a metric described in +the metric field."""@en ; + rdfs:range ns1:DictionaryEntry ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Describes all the preprocessing steps applied to the training data before the +model training."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes methods that can be used to explain the results from the AI model."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Records the results of general safety risk assessment of the AI system."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Captures a standard that is being complied with."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when training the AI model that is +being used in the AI system."""@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Records the type of the model used in the AI software."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Records if sensitive personal information is used during model training or +could be used during the inference."""@en ; + rdfs:range ns1:PresenceType ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the time at which a build stops."@en ; + rdfs:range xsd:dateTimeStamp ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """A buildId is a locally unique identifier used by a builder to identify a unique +instance of a build produced by it."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Property describing the start time of a build."@en ; + rdfs:range xsd:dateTimeStamp ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """A buildType is a hint that is used to indicate the toolchain, platform, or +infrastructure that the build was invoked on."""@en ; + rdfs:range xsd:anyURI ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Property that describes the digest of the build configuration file used to +invoke a build."""@en ; + rdfs:range ns1:Hash ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Property describes the invocation entrypoint of a build."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the URI of the build configuration source file."@en ; + rdfs:range xsd:anyURI ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Property describing the session in which a build is invoked."@en ; + rdfs:range ns1:DictionaryEntry ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Property describing a parameter used in an instance of a build."@en ; + rdfs:range ns1:DictionaryEntry ; +. + + + a + owl:NamedIndividual , + ns1:AnnotationType ; + rdfs:label "other" ; + rdfs:comment "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element)."@en ; +. + + + a + owl:NamedIndividual , + ns1:AnnotationType ; + rdfs:label "review" ; + rdfs:comment "Used when someone reviews the Element."@en ; +. + +ns1:Bom + a owl:Class ; + rdfs:comment """A container for a grouping of SPDX-3.0 content characterizing details +(provenence, composition, licensing, etc.) about a product."""@en ; + rdfs:subClassOf ns1:Bundle ; + sh:nodeKind sh:IRI ; +. + +ns1:Bundle + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A collection of Elements that have a shared context."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:context ; + ] ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "cpe22" ; + rdfs:comment "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)"@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "cpe23" ; + rdfs:comment "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)"@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "cve" ; + rdfs:comment "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "email" ; + rdfs:comment "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "packageUrl" ; + rdfs:comment "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "securityOther" ; + rdfs:comment "Used when there is a security related identifier of unspecified type."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "swid" ; + rdfs:comment "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalIdentifierType ; + rdfs:label "urlScheme" ; + rdfs:comment "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "altDownloadLocation" ; + rdfs:comment "A reference to an alternative download location."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "altWebPage" ; + rdfs:comment "A reference to an alternative web page."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "binaryArtifact" ; + rdfs:comment "A reference to binary artifacts related to a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "bower" ; + rdfs:comment "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "buildMeta" ; + rdfs:comment "A reference build metadata related to a published package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "buildSystem" ; + rdfs:comment "A reference build system used to create or publish the package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "certificationReport" ; + rdfs:comment "A reference to a certification report for a package from an accredited/independent body."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "chat" ; + rdfs:comment "A reference to the instant messaging system used by the maintainer for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "componentAnalysisReport" ; + rdfs:comment "A reference to a Software Composition Analysis (SCA) report."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "cwe" ; + rdfs:comment "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "documentation" ; + rdfs:comment "A reference to the documentation for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "dynamicAnalysisReport" ; + rdfs:comment "A reference to a dynamic analysis report for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "eolNotice" ; + rdfs:comment "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "exportControlAssessment" ; + rdfs:comment "A reference to a export control assessment for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "funding" ; + rdfs:comment "A reference to funding information related to a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "issueTracker" ; + rdfs:comment "A reference to the issue tracker for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "license" ; + rdfs:comment "A reference to additional license information related to an artifact."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "mailingList" ; + rdfs:comment "A reference to the mailing list used by the maintainer for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "mavenCentral" ; + rdfs:comment "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "metrics" ; + rdfs:comment "A reference to metrics related to package such as OpenSSF scorecards."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "npm" ; + rdfs:comment "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "nuget" ; + rdfs:comment "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "privacyAssessment" ; + rdfs:comment "A reference to a privacy assessment for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "productMetadata" ; + rdfs:comment "A reference to additional product metadata such as reference within organization's product catalog."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "purchaseOrder" ; + rdfs:comment "A reference to a purchase order for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "qualityAssessmentReport" ; + rdfs:comment "A reference to a quality assessment for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "releaseHistory" ; + rdfs:comment "A reference to a published list of releases for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "releaseNotes" ; + rdfs:comment "A reference to the release notes for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "riskAssessment" ; + rdfs:comment "A reference to a risk assessment for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "runtimeAnalysisReport" ; + rdfs:comment "A reference to a runtime analysis report for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "secureSoftwareAttestation" ; + rdfs:comment "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "securityAdversaryModel" ; + rdfs:comment "A reference to the security adversary model for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "securityAdvisory" ; + rdfs:comment "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "securityFix" ; + rdfs:comment "A reference to the patch or source code that fixes a vulnerability."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "securityOther" ; + rdfs:comment "A reference to related security information of unspecified type."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "securityPenTestReport" ; + rdfs:comment "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "securityPolicy" ; + rdfs:comment "A reference to instructions for reporting newly discovered security vulnerabilities for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "securityThreatModel" ; + rdfs:comment "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "socialMedia" ; + rdfs:comment "A reference to a social media channel for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "sourceArtifact" ; + rdfs:comment "A reference to an artifact containing the sources for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "staticAnalysisReport" ; + rdfs:comment "A reference to a static analysis report for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "support" ; + rdfs:comment "A reference to the software support channel or other support information for a package."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "vcs" ; + rdfs:comment "A reference to a version control system related to a software artifact."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "vulnerabilityDisclosureReport" ; + rdfs:comment "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)."@en ; +. + + + a + owl:NamedIndividual , + ns1:ExternalRefType ; + rdfs:label "vulnerabilityExploitabilityAssessment" ; + rdfs:comment "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)."@en ; +. + + + a + owl:NamedIndividual , + ns1:LifecycleScopeType ; + rdfs:label "build" ; + rdfs:comment "A relationship has specific context implications during an element's build phase, during development."@en ; +. + + + a + owl:NamedIndividual , + ns1:LifecycleScopeType ; + rdfs:label "design" ; + rdfs:comment "A relationship has specific context implications during an element's design."@en ; +. + + + a + owl:NamedIndividual , + ns1:LifecycleScopeType ; + rdfs:label "development" ; + rdfs:comment "A relationship has specific context implications during development phase of an element."@en ; +. + + + a + owl:NamedIndividual , + ns1:LifecycleScopeType ; + rdfs:label "other" ; + rdfs:comment "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle."@en ; +. + + + a + owl:NamedIndividual , + ns1:LifecycleScopeType ; + rdfs:label "runtime" ; + rdfs:comment "A relationship has specific context implications during the execution phase of an element."@en ; +. + + + a + owl:NamedIndividual , + ns1:LifecycleScopeType ; + rdfs:label "test" ; + rdfs:comment "A relationship has specific context implications during an element's testing phase, during development."@en ; +. + +ns1:Organization + a owl:Class ; + rdfs:comment "A group of people who work together in an organized way for a shared purpose."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "ai" ; + rdfs:comment "the element follows the AI profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "build" ; + rdfs:comment "the element follows the Build profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "core" ; + rdfs:comment "the element follows the Core profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "dataset" ; + rdfs:comment "the element follows the Dataset profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "expandedLicensing" ; + rdfs:comment "the element follows the ExpandedLicensing profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "extension" ; + rdfs:comment "the element follows the Extension profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "lite" ; + rdfs:comment "the element follows the Lite profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "security" ; + rdfs:comment "the element follows the Security profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "simpleLicensing" ; + rdfs:comment "the element follows the SimpleLicensing profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:ProfileIdentifierType ; + rdfs:label "software" ; + rdfs:comment "the element follows the Software profile specification"@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipCompleteness ; + rdfs:label "complete" ; + rdfs:comment "The relationship is known to be exhaustive."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipCompleteness ; + rdfs:label "incomplete" ; + rdfs:comment "The relationship is known not to be exhaustive."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipCompleteness ; + rdfs:label "noAssertion" ; + rdfs:comment "No assertion can be made about the completeness of the relationship."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "affects" ; + rdfs:comment "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "amendedBy" ; + rdfs:comment "The `from` Element is amended by each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "ancestorOf" ; + rdfs:comment "The `from` Element is an ancestor of each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "availableFrom" ; + rdfs:comment "The `from` Element is available from the additional supplier described by each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "configures" ; + rdfs:comment "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "contains" ; + rdfs:comment "The `from` Element contains each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "coordinatedBy" ; + rdfs:comment "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "copiedTo" ; + rdfs:comment "The `from` Element has been copied to each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "delegatedTo" ; + rdfs:comment "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "dependsOn" ; + rdfs:comment "The `from` Element depends on each `to` Element, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "descendantOf" ; + rdfs:comment "The `from` Element is a descendant of each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "describes" ; + rdfs:comment "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "doesNotAffect" ; + rdfs:comment "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "expandsTo" ; + rdfs:comment "The `from` archive expands out as an artifact described by each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "exploitCreatedBy" ; + rdfs:comment "The `from` Vulnerability has had an exploit created against it by each `to` Agent."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "fixedBy" ; + rdfs:comment "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "fixedIn" ; + rdfs:comment "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "foundBy" ; + rdfs:comment "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "generates" ; + rdfs:comment "The `from` Element generates each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasAddedFile" ; + rdfs:comment "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasAssessmentFor" ; + rdfs:comment "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasAssociatedVulnerability" ; + rdfs:comment "Used to associate a `from` Artifact with each `to` Vulnerability."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasConcludedLicense" ; + rdfs:comment "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasDataFile" ; + rdfs:comment "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasDeclaredLicense" ; + rdfs:comment "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasDeletedFile" ; + rdfs:comment "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasDependencyManifest" ; + rdfs:comment "The `from` Element has manifest files that contain dependency information in each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasDistributionArtifact" ; + rdfs:comment "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasDocumentation" ; + rdfs:comment "The `from` Element is documented by each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasDynamicLink" ; + rdfs:comment "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasEvidence" ; + rdfs:comment "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasExample" ; + rdfs:comment "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasHost" ; + rdfs:comment "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasInput" ; + rdfs:comment "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasMetadata" ; + rdfs:comment "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasOptionalComponent" ; + rdfs:comment "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasOptionalDependency" ; + rdfs:comment "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasOutput" ; + rdfs:comment "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasPrerequisite" ; + rdfs:comment "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasProvidedDependency" ; + rdfs:comment "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasRequirement" ; + rdfs:comment "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasSpecification" ; + rdfs:comment "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasStaticLink" ; + rdfs:comment "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasTest" ; + rdfs:comment "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasTestCase" ; + rdfs:comment "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "hasVariant" ; + rdfs:comment "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "invokedBy" ; + rdfs:comment "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "modifiedBy" ; + rdfs:comment "The `from` Element is modified by each `to` Element."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "other" ; + rdfs:comment "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "packagedBy" ; + rdfs:comment "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "patchedBy" ; + rdfs:comment "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "publishedBy" ; + rdfs:comment "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "reportedBy" ; + rdfs:comment "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "republishedBy" ; + rdfs:comment "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "serializedInArtifact" ; + rdfs:comment "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "testedOn" ; + rdfs:comment "The `from` Element has been tested on the `to` Element(s)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "trainedOn" ; + rdfs:comment "The `from` Element has been trained on the `to` Element(s)."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "underInvestigationFor" ; + rdfs:comment "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships."@en ; +. + + + a + owl:NamedIndividual , + ns1:RelationshipType ; + rdfs:label "usesTool" ; + rdfs:comment "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period."@en ; +. + + + a + owl:NamedIndividual , + ns1:SupportType ; + rdfs:label "deployed" ; + rdfs:comment "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service."@en ; +. + + + a + owl:NamedIndividual , + ns1:SupportType ; + rdfs:label "development" ; + rdfs:comment "the artifact is in active development and is not considered ready for formal support from the supplier."@en ; +. + + + a + owl:NamedIndividual , + ns1:SupportType ; + rdfs:label "endOfSupport" ; + rdfs:comment "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact."@en ; +. + + + a + owl:NamedIndividual , + ns1:SupportType ; + rdfs:label "limitedSupport" ; + rdfs:comment "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en ; +. + + + a + owl:NamedIndividual , + ns1:SupportType ; + rdfs:label "noAssertion" ; + rdfs:comment "no assertion about the type of support is made. This is considered the default if no other support type is used."@en ; +. + + + a + owl:NamedIndividual , + ns1:SupportType ; + rdfs:label "noSupport" ; + rdfs:comment "there is no support for the artifact from the supplier, consumer assumes any support obligations."@en ; +. + + + a + owl:NamedIndividual , + ns1:SupportType ; + rdfs:label "support" ; + rdfs:comment "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en ; +. + +ns1:annotationType + a owl:ObjectProperty ; + rdfs:comment "Describes the type of annotation."@en ; + rdfs:range ns1:AnnotationType ; +. + +ns1:beginIntegerRange + a owl:DatatypeProperty ; + rdfs:comment "Defines the beginning of a range."@en ; + rdfs:range xsd:positiveInteger ; +. + +ns1:builtTime + a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was built."@en ; + rdfs:range xsd:dateTimeStamp ; +. + +ns1:completeness + a owl:ObjectProperty ; + rdfs:comment "Provides information about the completeness of relationships."@en ; + rdfs:range ns1:RelationshipCompleteness ; +. + +ns1:context + a owl:DatatypeProperty ; + rdfs:comment """Gives information about the circumstances or unifying properties +that Elements of the bundle have been assembled under."""@en ; + rdfs:range xsd:string ; +. + +ns1:created + a owl:DatatypeProperty ; + rdfs:comment "Identifies when the Element was originally created."@en ; + rdfs:range xsd:dateTimeStamp ; +. + +ns1:createdBy + a owl:ObjectProperty ; + rdfs:comment "Identifies who or what created the Element."@en ; + rdfs:range ns1:Agent ; +. + +ns1:createdUsing + a owl:ObjectProperty ; + rdfs:comment "Identifies the tooling that was used during the creation of the Element."@en ; + rdfs:range ns1:Tool ; +. + +ns1:creationInfo + a owl:ObjectProperty ; + rdfs:comment "Provides information about the creation of the Element."@en ; + rdfs:range ns1:CreationInfo ; +. + +ns1:dataLicense + a owl:ObjectProperty ; + rdfs:comment """Provides the license under which the SPDX documentation of the Element can be +used."""@en ; + rdfs:range ; +. + +ns1:definingArtifact + a owl:ObjectProperty ; + rdfs:comment """Artifact representing a serialization instance of SPDX data containing the +definition of a particular Element."""@en ; + rdfs:range ns1:Artifact ; +. + +ns1:description + a owl:DatatypeProperty ; + rdfs:comment "Provides a detailed description of the Element."@en ; + rdfs:range xsd:string ; +. + +ns1:element + a owl:ObjectProperty ; + rdfs:comment "Refers to one or more Elements that are part of an ElementCollection."@en ; + rdfs:range ns1:Element ; +. + +ns1:endIntegerRange + a owl:DatatypeProperty ; + rdfs:comment "Defines the end of a range."@en ; + rdfs:range xsd:positiveInteger ; +. + +ns1:endTime + a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is no longer applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp ; +. + +ns1:extension + a owl:ObjectProperty ; + rdfs:comment "Specifies an Extension characterization of some aspect of an Element."@en ; + rdfs:range ; +. + +ns1:externalIdentifier + a owl:ObjectProperty ; + rdfs:comment """Provides a reference to a resource outside the scope of SPDX-3.0 content +that uniquely identifies an Element."""@en ; + rdfs:range ns1:ExternalIdentifier ; +. + +ns1:externalIdentifierType + a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external identifier."@en ; + rdfs:range ns1:ExternalIdentifierType ; +. + +ns1:externalRef + a owl:ObjectProperty ; + rdfs:comment """Points to a resource outside the scope of the SPDX-3.0 content +that provides additional characteristics of an Element."""@en ; + rdfs:range ns1:ExternalRef ; +. + +ns1:externalRefType + a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external reference."@en ; + rdfs:range ns1:ExternalRefType ; +. + +ns1:externalSpdxId + a owl:DatatypeProperty ; + rdfs:comment """Identifies an external Element used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + rdfs:range xsd:anyURI ; +. + +ns1:from + a owl:ObjectProperty ; + rdfs:comment "References the Element on the left-hand side of a relationship."@en ; + rdfs:range ns1:Element ; +. + +ns1:identifier + a owl:DatatypeProperty ; + rdfs:comment "Uniquely identifies an external element."@en ; + rdfs:range xsd:string ; +. + +ns1:identifierLocator + a owl:DatatypeProperty ; + rdfs:comment "Provides the location for more information regarding an external identifier."@en ; + rdfs:range xsd:anyURI ; +. + +ns1:import + a owl:ObjectProperty ; + rdfs:comment "Provides an ExternalMap of Element identifiers."@en ; + rdfs:range ns1:ExternalMap ; +. + +ns1:issuingAuthority + a owl:DatatypeProperty ; + rdfs:comment "An entity that is authorized to issue identification credentials."@en ; + rdfs:range xsd:string ; +. + +ns1:key + a owl:DatatypeProperty ; + rdfs:comment "A key used in a generic key-value pair."@en ; + rdfs:range xsd:string ; +. + +ns1:locationHint + a owl:DatatypeProperty ; + rdfs:comment "Provides an indication of where to retrieve an external Element."@en ; + rdfs:range xsd:anyURI ; +. + +ns1:locator + a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an external reference."@en ; + rdfs:range xsd:string ; +. + +ns1:name + a owl:DatatypeProperty ; + rdfs:comment "Identifies the name of an Element as designated by the creator."@en ; + rdfs:range xsd:string ; +. + +ns1:namespace + a owl:DatatypeProperty ; + rdfs:comment """Provides an unambiguous mechanism for conveying a URI fragment portion of an +Element ID."""@en ; + rdfs:range xsd:anyURI ; +. + +ns1:namespaceMap + a owl:ObjectProperty ; + rdfs:comment "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance."@en ; + rdfs:range ns1:NamespaceMap ; +. + +ns1:originatedBy + a owl:ObjectProperty ; + rdfs:comment "Identifies from where or whom the Element originally came."@en ; + rdfs:range ns1:Agent ; +. + +ns1:packageVerificationCodeExcludedFile + a owl:DatatypeProperty ; + rdfs:comment """The relative file name of a file to be excluded from the +`PackageVerificationCode`."""@en ; + rdfs:range xsd:string ; +. + +ns1:prefix + a owl:DatatypeProperty ; + rdfs:comment "A substitute for a URI."@en ; + rdfs:range xsd:string ; +. + +ns1:profileConformance + a owl:ObjectProperty ; + rdfs:comment """Describes one a profile which the creator of this ElementCollection intends to +conform to."""@en ; + rdfs:range ns1:ProfileIdentifierType ; +. + +ns1:relationshipType + a owl:ObjectProperty ; + rdfs:comment "Information about the relationship between two Elements."@en ; + rdfs:range ns1:RelationshipType ; +. + +ns1:releaseTime + a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was released."@en ; + rdfs:range xsd:dateTimeStamp ; +. + +ns1:rootElement + a owl:ObjectProperty ; + rdfs:comment "This property is used to denote the root Element(s) of a tree of elements contained in a BOM."@en ; + rdfs:range ns1:Element ; +. + +ns1:scope + a owl:ObjectProperty ; + rdfs:comment "Capture the scope of information about a specific relationship between elements."@en ; + rdfs:range ns1:LifecycleScopeType ; +. + +ns1:specVersion + a owl:DatatypeProperty ; + rdfs:comment """Provides a reference number that can be used to understand how to parse and +interpret an Element."""@en ; + rdfs:range xsd:string ; +. + +ns1:standardName + a owl:DatatypeProperty ; + rdfs:comment "The name of a relevant standard that may apply to an artifact."@en ; + rdfs:range xsd:string ; +. + +ns1:startTime + a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp ; +. + +ns1:statement + a owl:DatatypeProperty ; + rdfs:comment "Commentary on an assertion that an annotator has made."@en ; + rdfs:range xsd:string ; +. + +ns1:subject + a owl:ObjectProperty ; + rdfs:comment "An Element an annotator has made an assertion about."@en ; + rdfs:range ns1:Element ; +. + +ns1:summary + a owl:DatatypeProperty ; + rdfs:comment "A short description of an Element."@en ; + rdfs:range xsd:string ; +. + +ns1:supportLevel + a owl:ObjectProperty ; + rdfs:comment "Specifies the level of support associated with an artifact."@en ; + rdfs:range ns1:SupportType ; +. + +ns1:to + a owl:ObjectProperty ; + rdfs:comment "References an Element on the right-hand side of a relationship."@en ; + rdfs:range ns1:Element ; +. + +ns1:validUntilTime + a owl:DatatypeProperty ; + rdfs:comment """Specifies until when the artifact can be used before its usage needs to be +reassessed."""@en ; + rdfs:range xsd:dateTimeStamp ; +. + +ns1:value + a owl:DatatypeProperty ; + rdfs:comment "A value used in a generic key-value pair."@en ; + rdfs:range xsd:string ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "amber" ; + rdfs:comment "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "clear" ; + rdfs:comment "Dataset may be distributed freely, without restriction."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "green" ; + rdfs:comment "Dataset can be shared within a community of peers and partners."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "red" ; + rdfs:comment "Data points in the dataset are highly confidential and can only be shared with named recipients."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "clickthrough" ; + rdfs:comment "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "directDownload" ; + rdfs:comment "the dataset is publicly available and can be downloaded directly."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "query" ; + rdfs:comment "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "registration" ; + rdfs:comment "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "scrapingScript" ; + rdfs:comment "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "audio" ; + rdfs:comment "data is audio based, such as a collection of music from the 80s."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "categorical" ; + rdfs:comment "data that is classified into a discrete number of categories, such as the eye color of a population of people."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "graph" ; + rdfs:comment "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "image" ; + rdfs:comment "data is a collection of images such as pictures of animals."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "noAssertion" ; + rdfs:comment "data type is not known."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "numeric" ; + rdfs:comment "data consists only of numeric entries."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "other" ; + rdfs:comment "data is of a type not included in this list."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "sensor" ; + rdfs:comment "data is recorded from a physical sensor, such as a thermometer reading or biometric device."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "structured" ; + rdfs:comment "data is stored in tabular format or retrieved from a relational database."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "syntactic" ; + rdfs:comment "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "text" ; + rdfs:comment "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "timeseries" ; + rdfs:comment "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "timestamp" ; + rdfs:comment "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "video" ; + rdfs:comment "data is video based, such as a collection of movie clips featuring Tom Hanks."@en ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes the anonymization methods used."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Describes the confidentiality level of the data points contained in the dataset."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes how the dataset was collected."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes the preprocessing steps that were applied to the raw data to create the given dataset."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "The field describes the availability of a dataset."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes potentially noisy elements of the dataset."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Captures the size of the dataset."@en ; + rdfs:range xsd:nonNegativeInteger ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Describes the type of the given dataset."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes a mechanism to update the dataset."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Describes if any sensitive personal information is present in the dataset."@en ; + rdfs:range ns1:PresenceType ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describes what the given dataset should be used for."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Records the biases that the dataset is known to encompass."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Describes a sensor used for collecting the data."@en ; + rdfs:range ns1:DictionaryEntry ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Specifies whether an additional text identifier has been marked as deprecated."@en ; + rdfs:range xsd:boolean ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Specifies whether a license or additional text identifier has been marked as +deprecated."""@en ; + rdfs:range xsd:boolean ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as free by the +Free Software Foundation (FSF)."""@en ; + rdfs:range xsd:boolean ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as approved by the +Open Source Initiative (OSI)."""@en ; + rdfs:range xsd:boolean ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition, in SPDX templating format."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Provides a License author's preferred text to indicate that a file is covered +by the License."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License, in SPDX templating format."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "A LicenseAddition participating in a 'with addition' model."@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment "A License participating in a 'with addition' model."@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment "A License participating in an 'or later' model."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "A name used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "A value used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Provides a map of a property names to a values."@en ; + rdfs:range ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "kev" ; + rdfs:comment "CISA's Known Exploited Vulnerability (KEV) Catalog"@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "other" ; + rdfs:comment "Other exploit catalogs"@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "act" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "attend" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "track" ; + rdfs:comment "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "trackStar" ; + rdfs:comment "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "componentNotPresent" ; + rdfs:comment "The software is not affected because the vulnerable component is not in the product."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "inlineMitigationsAlreadyExist" ; + rdfs:comment "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "vulnerableCodeCannotBeControlledByAdversary" ; + rdfs:comment "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "vulnerableCodeNotInExecutePath" ; + rdfs:comment "The affected code is not reachable through the execution of the code, including non-anticipated states of the product."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "vulnerableCodeNotPresent" ; + rdfs:comment "The product is not affected because the code underlying the vulnerability is not present in the product."@en ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Provides advise on how to mitigate or remediate a vulnerability when a VEX product +is affected by it."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Records the time when a recommended action was communicated in a VEX statement +to mitigate a vulnerability."""@en ; + rdfs:range xsd:dateTimeStamp ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Specifies an Element contained in a piece of software where a vulnerability was +found."""@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Specifies the exploit catalog type."@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Provide the enumeration of possible decisions in the +[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)."""@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog."@en ; + rdfs:range xsd:boolean ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Explains why a VEX product is not affected by a vulnerability. It is an +alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable +justification label."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Timestamp of impact statement."@en ; + rdfs:range xsd:dateTimeStamp ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Impact justification label to be used when linking a vulnerability to an element +representing a VEX product with a VexNotAffectedVulnAssessmentRelationship +relationship."""@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an exploit catalog."@en ; + rdfs:range xsd:anyURI ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "The percentile of the current probability score."@en ; + rdfs:range xsd:decimal ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "A probability score between 0 and 1 of a vulnerability being exploited."@en ; + rdfs:range xsd:decimal ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Conveys information about how VEX status was determined."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the version of a VEX statement."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment """Maps a LicenseRef or AdditionRef string for a Custom License or a Custom +License Addition to its URI ID."""@en ; + rdfs:range ns1:DictionaryEntry ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "A string in the license expression format."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "The version of the SPDX License List used in the license expression."@en ; + rdfs:range xsd:string ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "directory" ; + rdfs:comment "The file represents a directory and all content stored in that directory."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "file" ; + rdfs:comment "The file represents a single file (default)."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "analyzed" ; + rdfs:comment "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "build" ; + rdfs:comment "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "deployed" ; + rdfs:comment "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "design" ; + rdfs:comment "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "runtime" ; + rdfs:comment "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "source" ; + rdfs:comment "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact."@en ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Provides additional purpose information of the software artifact."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record acknowledgement text for +a software Package, File or Snippet."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Defines the byte range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """A canonical, unique, immutable identifier of the artifact content, that may be +used for verifying its identity and/or integrity."""@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the content identifier."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the value of the content identifier."@en ; + rdfs:range xsd:anyURI ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Identifies the text of one or more copyright notices for a software Package, +File or Snippet, if any."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Identifies the download Uniform Resource Identifier for the package at the time +that the document was created."""@en ; + rdfs:range xsd:anyURI ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Describes if a given file is a directory or non-directory kind of file."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """A place for the SPDX document creator to record a website that serves as the +package's home page."""@en ; + rdfs:range xsd:anyURI ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Defines the line range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record the package URL string +(in accordance with the Package URL specification) for a software Package."""@en ; + rdfs:range xsd:anyURI ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Identify the version of a package."@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Provides information about the primary purpose of the software artifact."@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Provides information about the type of an SBOM."@en ; + rdfs:range ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Defines the original host file that the snippet information applies to."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Records any relevant background information or additional comments +about the origin of the package."""@en ; + rdfs:range xsd:string ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """A class for describing the energy consumption incurred by an AI model in +different stages of its lifecycle."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] ; +. + +ns1:ExternalIdentifier + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifierLocator ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:issuingAuthority ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifier ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ; + ] , + [ + sh:class ns1:ExternalIdentifierType ; + sh:in ( + + + + + + + + + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalIdentifierType ; + ] ; +. + +ns1:ExternalMap + a + owl:Class , + sh:NodeShape ; + rdfs:comment """A map of Element identifiers that are used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:locationHint ; + ] , + [ + sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing ; + ] , + [ + sh:class ns1:Artifact ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:definingArtifact ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:externalSpdxId ; + ] ; +. + +ns1:ExternalRef + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A reference to a resource outside the scope of SPDX-3.0 content related to an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:class ns1:ExternalRefType ; + sh:in ( + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalRefType ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:locator ; + ] ; +. + +ns1:Hash + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A mathematically calculated representation of a grouping of data."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:class ns1:HashAlgorithm ; + sh:in ( + + + + + + + + + + + + + + + + + + + + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue ; + ] ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "adler32" ; + rdfs:comment "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "blake2b256" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "blake2b384" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "blake2b512" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "blake3" ; + rdfs:comment "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)"@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "crystalsDilithium" ; + rdfs:comment "[Dilithium](https://pq-crystals.org/dilithium/)"@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "crystalsKyber" ; + rdfs:comment "[Kyber](https://pq-crystals.org/kyber/)"@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "falcon" ; + rdfs:comment "[FALCON](https://falcon-sign.info/falcon.pdf)"@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "md2" ; + rdfs:comment "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "md4" ; + rdfs:comment "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "md5" ; + rdfs:comment "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "md6" ; + rdfs:comment "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)"@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "other" ; + rdfs:comment "any hashing algorithm that does not exist in this list of entries"@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha1" ; + rdfs:comment "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha224" ; + rdfs:comment "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha256" ; + rdfs:comment "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha384" ; + rdfs:comment "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha3_224" ; + rdfs:comment "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha3_256" ; + rdfs:comment "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha3_384" ; + rdfs:comment "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha3_512" ; + rdfs:comment "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en ; +. + + + a + owl:NamedIndividual , + ns1:HashAlgorithm ; + rdfs:label "sha512" ; + rdfs:comment "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en ; +. + +ns1:IndividualElement + a owl:Class ; + rdfs:comment """A concrete subclass of Element used by Individuals in the +Core profile."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; +. + +ns1:NamespaceMap + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A mapping between prefixes and namespace partial URIs."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:prefix ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:namespace ; + ] ; +. + +ns1:Relationship + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Describes a relationship between one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ns1:Element ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:to ; + ] , + [ + sh:class ns1:RelationshipCompleteness ; + sh:in ( + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:completeness ; + ] , + [ + sh:class ns1:RelationshipType ; + sh:in ( + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:relationshipType ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:startTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:from ; + ] ; +. + +ns1:Tool + a owl:Class ; + rdfs:comment "An element of hardware and/or software utilized to carry out a particular function."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; +. + +ns1:algorithm + a owl:ObjectProperty ; + rdfs:comment "Specifies the algorithm used for calculating the hash value."@en ; + rdfs:range ns1:HashAlgorithm ; +. + +ns1:hashValue + a owl:DatatypeProperty ; + rdfs:comment "The result of applying a hash algorithm to an Element."@en ; + rdfs:range xsd:string ; +. + +ns1:suppliedBy + a owl:ObjectProperty ; + rdfs:comment """Identifies who or what supplied the artifact or VulnAssessmentRelationship +referenced by the Element."""@en ; + rdfs:range ns1:Agent ; +. + +ns1:verifiedUsing + a owl:ObjectProperty ; + rdfs:comment """Provides an IntegrityMethod with which the integrity of an Element can be +asserted."""@en ; + rdfs:range ns1:IntegrityMethod ; +. + + + a owl:Class ; + rdfs:comment """A concrete subclass of AnyLicenseInfo used by Individuals in the +ExpandedLicensing profile."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this license or exception +identifier was deprecated."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Identifies all the text and metadata associated with a license in the license +XML format."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this ListedLicense or +ListedLicenseException identifier was first added."""@en ; + rdfs:range xsd:string ; +. + + + a owl:ObjectProperty ; + rdfs:comment "A license expression participating in a license set."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment """Specifies the licenseId that is preferred to be used in place of a deprecated +License or LicenseAddition."""@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Contains a URL where the License or LicenseAddition can be found in use."@en ; + rdfs:range xsd:anyURI ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A property name with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "critical" ; + rdfs:comment "When a CVSS score is between 9.0 - 10.0"@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "high" ; + rdfs:comment "When a CVSS score is between 7.0 - 8.9"@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "low" ; + rdfs:comment "When a CVSS score is between 0.1 - 3.9"@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "medium" ; + rdfs:comment "When a CVSS score is between 4.0 - 6.9"@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "none" ; + rdfs:comment "When a CVSS score is 0.0"@en ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Specifies a time when a vulnerability assessment was modified"@en ; + rdfs:range xsd:dateTimeStamp ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the time when a vulnerability was published."@en ; + rdfs:range xsd:dateTimeStamp ; +. + + + a owl:ObjectProperty ; + rdfs:comment "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software."@en ; + rdfs:range ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Specified the time and date when a vulnerability was withdrawn."@en ; + rdfs:range xsd:dateTimeStamp ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License or Addition."@en ; + rdfs:range xsd:string ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A canonical, unique, immutable identifier"@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ; + sh:in ( + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Refers to any object that stores content on a computer."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:in ( + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Refers to any unit of content that can be associated with a distribution of +software."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "application" ; + rdfs:comment "The Element is a software application."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "archive" ; + rdfs:comment "The Element is an archived collection of one or more files (.tar, .zip, etc.)."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "bom" ; + rdfs:comment "The Element is a bill of materials."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "configuration" ; + rdfs:comment "The Element is configuration data."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "container" ; + rdfs:comment "The Element is a container image which can be used by a container runtime application."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "data" ; + rdfs:comment "The Element is data."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "device" ; + rdfs:comment "The Element refers to a chipset, processor, or electronic board."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "deviceDriver" ; + rdfs:comment "The Element represents software that controls hardware devices."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "diskImage" ; + rdfs:comment "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "documentation" ; + rdfs:comment "The Element is documentation."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "evidence" ; + rdfs:comment "The Element is the evidence that a specification or requirement has been fulfilled."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "executable" ; + rdfs:comment "The Element is an Artifact that can be run on a computer."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "file" ; + rdfs:comment "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.)."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "filesystemImage" ; + rdfs:comment "The Element is a file system image that can be written to a disk (or virtual) partition."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "firmware" ; + rdfs:comment "The Element provides low level control over a device's hardware."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "framework" ; + rdfs:comment "The Element is a software framework."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "install" ; + rdfs:comment "The Element is used to install software on disk."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "library" ; + rdfs:comment "The Element is a software library."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "manifest" ; + rdfs:comment "The Element is a software manifest."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "model" ; + rdfs:comment "The Element is a machine learning or artificial intelligence model."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "module" ; + rdfs:comment "The Element is a module of a piece of software."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "operatingSystem" ; + rdfs:comment "The Element is an operating system."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "other" ; + rdfs:comment "The Element doesn't fit into any of the other categories."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "patch" ; + rdfs:comment "The Element contains a set of changes to update, fix, or improve another Element."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "platform" ; + rdfs:comment "The Element represents a runtime environment."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "requirement" ; + rdfs:comment "The Element provides a requirement needed as input for another Element."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "source" ; + rdfs:comment "The Element is a single or a collection of source files."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "specification" ; + rdfs:comment "The Element is a plan, guideline or strategy how to create, perform or analyze an application."@en ; +. + + + a + owl:NamedIndividual , + ; + rdfs:label "test" ; + rdfs:comment "The Element is a test used to verify functionality on an software element."@en ; +. + +ns1:ElementCollection + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A collection of Elements, not necessarily with unifying context."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ns1:ProfileIdentifierType ; + sh:in ( + + + + + + + + + + + ) ; + sh:nodeKind sh:IRI ; + sh:path ns1:profileConformance ; + ] , + [ + sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:element ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ns1:ElementCollection ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:rootElement ; + ] ; +. + + + a + owl:NamedIndividual , + ns1:PresenceType ; + rdfs:label "no" ; + rdfs:comment "Indicates absence of the field."@en ; +. + + + a + owl:NamedIndividual , + ns1:PresenceType ; + rdfs:label "noAssertion" ; + rdfs:comment "Makes no assertion about the field."@en ; +. + + + a + owl:NamedIndividual , + ns1:PresenceType ; + rdfs:label "yes" ; + rdfs:comment "Indicates presence of the field."@en ; +. + +ns1:contentType + a owl:DatatypeProperty ; + rdfs:comment "Provides information about the content type of an Element or a Property."@en ; + rdfs:range xsd:string ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Provides a numerical (0-10) representation of the severity of a vulnerability."@en ; + rdfs:range xsd:decimal ; +. + + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the CVSS vector string for a vulnerability."@en ; + rdfs:range xsd:string ; +. + +ns1:AnnotationType + a owl:Class ; + rdfs:comment "Specifies the type of an annotation."@en ; +. + +ns1:PositiveIntegerRange + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A tuple of two positive integers that define a range."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:beginIntegerRange ; + ] , + [ + sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endIntegerRange ; + ] ; +. + + + a owl:Class ; + rdfs:comment "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] ; +. + + + a owl:Class ; + rdfs:comment "Specifies the exploit catalog type."@en ; +. + + + a owl:Class ; + rdfs:comment "Specifies the type of a content identifier."@en ; +. + + + a owl:Class ; + rdfs:comment "Enumeration of the different kinds of SPDX file."@en ; +. + + + a owl:Class ; + rdfs:comment "Specifies the unit of energy consumption."@en ; +. + +ns1:Artifact + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A distinct article or unit within the digital domain."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:builtTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:standardName ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ns1:Artifact ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:class ns1:Agent ; + sh:nodeKind sh:IRI ; + sh:path ns1:originatedBy ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:validUntilTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:class ns1:SupportType ; + sh:in ( + + + + + + + + ) ; + sh:nodeKind sh:IRI ; + sh:path ns1:supportLevel ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:releaseTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] ; +. + +ns1:RelationshipCompleteness + a owl:Class ; + rdfs:comment "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness."@en ; +. + +ns1:SpdxOrganization + a + owl:NamedIndividual , + ns1:Organization ; + rdfs:comment "An Organization representing the SPDX Project."@en ; + owl:sameAs ; + ns1:creationInfo ; +. + +ns1:comment + a owl:DatatypeProperty ; + rdfs:comment """Provide consumers with comments by the creator of the Element about the +Element."""@en ; + rdfs:range xsd:string ; +. + + + a owl:Class ; + rdfs:comment "Abstract class representing a License or an OrLaterOperator."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Abstract class for the portion of an AnyLicenseInfo representing a license."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """Abstract class for additional text intended to be added to a License, but +which is not itself a standalone License."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all VEX relationships"@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment """The class that helps note down the quantity of energy consumption and the unit +used for measurement."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:class ; + sh:in ( + + + + ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + + + a owl:Class ; + rdfs:comment "Specifies the safety risk level."@en ; +. + + + a owl:Class ; + rdfs:comment "Categories of confidentiality level."@en ; +. + + + a owl:Class ; + rdfs:comment "Specifies the SSVC decision type."@en ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A distinct article or unit related to Software."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ; + sh:in ( + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ; + ] , + [ + sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:class ; + sh:in ( + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ) ; + sh:nodeKind sh:IRI ; + sh:path ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + ] ; +. + +ns1:CreationInfo + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides information about the creation of the Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:class ns1:Tool ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdUsing ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:created ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:class ns1:Agent ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdBy ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:specVersion ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" ; + ] ; +. + +ns1:IntegrityMethod + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Provides an independently reproducible mechanism that permits verification of a specific Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ns1:IntegrityMethod ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ; + ] ; +. + + + a owl:Class ; + rdfs:comment "Availability of dataset."@en ; +. + + + a owl:Class ; + rdfs:comment "Specifies the VEX justification type."@en ; +. + +ns1:LifecycleScopeType + a owl:Class ; + rdfs:comment "Provide an enumerated set of lifecycle phases that can provide context to relationships."@en ; +. + + + a owl:Class ; + rdfs:comment "Specifies the CVSS base, temporal, threat, or environmental severity type."@en ; +. + + + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all vulnerability assessments"@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ; + ] , + [ + sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ; + ] ; +. + + + a owl:Class ; + rdfs:comment """Provides a set of values to be used to describe the common types of SBOMs that +tools may create."""@en ; +. + +ns1:PresenceType + a owl:Class ; + rdfs:comment "Categories of presence or absence."@en ; +. + +ns1:SupportType + a owl:Class ; + rdfs:comment "Indicates the type of support that is associated with an artifact."@en ; +. + +ns1:Agent + a owl:Class ; + rdfs:comment "Agent represents anything with the potential to act on a system."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; +. + +ns1:ProfileIdentifierType + a owl:Class ; + rdfs:comment "Enumeration of the valid profiles."@en ; +. + + + a owl:Class ; + rdfs:comment "Abstract class representing a license combination consisting of one or more licenses."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ; + ] ; + sh:path rdf:type ; + ] ; +. + +ns1:ExternalIdentifierType + a owl:Class ; + rdfs:comment "Specifies the type of an external identifier."@en ; +. + +ns1:DictionaryEntry + a + owl:Class , + sh:NodeShape ; + rdfs:comment "A key with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:value ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:key ; + ] ; +. + + + a owl:Class ; + rdfs:comment "Enumeration of dataset types."@en ; +. + +ns1:Element + a + owl:Class , + sh:NodeShape ; + rdfs:comment "Base domain class from which all other SPDX-3.0 domain classes derive."@en ; + sh:nodeKind sh:IRI ; + sh:property + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:description ; + ] , + [ + sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:summary ; + ] , + [ + sh:class ns1:ExternalRef ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalRef ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ; + ] , + [ + sh:class ns1:ExternalIdentifier ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalIdentifier ; + ] , + [ + sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not + [ + sh:hasValue ns1:Element ; + ] ; + sh:path rdf:type ; + ] , + [ + sh:class ns1:CreationInfo ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:creationInfo ; + ] , + [ + sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:extension ; + ] , + [ + sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:name ; + ] ; +. + +ns1:HashAlgorithm + a owl:Class ; + rdfs:comment "A mathematical algorithm that maps data of arbitrary size to a bit string."@en ; +. + + + a owl:Class ; + rdfs:comment "Provides information about the primary purpose of an Element."@en ; +. + +ns1:ExternalRefType + a owl:Class ; + rdfs:comment "Specifies the type of an external reference."@en ; +. + +ns1:RelationshipType + a owl:Class ; + rdfs:comment "Information about the relationship between two Elements."@en ; +. diff --git a/rdf/spdx-model.n3 b/rdf/spdx-model.n3 new file mode 100644 index 0000000000..c55967d990 --- /dev/null +++ b/rdf/spdx-model.n3 @@ -0,0 +1,3326 @@ +@prefix dcterms: . +@prefix ns1: . +@prefix omg-ann: . +@prefix owl: . +@prefix rdf: . +@prefix rdfs: . +@prefix sh: . +@prefix spdx: . +@prefix xsd: . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies an AI package and its associated information."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:PresenceType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:PresenceType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Class that describes a build instance of software/artifacts."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Hash ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ] . + +ns1:Annotation a owl:Class, + sh:NodeShape ; + rdfs:comment "An assertion made in relation to one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ], + [ sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:subject ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:statement ], + [ sh:class ns1:AnnotationType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:annotationType ] . + +ns1:LifecycleScopedRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provide context for a relationship that occurs in the lifecycle."@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:LifecycleScopeType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:scope ] . + +ns1:NoAssertionElement a owl:NamedIndividual, + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements of unknown +identify or cardinality (number)."""@en ; + ns1:creationInfo . + +ns1:NoneElement a owl:NamedIndividual, + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements with +cardinality (number/count) of zero."""@en ; + ns1:creationInfo . + +ns1:PackageVerificationCode a owl:Class, + sh:NodeShape ; + rdfs:comment "An SPDX version 2.X compatible verification method for software packages."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:HashAlgorithm ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:packageVerificationCodeExcludedFile ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue ] . + +ns1:Person a owl:Class ; + rdfs:comment "An individual human being."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + +ns1:SoftwareAgent a owl:Class ; + rdfs:comment "A software agent."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + +ns1:SpdxDocument a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements that could potentially be serialized."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:ExternalMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:import ], + [ sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:dataLicense ], + [ sh:class ns1:NamespaceMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:namespaceMap ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies a data package and its associated information."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:nonNegativeInteger ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ; + sh:in ( ) ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:PresenceType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information +where all elements apply."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class ; + rdfs:comment "A license that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI . + + a owl:Class ; + rdfs:comment "A license addition that is not listed on the SPDX Exceptions List."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information where +only one of the elements applies."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A license that is listed on the SPDX License List."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A license exception that is listed on the SPDX Exceptions list."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:NamedIndividual, + ; + rdfs:comment """An Individual Value for License when no assertion can be made about its actual +value."""@en ; + = ; + ns1:creationInfo . + + a owl:NamedIndividual, + ; + rdfs:comment """An Individual Value for License where the SPDX data creator determines that no +license is present."""@en ; + = ; + ns1:creationInfo . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing this version, or any later version, +of the indicated License."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a License which has additional +text applied to it."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A type of extension consisting of a list of name value pairs."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 2.0 assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 3 assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 4 assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an EPSS assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an exploit assessment of a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an SSVC assessment for a vulnerability."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Connects a vulnerability and an element designating the element as a product +affected by the vulnerability."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class ; + rdfs:comment """Links a vulnerability and elements representing products (in the VEX sense) where +a fix has been applied and are no longer affected."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Links a vulnerability and one or more elements designating the latter as products +not affected by the vulnerability."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class ; + rdfs:comment """Designates elements as products where the impact of a vulnerability is being +investigated."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies a vulnerability and its associated information."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "An SPDX Element containing an SPDX license expression string."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A license or addition that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements describing a single package."@en ; + rdfs:subClassOf ns1:Bom ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Describes a certain part of a file."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:class ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ] . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + +spdx: a owl:Ontology ; + rdfs:label "System Package Data Exchange (SPDX) Ontology"@en ; + dcterms:abstract "This ontology defines the terms and relationships used in the SPDX specification to describe system packages"@en ; + dcterms:created "2024-04-05"^^xsd:date ; + dcterms:creator "SPDX Project"@en ; + dcterms:license ; + dcterms:references ; + dcterms:title "System Package Data Exchange (SPDX) Ontology"@en ; + owl:versionIRI spdx: ; + omg-ann:copyright "Copyright (C) 2024 SPDX Project"@en . + + a owl:NamedIndividual, + ; + rdfs:label "kilowattHour" ; + rdfs:comment "Kilowatt-hour."@en . + + a owl:NamedIndividual, + ; + rdfs:label "megajoule" ; + rdfs:comment "Megajoule."@en . + + a owl:NamedIndividual, + ; + rdfs:label "other" ; + rdfs:comment "Any other units of energy measurement."@en . + + a owl:NamedIndividual, + ; + rdfs:label "high" ; + rdfs:comment "The second-highest level of risk posed by an AI system."@en . + + a owl:NamedIndividual, + ; + rdfs:label "low" ; + rdfs:comment "Low/no risk is posed by an AI system."@en . + + a owl:NamedIndividual, + ; + rdfs:label "medium" ; + rdfs:comment "The third-highest level of risk posed by an AI system."@en . + + a owl:NamedIndividual, + ; + rdfs:label "serious" ; + rdfs:comment "The highest level of risk posed by an AI system."@en . + + a owl:ObjectProperty ; + rdfs:comment """Indicates whether the system can perform a decision or action without human +involvement or guidance."""@en ; + rdfs:range ns1:PresenceType . + + a owl:DatatypeProperty ; + rdfs:comment "Captures the domain in which the AI package can be used."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Indicates the amount of energy consumption incurred by an AI model."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Represents the energy quantity."@en ; + rdfs:range xsd:decimal . + + a owl:ObjectProperty ; + rdfs:comment "Specifies the unit in which energy is measured."@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when finetuning the AI model that is +being used in the AI system."""@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment """Records a hyperparameter used to build the AI model contained in the AI +package."""@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed during inference time by an AI model +that is being used in the AI system."""@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment """Provides relevant information about the AI software, not including the model +description."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Describes relevant information about different steps of the training process."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Captures a limitation of the AI software."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Records the measurement of prediction quality of the AI model."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:ObjectProperty ; + rdfs:comment """Captures the threshold that was used for computation of a metric described in +the metric field."""@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:DatatypeProperty ; + rdfs:comment """Describes all the preprocessing steps applied to the training data before the +model training."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Describes methods that can be used to explain the results from the AI model."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Records the results of general safety risk assessment of the AI system."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Captures a standard that is being complied with."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when training the AI model that is +being used in the AI system."""@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Records the type of the model used in the AI software."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment """Records if sensitive personal information is used during model training or +could be used during the inference."""@en ; + rdfs:range ns1:PresenceType . + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the time at which a build stops."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment """A buildId is a locally unique identifier used by a builder to identify a unique +instance of a build produced by it."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Property describing the start time of a build."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment """A buildType is a hint that is used to indicate the toolchain, platform, or +infrastructure that the build was invoked on."""@en ; + rdfs:range xsd:anyURI . + + a owl:ObjectProperty ; + rdfs:comment """Property that describes the digest of the build configuration file used to +invoke a build."""@en ; + rdfs:range ns1:Hash . + + a owl:DatatypeProperty ; + rdfs:comment "Property describes the invocation entrypoint of a build."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the URI of the build configuration source file."@en ; + rdfs:range xsd:anyURI . + + a owl:ObjectProperty ; + rdfs:comment "Property describing the session in which a build is invoked."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:ObjectProperty ; + rdfs:comment "Property describing a parameter used in an instance of a build."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:NamedIndividual, + ns1:AnnotationType ; + rdfs:label "other" ; + rdfs:comment "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element)."@en . + + a owl:NamedIndividual, + ns1:AnnotationType ; + rdfs:label "review" ; + rdfs:comment "Used when someone reviews the Element."@en . + +ns1:Bom a owl:Class ; + rdfs:comment """A container for a grouping of SPDX-3.0 content characterizing details +(provenence, composition, licensing, etc.) about a product."""@en ; + rdfs:subClassOf ns1:Bundle ; + sh:nodeKind sh:IRI . + +ns1:Bundle a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of Elements that have a shared context."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:context ] . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cpe22" ; + rdfs:comment "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)"@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cpe23" ; + rdfs:comment "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)"@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cve" ; + rdfs:comment "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "email" ; + rdfs:comment "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "packageUrl" ; + rdfs:comment "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "securityOther" ; + rdfs:comment "Used when there is a security related identifier of unspecified type."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "swid" ; + rdfs:comment "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "urlScheme" ; + rdfs:comment "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "altDownloadLocation" ; + rdfs:comment "A reference to an alternative download location."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "altWebPage" ; + rdfs:comment "A reference to an alternative web page."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "binaryArtifact" ; + rdfs:comment "A reference to binary artifacts related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "bower" ; + rdfs:comment "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "buildMeta" ; + rdfs:comment "A reference build metadata related to a published package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "buildSystem" ; + rdfs:comment "A reference build system used to create or publish the package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "certificationReport" ; + rdfs:comment "A reference to a certification report for a package from an accredited/independent body."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "chat" ; + rdfs:comment "A reference to the instant messaging system used by the maintainer for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "componentAnalysisReport" ; + rdfs:comment "A reference to a Software Composition Analysis (SCA) report."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "cwe" ; + rdfs:comment "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "documentation" ; + rdfs:comment "A reference to the documentation for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "dynamicAnalysisReport" ; + rdfs:comment "A reference to a dynamic analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "eolNotice" ; + rdfs:comment "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "exportControlAssessment" ; + rdfs:comment "A reference to a export control assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "funding" ; + rdfs:comment "A reference to funding information related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "issueTracker" ; + rdfs:comment "A reference to the issue tracker for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "license" ; + rdfs:comment "A reference to additional license information related to an artifact."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "mailingList" ; + rdfs:comment "A reference to the mailing list used by the maintainer for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "mavenCentral" ; + rdfs:comment "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "metrics" ; + rdfs:comment "A reference to metrics related to package such as OpenSSF scorecards."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "npm" ; + rdfs:comment "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "nuget" ; + rdfs:comment "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "privacyAssessment" ; + rdfs:comment "A reference to a privacy assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "productMetadata" ; + rdfs:comment "A reference to additional product metadata such as reference within organization's product catalog."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "purchaseOrder" ; + rdfs:comment "A reference to a purchase order for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "qualityAssessmentReport" ; + rdfs:comment "A reference to a quality assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "releaseHistory" ; + rdfs:comment "A reference to a published list of releases for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "releaseNotes" ; + rdfs:comment "A reference to the release notes for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "riskAssessment" ; + rdfs:comment "A reference to a risk assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "runtimeAnalysisReport" ; + rdfs:comment "A reference to a runtime analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "secureSoftwareAttestation" ; + rdfs:comment "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityAdversaryModel" ; + rdfs:comment "A reference to the security adversary model for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityAdvisory" ; + rdfs:comment "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityFix" ; + rdfs:comment "A reference to the patch or source code that fixes a vulnerability."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityOther" ; + rdfs:comment "A reference to related security information of unspecified type."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityPenTestReport" ; + rdfs:comment "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityPolicy" ; + rdfs:comment "A reference to instructions for reporting newly discovered security vulnerabilities for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityThreatModel" ; + rdfs:comment "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "socialMedia" ; + rdfs:comment "A reference to a social media channel for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "sourceArtifact" ; + rdfs:comment "A reference to an artifact containing the sources for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "staticAnalysisReport" ; + rdfs:comment "A reference to a static analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "support" ; + rdfs:comment "A reference to the software support channel or other support information for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vcs" ; + rdfs:comment "A reference to a version control system related to a software artifact."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vulnerabilityDisclosureReport" ; + rdfs:comment "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vulnerabilityExploitabilityAssessment" ; + rdfs:comment "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "build" ; + rdfs:comment "A relationship has specific context implications during an element's build phase, during development."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "design" ; + rdfs:comment "A relationship has specific context implications during an element's design."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "development" ; + rdfs:comment "A relationship has specific context implications during development phase of an element."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "other" ; + rdfs:comment "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "runtime" ; + rdfs:comment "A relationship has specific context implications during the execution phase of an element."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "test" ; + rdfs:comment "A relationship has specific context implications during an element's testing phase, during development."@en . + +ns1:Organization a owl:Class ; + rdfs:comment "A group of people who work together in an organized way for a shared purpose."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "ai" ; + rdfs:comment "the element follows the AI profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "build" ; + rdfs:comment "the element follows the Build profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "core" ; + rdfs:comment "the element follows the Core profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "dataset" ; + rdfs:comment "the element follows the Dataset profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "expandedLicensing" ; + rdfs:comment "the element follows the ExpandedLicensing profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "extension" ; + rdfs:comment "the element follows the Extension profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "lite" ; + rdfs:comment "the element follows the Lite profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "security" ; + rdfs:comment "the element follows the Security profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "simpleLicensing" ; + rdfs:comment "the element follows the SimpleLicensing profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "software" ; + rdfs:comment "the element follows the Software profile specification"@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "complete" ; + rdfs:comment "The relationship is known to be exhaustive."@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "incomplete" ; + rdfs:comment "The relationship is known not to be exhaustive."@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "noAssertion" ; + rdfs:comment "No assertion can be made about the completeness of the relationship."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "affects" ; + rdfs:comment "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "amendedBy" ; + rdfs:comment "The `from` Element is amended by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "ancestorOf" ; + rdfs:comment "The `from` Element is an ancestor of each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "availableFrom" ; + rdfs:comment "The `from` Element is available from the additional supplier described by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "configures" ; + rdfs:comment "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "contains" ; + rdfs:comment "The `from` Element contains each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "coordinatedBy" ; + rdfs:comment "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "copiedTo" ; + rdfs:comment "The `from` Element has been copied to each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "delegatedTo" ; + rdfs:comment "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "dependsOn" ; + rdfs:comment "The `from` Element depends on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "descendantOf" ; + rdfs:comment "The `from` Element is a descendant of each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "describes" ; + rdfs:comment "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "doesNotAffect" ; + rdfs:comment "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "expandsTo" ; + rdfs:comment "The `from` archive expands out as an artifact described by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "exploitCreatedBy" ; + rdfs:comment "The `from` Vulnerability has had an exploit created against it by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "fixedBy" ; + rdfs:comment "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "fixedIn" ; + rdfs:comment "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "foundBy" ; + rdfs:comment "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "generates" ; + rdfs:comment "The `from` Element generates each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAddedFile" ; + rdfs:comment "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAssessmentFor" ; + rdfs:comment "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAssociatedVulnerability" ; + rdfs:comment "Used to associate a `from` Artifact with each `to` Vulnerability."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasConcludedLicense" ; + rdfs:comment "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDataFile" ; + rdfs:comment "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDeclaredLicense" ; + rdfs:comment "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDeletedFile" ; + rdfs:comment "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDependencyManifest" ; + rdfs:comment "The `from` Element has manifest files that contain dependency information in each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDistributionArtifact" ; + rdfs:comment "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDocumentation" ; + rdfs:comment "The `from` Element is documented by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDynamicLink" ; + rdfs:comment "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasEvidence" ; + rdfs:comment "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasExample" ; + rdfs:comment "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasHost" ; + rdfs:comment "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasInput" ; + rdfs:comment "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasMetadata" ; + rdfs:comment "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOptionalComponent" ; + rdfs:comment "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOptionalDependency" ; + rdfs:comment "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOutput" ; + rdfs:comment "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasPrerequisite" ; + rdfs:comment "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasProvidedDependency" ; + rdfs:comment "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasRequirement" ; + rdfs:comment "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasSpecification" ; + rdfs:comment "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasStaticLink" ; + rdfs:comment "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasTest" ; + rdfs:comment "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasTestCase" ; + rdfs:comment "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasVariant" ; + rdfs:comment "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "invokedBy" ; + rdfs:comment "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "modifiedBy" ; + rdfs:comment "The `from` Element is modified by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "other" ; + rdfs:comment "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "packagedBy" ; + rdfs:comment "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "patchedBy" ; + rdfs:comment "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "publishedBy" ; + rdfs:comment "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "reportedBy" ; + rdfs:comment "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "republishedBy" ; + rdfs:comment "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "serializedInArtifact" ; + rdfs:comment "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "testedOn" ; + rdfs:comment "The `from` Element has been tested on the `to` Element(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "trainedOn" ; + rdfs:comment "The `from` Element has been trained on the `to` Element(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "underInvestigationFor" ; + rdfs:comment "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "usesTool" ; + rdfs:comment "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "deployed" ; + rdfs:comment "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "development" ; + rdfs:comment "the artifact is in active development and is not considered ready for formal support from the supplier."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "endOfSupport" ; + rdfs:comment "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "limitedSupport" ; + rdfs:comment "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "noAssertion" ; + rdfs:comment "no assertion about the type of support is made. This is considered the default if no other support type is used."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "noSupport" ; + rdfs:comment "there is no support for the artifact from the supplier, consumer assumes any support obligations."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "support" ; + rdfs:comment "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . + +ns1:annotationType a owl:ObjectProperty ; + rdfs:comment "Describes the type of annotation."@en ; + rdfs:range ns1:AnnotationType . + +ns1:beginIntegerRange a owl:DatatypeProperty ; + rdfs:comment "Defines the beginning of a range."@en ; + rdfs:range xsd:positiveInteger . + +ns1:builtTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was built."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:completeness a owl:ObjectProperty ; + rdfs:comment "Provides information about the completeness of relationships."@en ; + rdfs:range ns1:RelationshipCompleteness . + +ns1:context a owl:DatatypeProperty ; + rdfs:comment """Gives information about the circumstances or unifying properties +that Elements of the bundle have been assembled under."""@en ; + rdfs:range xsd:string . + +ns1:created a owl:DatatypeProperty ; + rdfs:comment "Identifies when the Element was originally created."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:createdBy a owl:ObjectProperty ; + rdfs:comment "Identifies who or what created the Element."@en ; + rdfs:range ns1:Agent . + +ns1:createdUsing a owl:ObjectProperty ; + rdfs:comment "Identifies the tooling that was used during the creation of the Element."@en ; + rdfs:range ns1:Tool . + +ns1:creationInfo a owl:ObjectProperty ; + rdfs:comment "Provides information about the creation of the Element."@en ; + rdfs:range ns1:CreationInfo . + +ns1:dataLicense a owl:ObjectProperty ; + rdfs:comment """Provides the license under which the SPDX documentation of the Element can be +used."""@en ; + rdfs:range . + +ns1:definingArtifact a owl:ObjectProperty ; + rdfs:comment """Artifact representing a serialization instance of SPDX data containing the +definition of a particular Element."""@en ; + rdfs:range ns1:Artifact . + +ns1:description a owl:DatatypeProperty ; + rdfs:comment "Provides a detailed description of the Element."@en ; + rdfs:range xsd:string . + +ns1:element a owl:ObjectProperty ; + rdfs:comment "Refers to one or more Elements that are part of an ElementCollection."@en ; + rdfs:range ns1:Element . + +ns1:endIntegerRange a owl:DatatypeProperty ; + rdfs:comment "Defines the end of a range."@en ; + rdfs:range xsd:positiveInteger . + +ns1:endTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is no longer applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:extension a owl:ObjectProperty ; + rdfs:comment "Specifies an Extension characterization of some aspect of an Element."@en ; + rdfs:range . + +ns1:externalIdentifier a owl:ObjectProperty ; + rdfs:comment """Provides a reference to a resource outside the scope of SPDX-3.0 content +that uniquely identifies an Element."""@en ; + rdfs:range ns1:ExternalIdentifier . + +ns1:externalIdentifierType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external identifier."@en ; + rdfs:range ns1:ExternalIdentifierType . + +ns1:externalRef a owl:ObjectProperty ; + rdfs:comment """Points to a resource outside the scope of the SPDX-3.0 content +that provides additional characteristics of an Element."""@en ; + rdfs:range ns1:ExternalRef . + +ns1:externalRefType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external reference."@en ; + rdfs:range ns1:ExternalRefType . + +ns1:externalSpdxId a owl:DatatypeProperty ; + rdfs:comment """Identifies an external Element used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + rdfs:range xsd:anyURI . + +ns1:from a owl:ObjectProperty ; + rdfs:comment "References the Element on the left-hand side of a relationship."@en ; + rdfs:range ns1:Element . + +ns1:identifier a owl:DatatypeProperty ; + rdfs:comment "Uniquely identifies an external element."@en ; + rdfs:range xsd:string . + +ns1:identifierLocator a owl:DatatypeProperty ; + rdfs:comment "Provides the location for more information regarding an external identifier."@en ; + rdfs:range xsd:anyURI . + +ns1:import a owl:ObjectProperty ; + rdfs:comment "Provides an ExternalMap of Element identifiers."@en ; + rdfs:range ns1:ExternalMap . + +ns1:issuingAuthority a owl:DatatypeProperty ; + rdfs:comment "An entity that is authorized to issue identification credentials."@en ; + rdfs:range xsd:string . + +ns1:key a owl:DatatypeProperty ; + rdfs:comment "A key used in a generic key-value pair."@en ; + rdfs:range xsd:string . + +ns1:locationHint a owl:DatatypeProperty ; + rdfs:comment "Provides an indication of where to retrieve an external Element."@en ; + rdfs:range xsd:anyURI . + +ns1:locator a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an external reference."@en ; + rdfs:range xsd:string . + +ns1:name a owl:DatatypeProperty ; + rdfs:comment "Identifies the name of an Element as designated by the creator."@en ; + rdfs:range xsd:string . + +ns1:namespace a owl:DatatypeProperty ; + rdfs:comment """Provides an unambiguous mechanism for conveying a URI fragment portion of an +Element ID."""@en ; + rdfs:range xsd:anyURI . + +ns1:namespaceMap a owl:ObjectProperty ; + rdfs:comment "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance."@en ; + rdfs:range ns1:NamespaceMap . + +ns1:originatedBy a owl:ObjectProperty ; + rdfs:comment "Identifies from where or whom the Element originally came."@en ; + rdfs:range ns1:Agent . + +ns1:packageVerificationCodeExcludedFile a owl:DatatypeProperty ; + rdfs:comment """The relative file name of a file to be excluded from the +`PackageVerificationCode`."""@en ; + rdfs:range xsd:string . + +ns1:prefix a owl:DatatypeProperty ; + rdfs:comment "A substitute for a URI."@en ; + rdfs:range xsd:string . + +ns1:profileConformance a owl:ObjectProperty ; + rdfs:comment """Describes one a profile which the creator of this ElementCollection intends to +conform to."""@en ; + rdfs:range ns1:ProfileIdentifierType . + +ns1:relationshipType a owl:ObjectProperty ; + rdfs:comment "Information about the relationship between two Elements."@en ; + rdfs:range ns1:RelationshipType . + +ns1:releaseTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was released."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:rootElement a owl:ObjectProperty ; + rdfs:comment "This property is used to denote the root Element(s) of a tree of elements contained in a BOM."@en ; + rdfs:range ns1:Element . + +ns1:scope a owl:ObjectProperty ; + rdfs:comment "Capture the scope of information about a specific relationship between elements."@en ; + rdfs:range ns1:LifecycleScopeType . + +ns1:specVersion a owl:DatatypeProperty ; + rdfs:comment """Provides a reference number that can be used to understand how to parse and +interpret an Element."""@en ; + rdfs:range xsd:string . + +ns1:standardName a owl:DatatypeProperty ; + rdfs:comment "The name of a relevant standard that may apply to an artifact."@en ; + rdfs:range xsd:string . + +ns1:startTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:statement a owl:DatatypeProperty ; + rdfs:comment "Commentary on an assertion that an annotator has made."@en ; + rdfs:range xsd:string . + +ns1:subject a owl:ObjectProperty ; + rdfs:comment "An Element an annotator has made an assertion about."@en ; + rdfs:range ns1:Element . + +ns1:summary a owl:DatatypeProperty ; + rdfs:comment "A short description of an Element."@en ; + rdfs:range xsd:string . + +ns1:supportLevel a owl:ObjectProperty ; + rdfs:comment "Specifies the level of support associated with an artifact."@en ; + rdfs:range ns1:SupportType . + +ns1:to a owl:ObjectProperty ; + rdfs:comment "References an Element on the right-hand side of a relationship."@en ; + rdfs:range ns1:Element . + +ns1:validUntilTime a owl:DatatypeProperty ; + rdfs:comment """Specifies until when the artifact can be used before its usage needs to be +reassessed."""@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:value a owl:DatatypeProperty ; + rdfs:comment "A value used in a generic key-value pair."@en ; + rdfs:range xsd:string . + + a owl:NamedIndividual, + ; + rdfs:label "amber" ; + rdfs:comment "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis."@en . + + a owl:NamedIndividual, + ; + rdfs:label "clear" ; + rdfs:comment "Dataset may be distributed freely, without restriction."@en . + + a owl:NamedIndividual, + ; + rdfs:label "green" ; + rdfs:comment "Dataset can be shared within a community of peers and partners."@en . + + a owl:NamedIndividual, + ; + rdfs:label "red" ; + rdfs:comment "Data points in the dataset are highly confidential and can only be shared with named recipients."@en . + + a owl:NamedIndividual, + ; + rdfs:label "clickthrough" ; + rdfs:comment "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage."@en . + + a owl:NamedIndividual, + ; + rdfs:label "directDownload" ; + rdfs:comment "the dataset is publicly available and can be downloaded directly."@en . + + a owl:NamedIndividual, + ; + rdfs:label "query" ; + rdfs:comment "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset."@en . + + a owl:NamedIndividual, + ; + rdfs:label "registration" ; + rdfs:comment "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms."@en . + + a owl:NamedIndividual, + ; + rdfs:label "scrapingScript" ; + rdfs:comment "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data."@en . + + a owl:NamedIndividual, + ; + rdfs:label "audio" ; + rdfs:comment "data is audio based, such as a collection of music from the 80s."@en . + + a owl:NamedIndividual, + ; + rdfs:label "categorical" ; + rdfs:comment "data that is classified into a discrete number of categories, such as the eye color of a population of people."@en . + + a owl:NamedIndividual, + ; + rdfs:label "graph" ; + rdfs:comment "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends."@en . + + a owl:NamedIndividual, + ; + rdfs:label "image" ; + rdfs:comment "data is a collection of images such as pictures of animals."@en . + + a owl:NamedIndividual, + ; + rdfs:label "noAssertion" ; + rdfs:comment "data type is not known."@en . + + a owl:NamedIndividual, + ; + rdfs:label "numeric" ; + rdfs:comment "data consists only of numeric entries."@en . + + a owl:NamedIndividual, + ; + rdfs:label "other" ; + rdfs:comment "data is of a type not included in this list."@en . + + a owl:NamedIndividual, + ; + rdfs:label "sensor" ; + rdfs:comment "data is recorded from a physical sensor, such as a thermometer reading or biometric device."@en . + + a owl:NamedIndividual, + ; + rdfs:label "structured" ; + rdfs:comment "data is stored in tabular format or retrieved from a relational database."@en . + + a owl:NamedIndividual, + ; + rdfs:label "syntactic" ; + rdfs:comment "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing."@en . + + a owl:NamedIndividual, + ; + rdfs:label "text" ; + rdfs:comment "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript."@en . + + a owl:NamedIndividual, + ; + rdfs:label "timeseries" ; + rdfs:comment "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day."@en . + + a owl:NamedIndividual, + ; + rdfs:label "timestamp" ; + rdfs:comment "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends."@en . + + a owl:NamedIndividual, + ; + rdfs:label "video" ; + rdfs:comment "data is video based, such as a collection of movie clips featuring Tom Hanks."@en . + + a owl:DatatypeProperty ; + rdfs:comment "Describes the anonymization methods used."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Describes the confidentiality level of the data points contained in the dataset."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Describes how the dataset was collected."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Describes the preprocessing steps that were applied to the raw data to create the given dataset."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "The field describes the availability of a dataset."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Describes potentially noisy elements of the dataset."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Captures the size of the dataset."@en ; + rdfs:range xsd:nonNegativeInteger . + + a owl:ObjectProperty ; + rdfs:comment "Describes the type of the given dataset."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Describes a mechanism to update the dataset."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Describes if any sensitive personal information is present in the dataset."@en ; + rdfs:range ns1:PresenceType . + + a owl:DatatypeProperty ; + rdfs:comment "Describes what the given dataset should be used for."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Records the biases that the dataset is known to encompass."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Describes a sensor used for collecting the data."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Specifies whether an additional text identifier has been marked as deprecated."@en ; + rdfs:range xsd:boolean . + + a owl:DatatypeProperty ; + rdfs:comment """Specifies whether a license or additional text identifier has been marked as +deprecated."""@en ; + rdfs:range xsd:boolean . + + a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as free by the +Free Software Foundation (FSF)."""@en ; + rdfs:range xsd:boolean . + + a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as approved by the +Open Source Initiative (OSI)."""@en ; + rdfs:range xsd:boolean . + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition, in SPDX templating format."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment """Provides a License author's preferred text to indicate that a file is covered +by the License."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License, in SPDX templating format."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "A LicenseAddition participating in a 'with addition' model."@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment "A License participating in a 'with addition' model."@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment "A License participating in an 'or later' model."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "A name used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "A value used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Provides a map of a property names to a values."@en ; + rdfs:range . + + a owl:NamedIndividual, + ; + rdfs:label "kev" ; + rdfs:comment "CISA's Known Exploited Vulnerability (KEV) Catalog"@en . + + a owl:NamedIndividual, + ; + rdfs:label "other" ; + rdfs:comment "Other exploit catalogs"@en . + + a owl:NamedIndividual, + ; + rdfs:label "act" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."@en . + + a owl:NamedIndividual, + ; + rdfs:label "attend" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."@en . + + a owl:NamedIndividual, + ; + rdfs:label "track" ; + rdfs:comment "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."@en . + + a owl:NamedIndividual, + ; + rdfs:label "trackStar" ; + rdfs:comment "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines."@en . + + a owl:NamedIndividual, + ; + rdfs:label "componentNotPresent" ; + rdfs:comment "The software is not affected because the vulnerable component is not in the product."@en . + + a owl:NamedIndividual, + ; + rdfs:label "inlineMitigationsAlreadyExist" ; + rdfs:comment "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability."@en . + + a owl:NamedIndividual, + ; + rdfs:label "vulnerableCodeCannotBeControlledByAdversary" ; + rdfs:comment "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack."@en . + + a owl:NamedIndividual, + ; + rdfs:label "vulnerableCodeNotInExecutePath" ; + rdfs:comment "The affected code is not reachable through the execution of the code, including non-anticipated states of the product."@en . + + a owl:NamedIndividual, + ; + rdfs:label "vulnerableCodeNotPresent" ; + rdfs:comment "The product is not affected because the code underlying the vulnerability is not present in the product."@en . + + a owl:DatatypeProperty ; + rdfs:comment """Provides advise on how to mitigate or remediate a vulnerability when a VEX product +is affected by it."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment """Records the time when a recommended action was communicated in a VEX statement +to mitigate a vulnerability."""@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:ObjectProperty ; + rdfs:comment """Specifies an Element contained in a piece of software where a vulnerability was +found."""@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment "Specifies the exploit catalog type."@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment """Provide the enumeration of possible decisions in the +[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)."""@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog."@en ; + rdfs:range xsd:boolean . + + a owl:DatatypeProperty ; + rdfs:comment """Explains why a VEX product is not affected by a vulnerability. It is an +alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable +justification label."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Timestamp of impact statement."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:ObjectProperty ; + rdfs:comment """Impact justification label to be used when linking a vulnerability to an element +representing a VEX product with a VexNotAffectedVulnAssessmentRelationship +relationship."""@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an exploit catalog."@en ; + rdfs:range xsd:anyURI . + + a owl:DatatypeProperty ; + rdfs:comment "The percentile of the current probability score."@en ; + rdfs:range xsd:decimal . + + a owl:DatatypeProperty ; + rdfs:comment "A probability score between 0 and 1 of a vulnerability being exploited."@en ; + rdfs:range xsd:decimal . + + a owl:DatatypeProperty ; + rdfs:comment "Conveys information about how VEX status was determined."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the version of a VEX statement."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment """Maps a LicenseRef or AdditionRef string for a Custom License or a Custom +License Addition to its URI ID."""@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:DatatypeProperty ; + rdfs:comment "A string in the license expression format."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "The version of the SPDX License List used in the license expression."@en ; + rdfs:range xsd:string . + + a owl:NamedIndividual, + ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . + + a owl:NamedIndividual, + ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + + a owl:NamedIndividual, + ; + rdfs:label "directory" ; + rdfs:comment "The file represents a directory and all content stored in that directory."@en . + + a owl:NamedIndividual, + ; + rdfs:label "file" ; + rdfs:comment "The file represents a single file (default)."@en . + + a owl:NamedIndividual, + ; + rdfs:label "analyzed" ; + rdfs:comment "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM."@en . + + a owl:NamedIndividual, + ; + rdfs:label "build" ; + rdfs:comment "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs."@en . + + a owl:NamedIndividual, + ; + rdfs:label "deployed" ; + rdfs:comment "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment."@en . + + a owl:NamedIndividual, + ; + rdfs:label "design" ; + rdfs:comment "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact."@en . + + a owl:NamedIndividual, + ; + rdfs:label "runtime" ; + rdfs:comment "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM."@en . + + a owl:NamedIndividual, + ; + rdfs:label "source" ; + rdfs:comment "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact."@en . + + a owl:ObjectProperty ; + rdfs:comment "Provides additional purpose information of the software artifact."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record acknowledgement text for +a software Package, File or Snippet."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment """Defines the byte range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange . + + a owl:DatatypeProperty ; + rdfs:comment """A canonical, unique, immutable identifier of the artifact content, that may be +used for verifying its identity and/or integrity."""@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the content identifier."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the value of the content identifier."@en ; + rdfs:range xsd:anyURI . + + a owl:DatatypeProperty ; + rdfs:comment """Identifies the text of one or more copyright notices for a software Package, +File or Snippet, if any."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment """Identifies the download Uniform Resource Identifier for the package at the time +that the document was created."""@en ; + rdfs:range xsd:anyURI . + + a owl:ObjectProperty ; + rdfs:comment "Describes if a given file is a directory or non-directory kind of file."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment """A place for the SPDX document creator to record a website that serves as the +package's home page."""@en ; + rdfs:range xsd:anyURI . + + a owl:DatatypeProperty ; + rdfs:comment """Defines the line range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange . + + a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record the package URL string +(in accordance with the Package URL specification) for a software Package."""@en ; + rdfs:range xsd:anyURI . + + a owl:DatatypeProperty ; + rdfs:comment "Identify the version of a package."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Provides information about the primary purpose of the software artifact."@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment "Provides information about the type of an SBOM."@en ; + rdfs:range . + + a owl:ObjectProperty ; + rdfs:comment "Defines the original host file that the snippet information applies to."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment """Records any relevant background information or additional comments +about the origin of the package."""@en ; + rdfs:range xsd:string . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """A class for describing the energy consumption incurred by an AI model in +different stages of its lifecycle."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ] . + +ns1:ExternalIdentifier a owl:Class, + sh:NodeShape ; + rdfs:comment "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifierLocator ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:issuingAuthority ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifier ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:class ns1:ExternalIdentifierType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalIdentifierType ] . + +ns1:ExternalMap a owl:Class, + sh:NodeShape ; + rdfs:comment """A map of Element identifiers that are used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:locationHint ], + [ sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing ], + [ sh:class ns1:Artifact ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:definingArtifact ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:externalSpdxId ] . + +ns1:ExternalRef a owl:Class, + sh:NodeShape ; + rdfs:comment "A reference to a resource outside the scope of SPDX-3.0 content related to an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:ExternalRefType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalRefType ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:locator ] . + +ns1:Hash a owl:Class, + sh:NodeShape ; + rdfs:comment "A mathematically calculated representation of a grouping of data."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:HashAlgorithm ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue ] . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "adler32" ; + rdfs:comment "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b256" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b384" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b512" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake3" ; + rdfs:comment "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "crystalsDilithium" ; + rdfs:comment "[Dilithium](https://pq-crystals.org/dilithium/)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "crystalsKyber" ; + rdfs:comment "[Kyber](https://pq-crystals.org/kyber/)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "falcon" ; + rdfs:comment "[FALCON](https://falcon-sign.info/falcon.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md2" ; + rdfs:comment "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md4" ; + rdfs:comment "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md5" ; + rdfs:comment "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md6" ; + rdfs:comment "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "other" ; + rdfs:comment "any hashing algorithm that does not exist in this list of entries"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha1" ; + rdfs:comment "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha224" ; + rdfs:comment "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha256" ; + rdfs:comment "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha384" ; + rdfs:comment "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_224" ; + rdfs:comment "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_256" ; + rdfs:comment "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_384" ; + rdfs:comment "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_512" ; + rdfs:comment "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha512" ; + rdfs:comment "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + +ns1:IndividualElement a owl:Class ; + rdfs:comment """A concrete subclass of Element used by Individuals in the +Core profile."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + +ns1:NamespaceMap a owl:Class, + sh:NodeShape ; + rdfs:comment "A mapping between prefixes and namespace partial URIs."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:prefix ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:namespace ] . + +ns1:Relationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Describes a relationship between one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:Element ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:to ], + [ sh:class ns1:RelationshipCompleteness ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:completeness ], + [ sh:class ns1:RelationshipType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:relationshipType ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:startTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:from ] . + +ns1:Tool a owl:Class ; + rdfs:comment "An element of hardware and/or software utilized to carry out a particular function."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + +ns1:algorithm a owl:ObjectProperty ; + rdfs:comment "Specifies the algorithm used for calculating the hash value."@en ; + rdfs:range ns1:HashAlgorithm . + +ns1:hashValue a owl:DatatypeProperty ; + rdfs:comment "The result of applying a hash algorithm to an Element."@en ; + rdfs:range xsd:string . + +ns1:suppliedBy a owl:ObjectProperty ; + rdfs:comment """Identifies who or what supplied the artifact or VulnAssessmentRelationship +referenced by the Element."""@en ; + rdfs:range ns1:Agent . + +ns1:verifiedUsing a owl:ObjectProperty ; + rdfs:comment """Provides an IntegrityMethod with which the integrity of an Element can be +asserted."""@en ; + rdfs:range ns1:IntegrityMethod . + + a owl:Class ; + rdfs:comment """A concrete subclass of AnyLicenseInfo used by Individuals in the +ExpandedLicensing profile."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI . + + a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this license or exception +identifier was deprecated."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment """Identifies all the text and metadata associated with a license in the license +XML format."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this ListedLicense or +ListedLicenseException identifier was first added."""@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "A license expression participating in a license set."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment """Specifies the licenseId that is preferred to be used in place of a deprecated +License or LicenseAddition."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Contains a URL where the License or LicenseAddition can be found in use."@en ; + rdfs:range xsd:anyURI . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A property name with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:NamedIndividual, + ; + rdfs:label "critical" ; + rdfs:comment "When a CVSS score is between 9.0 - 10.0"@en . + + a owl:NamedIndividual, + ; + rdfs:label "high" ; + rdfs:comment "When a CVSS score is between 7.0 - 8.9"@en . + + a owl:NamedIndividual, + ; + rdfs:label "low" ; + rdfs:comment "When a CVSS score is between 0.1 - 3.9"@en . + + a owl:NamedIndividual, + ; + rdfs:label "medium" ; + rdfs:comment "When a CVSS score is between 4.0 - 6.9"@en . + + a owl:NamedIndividual, + ; + rdfs:label "none" ; + rdfs:comment "When a CVSS score is 0.0"@en . + + a owl:DatatypeProperty ; + rdfs:comment "Specifies a time when a vulnerability assessment was modified"@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the time when a vulnerability was published."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:ObjectProperty ; + rdfs:comment "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software."@en ; + rdfs:range . + + a owl:DatatypeProperty ; + rdfs:comment "Specified the time and date when a vulnerability was withdrawn."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License or Addition."@en ; + rdfs:range xsd:string . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A canonical, unique, immutable identifier"@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Refers to any object that stores content on a computer."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Refers to any unit of content that can be associated with a distribution of +software."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:NamedIndividual, + ; + rdfs:label "application" ; + rdfs:comment "The Element is a software application."@en . + + a owl:NamedIndividual, + ; + rdfs:label "archive" ; + rdfs:comment "The Element is an archived collection of one or more files (.tar, .zip, etc.)."@en . + + a owl:NamedIndividual, + ; + rdfs:label "bom" ; + rdfs:comment "The Element is a bill of materials."@en . + + a owl:NamedIndividual, + ; + rdfs:label "configuration" ; + rdfs:comment "The Element is configuration data."@en . + + a owl:NamedIndividual, + ; + rdfs:label "container" ; + rdfs:comment "The Element is a container image which can be used by a container runtime application."@en . + + a owl:NamedIndividual, + ; + rdfs:label "data" ; + rdfs:comment "The Element is data."@en . + + a owl:NamedIndividual, + ; + rdfs:label "device" ; + rdfs:comment "The Element refers to a chipset, processor, or electronic board."@en . + + a owl:NamedIndividual, + ; + rdfs:label "deviceDriver" ; + rdfs:comment "The Element represents software that controls hardware devices."@en . + + a owl:NamedIndividual, + ; + rdfs:label "diskImage" ; + rdfs:comment "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc."@en . + + a owl:NamedIndividual, + ; + rdfs:label "documentation" ; + rdfs:comment "The Element is documentation."@en . + + a owl:NamedIndividual, + ; + rdfs:label "evidence" ; + rdfs:comment "The Element is the evidence that a specification or requirement has been fulfilled."@en . + + a owl:NamedIndividual, + ; + rdfs:label "executable" ; + rdfs:comment "The Element is an Artifact that can be run on a computer."@en . + + a owl:NamedIndividual, + ; + rdfs:label "file" ; + rdfs:comment "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.)."@en . + + a owl:NamedIndividual, + ; + rdfs:label "filesystemImage" ; + rdfs:comment "The Element is a file system image that can be written to a disk (or virtual) partition."@en . + + a owl:NamedIndividual, + ; + rdfs:label "firmware" ; + rdfs:comment "The Element provides low level control over a device's hardware."@en . + + a owl:NamedIndividual, + ; + rdfs:label "framework" ; + rdfs:comment "The Element is a software framework."@en . + + a owl:NamedIndividual, + ; + rdfs:label "install" ; + rdfs:comment "The Element is used to install software on disk."@en . + + a owl:NamedIndividual, + ; + rdfs:label "library" ; + rdfs:comment "The Element is a software library."@en . + + a owl:NamedIndividual, + ; + rdfs:label "manifest" ; + rdfs:comment "The Element is a software manifest."@en . + + a owl:NamedIndividual, + ; + rdfs:label "model" ; + rdfs:comment "The Element is a machine learning or artificial intelligence model."@en . + + a owl:NamedIndividual, + ; + rdfs:label "module" ; + rdfs:comment "The Element is a module of a piece of software."@en . + + a owl:NamedIndividual, + ; + rdfs:label "operatingSystem" ; + rdfs:comment "The Element is an operating system."@en . + + a owl:NamedIndividual, + ; + rdfs:label "other" ; + rdfs:comment "The Element doesn't fit into any of the other categories."@en . + + a owl:NamedIndividual, + ; + rdfs:label "patch" ; + rdfs:comment "The Element contains a set of changes to update, fix, or improve another Element."@en . + + a owl:NamedIndividual, + ; + rdfs:label "platform" ; + rdfs:comment "The Element represents a runtime environment."@en . + + a owl:NamedIndividual, + ; + rdfs:label "requirement" ; + rdfs:comment "The Element provides a requirement needed as input for another Element."@en . + + a owl:NamedIndividual, + ; + rdfs:label "source" ; + rdfs:comment "The Element is a single or a collection of source files."@en . + + a owl:NamedIndividual, + ; + rdfs:label "specification" ; + rdfs:comment "The Element is a plan, guideline or strategy how to create, perform or analyze an application."@en . + + a owl:NamedIndividual, + ; + rdfs:label "test" ; + rdfs:comment "The Element is a test used to verify functionality on an software element."@en . + +ns1:ElementCollection a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of Elements, not necessarily with unifying context."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:ProfileIdentifierType ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ns1:profileConformance ], + [ sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:element ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:ElementCollection ] ; + sh:path rdf:type ], + [ sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:rootElement ] . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "no" ; + rdfs:comment "Indicates absence of the field."@en . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "noAssertion" ; + rdfs:comment "Makes no assertion about the field."@en . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "yes" ; + rdfs:comment "Indicates presence of the field."@en . + +ns1:contentType a owl:DatatypeProperty ; + rdfs:comment "Provides information about the content type of an Element or a Property."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Provides a numerical (0-10) representation of the severity of a vulnerability."@en ; + rdfs:range xsd:decimal . + + a owl:DatatypeProperty ; + rdfs:comment "Specifies the CVSS vector string for a vulnerability."@en ; + rdfs:range xsd:string . + +ns1:AnnotationType a owl:Class ; + rdfs:comment "Specifies the type of an annotation."@en . + +ns1:PositiveIntegerRange a owl:Class, + sh:NodeShape ; + rdfs:comment "A tuple of two positive integers that define a range."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:beginIntegerRange ], + [ sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endIntegerRange ] . + + a owl:Class ; + rdfs:comment "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ] . + + a owl:Class ; + rdfs:comment "Specifies the exploit catalog type."@en . + + a owl:Class ; + rdfs:comment "Specifies the type of a content identifier."@en . + + a owl:Class ; + rdfs:comment "Enumeration of the different kinds of SPDX file."@en . + + a owl:Class ; + rdfs:comment "Specifies the unit of energy consumption."@en . + +ns1:Artifact a owl:Class, + sh:NodeShape ; + rdfs:comment "A distinct article or unit within the digital domain."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:builtTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:standardName ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:Artifact ] ; + sh:path rdf:type ], + [ sh:class ns1:Agent ; + sh:nodeKind sh:IRI ; + sh:path ns1:originatedBy ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:validUntilTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:SupportType ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ns1:supportLevel ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:releaseTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ] . + +ns1:RelationshipCompleteness a owl:Class ; + rdfs:comment "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness."@en . + +ns1:SpdxOrganization a owl:NamedIndividual, + ns1:Organization ; + rdfs:comment "An Organization representing the SPDX Project."@en ; + = ; + ns1:creationInfo . + +ns1:comment a owl:DatatypeProperty ; + rdfs:comment """Provide consumers with comments by the creator of the Element about the +Element."""@en ; + rdfs:range xsd:string . + + a owl:Class ; + rdfs:comment "Abstract class representing a License or an OrLaterOperator."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract class for the portion of an AnyLicenseInfo representing a license."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """Abstract class for additional text intended to be added to a License, but +which is not itself a standalone License."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all VEX relationships"@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment """The class that helps note down the quantity of energy consumption and the unit +used for measurement."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:Class ; + rdfs:comment "Specifies the safety risk level."@en . + + a owl:Class ; + rdfs:comment "Categories of confidentiality level."@en . + + a owl:Class ; + rdfs:comment "Specifies the SSVC decision type."@en . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A distinct article or unit related to Software."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ], + [ sh:class ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + +ns1:CreationInfo a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides information about the creation of the Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:Tool ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdUsing ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:created ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Agent ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdBy ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:specVersion ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" ] . + +ns1:IntegrityMethod a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an independently reproducible mechanism that permits verification of a specific Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:IntegrityMethod ] ; + sh:path rdf:type ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ] . + + a owl:Class ; + rdfs:comment "Availability of dataset."@en . + + a owl:Class ; + rdfs:comment "Specifies the VEX justification type."@en . + +ns1:LifecycleScopeType a owl:Class ; + rdfs:comment "Provide an enumerated set of lifecycle phases that can provide context to relationships."@en . + + a owl:Class ; + rdfs:comment "Specifies the CVSS base, temporal, threat, or environmental severity type."@en . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all vulnerability assessments"@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ] . + + a owl:Class ; + rdfs:comment """Provides a set of values to be used to describe the common types of SBOMs that +tools may create."""@en . + +ns1:PresenceType a owl:Class ; + rdfs:comment "Categories of presence or absence."@en . + +ns1:SupportType a owl:Class ; + rdfs:comment "Indicates the type of support that is associated with an artifact."@en . + +ns1:Agent a owl:Class ; + rdfs:comment "Agent represents anything with the potential to act on a system."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + +ns1:ProfileIdentifierType a owl:Class ; + rdfs:comment "Enumeration of the valid profiles."@en . + + a owl:Class ; + rdfs:comment "Abstract class representing a license combination consisting of one or more licenses."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ] . + +ns1:ExternalIdentifierType a owl:Class ; + rdfs:comment "Specifies the type of an external identifier."@en . + +ns1:DictionaryEntry a owl:Class, + sh:NodeShape ; + rdfs:comment "A key with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:value ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:key ] . + + a owl:Class ; + rdfs:comment "Enumeration of dataset types."@en . + +ns1:Element a owl:Class, + sh:NodeShape ; + rdfs:comment "Base domain class from which all other SPDX-3.0 domain classes derive."@en ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:description ], + [ sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:summary ], + [ sh:class ns1:ExternalRef ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalRef ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:class ns1:ExternalIdentifier ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalIdentifier ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:Element ] ; + sh:path rdf:type ], + [ sh:class ns1:CreationInfo ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:creationInfo ], + [ sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:extension ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:name ] . + +ns1:HashAlgorithm a owl:Class ; + rdfs:comment "A mathematical algorithm that maps data of arbitrary size to a bit string."@en . + + a owl:Class ; + rdfs:comment "Provides information about the primary purpose of an Element."@en . + +ns1:ExternalRefType a owl:Class ; + rdfs:comment "Specifies the type of an external reference."@en . + +ns1:RelationshipType a owl:Class ; + rdfs:comment "Information about the relationship between two Elements."@en . + diff --git a/rdf/spdx-model.nt b/rdf/spdx-model.nt new file mode 100644 index 0000000000..711f7e41e4 --- /dev/null +++ b/rdf/spdx-model.nt @@ -0,0 +1,3569 @@ +_:N2a72f2e0c3d44dd5ac4c0633f336d556 . +_:N186b972a57284ae1946b3f7d8e762830 _:N66595c518c6248f69bdca82dccebf454 . +_:N8f24e4128c124ec08b9e80f45a43dd1e "1"^^ . +_:N00d83dee7aa44a7991821a46e83e5164 . + "support" . + . +_:N0c3b30ca2bdf4cb1839bdc608bc41186 . + . + "hasExample" . +_:Nebecc80c7e4045d1b3ad15ab0c1d04ec "1"^^ . + . + "Describes if any sensitive personal information is present in the dataset."@en . +_:N4278c3d777ea4ebd81cd23af80459c2d "1"^^ . + . + . + . +_:Nb4381a5cee3143a482af28cf9a364f3c . + . + . + . + "act" . + . +_:Nce9a69dc19af4e1394f03174c67c5857 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + . + . + "other" . +_:Nc9ddcdf86e874968aa8f5ba821975eb4 . + . + . + _:N1647e706f6764e7d9ec4e0aa8979d0c6 . +_:Nf284f365ba5c4e4da40d7d7900d82744 . +_:N4b7945a329d940d7a4167237a4e60e53 "1"^^ . + "A collection of Elements that have a shared context."@en . + . +_:Nc7b49cc0a08745e08e5ba42ee492184f . + . +_:Ndde9f898797c42b989ef522557debf64 . + . +_:N4f7ca95fbfad4d20810e92ab09220394 _:N95c7a63c89e94f8d9ceb0dd0c34ac9e3 . + . + "modifiedBy" . + . + "System Package Data Exchange (SPDX) Ontology"@en . + . + "Provides a place for the SPDX data creator to record the package URL string\n(in accordance with the Package URL specification) for a software Package."@en . + "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis."@en . +_:N91d11db27b28462b8545b78734a27503 "1"^^ . +_:Na8cf54eee3ac40cca0ed6cfdaef6a576 . + . +_:N2061c93cd5774c61823bf76c952d5242 _:N6369a0cffc0445e888c1e30a54a5be5d . +_:Nbf6c9a626dad41fa8a0422cb3ddab7a3 _:Ndcdb30d7deca45a8bc3e563144933f0e . + . + "republishedBy" . + . + _:Na96bc2776ef4488595f136d0fbac26a6 . + "A license or addition that is not listed on the SPDX License List."@en . + "clear" . + "sourceArtifact" . + . + . +_:Nbc1332652da345c49ad3c948238f404b . + . +_:N516b1b46dbb04f1c953906f0388bf8b4 "1"^^ . +_:Ne3e1ac11e78640fab50085207414679f _:N510a0fe04f844da5bb96208d9e6a563c . + . + "delegatedTo" . +_:Nae8e63939c7c4cf4aa4ba555362d775c . + "A reference to a runtime analysis report for a package."@en . + . + . +_:N89d361d3f1d94de5b28ee82b1d3da3de _:N93d2d1d1dc3e4b7ea516ee004f674bfb . +_:N163fe4499b2a454a9641b23118bf53ae . + . +_:N425d570f86674f7facee623f8d84a311 _:Nbd45f3e248c84b27b2e1a0da67d47a71 . + . +_:N5ddf9ddcd2bc446f8729bd7a23566faf _:N0cac787ed3f3421fa6687df4da790a0c . + . +_:Na1cdda0a73e94e598b769cac4a5a5cb8 . + "A distinct article or unit related to Software."@en . + . + "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package."@en . + . +_:Nebecc80c7e4045d1b3ad15ab0c1d04ec . +_:N58c62d134f5e41d78440946685ecf0cc "1"^^ . +_:Na0242fde5c314aa599a3a00cfb01634c . +_:N68e2aefd82ab40c59cc6c2bfeab0adc4 . + . + . + . +_:N07cb32d0626a45cfbea37a7dd2a8b854 . +_:Ne21f363965114243b81ce67f76575de3 . + "Designates elements as products where the impact of a vulnerability is being\ninvestigated."@en . + "[FALCON](https://falcon-sign.info/falcon.pdf)"@en . + "[Kyber](https://pq-crystals.org/kyber/)"@en . + . +_:N1a0279389d714631b1d12935e9f2b014 _:N70cbc4a60eda4e648df0df882fab278d . + "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)."@en . +_:N4b7945a329d940d7a4167237a4e60e53 . +_:N4881d1614aa0403894d16c3ca276d790 . +_:Ne223bb746dc9463bbbe16ca844619e98 . + . + . +_:Na1cdda0a73e94e598b769cac4a5a5cb8 "1"^^ . + "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)."@en . + . +_:N7368659f06844e79815bdbdeac2b73f3 . +_:Nf71f6300b14a4726a20ffad899bed919 "1"^^ . +_:N8adbab8e05cf4258a0b7e9eedbd03e5f . +_:N66595c518c6248f69bdca82dccebf454 . +_:N6ac0694afb0c40c1bb0988b0569f0cb4 . +_:N52399fdf517c416ebb2e470463b71b5d . + . +_:N38aeb59117654398b393a546eaaa5fd9 . +_:N4f9424fdcb0643a6b8dbd2c83de164a1 _:Ne21f363965114243b81ce67f76575de3 . + "data is stored in tabular format or retrieved from a relational database."@en . +_:Ne3b40c9739164b2eb0ae163374d9c4ac . + "Specifies the type of a content identifier."@en . +_:Na44640dae5c34e6ab6f3759a75426eb0 _:Nbbe9948554644fd8b49899d278739242 . +_:N954579de61d84bef909737ad4568a536 . + . + . +_:Nc51fb19223644705a84f646344b7e9d3 . +_:N9eda1b52fa264730ab0b383d300e1726 "1"^^ . + _:N73f9586a8a7d4b978afcb9cfe998050b . +_:N036299b1f2af44eeb966da8a1217ac9e _:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3 . + . + . + "megajoule" . +_:N4278c3d777ea4ebd81cd23af80459c2d . + . +_:N78c7513398064da1a55c5df1b3c96444 . + "patch" . + . + . + . +_:N264b55b33a4549a6a131d79763879896 . + . +_:N52399fdf517c416ebb2e470463b71b5d _:N40f9e58aac214052a173ad93b4ed57e9 . + . + . +_:N36b7d391e5cf402199bf454d82f5735c _:Nfbd5a9c0923c423a84d0bb8fef89f4a3 . + . +_:N63f963c2c8a4467bb803f9af7eaafd3d . +_:Ne68051bb209048da9a57bc5dbaf28bf0 . + "yes" . + . +_:N30d5cdb21c144005b1d74c81aa0e129e . +_:N37829b662873490d9964f7bbbc300fce _:N3c8c7c06f10e44fea576f974877ed15b . +_:N576b7fbe3ba74572a6eb065c67761847 . + "the element follows the Core profile specification"@en . +_:N4e1bd25f594a483ab492b4c24a5748eb . + "expandedLicensing" . + . +_:N85ad449141be453592e9e80c2bc379f4 . + . +_:N7368659f06844e79815bdbdeac2b73f3 _:N2847f93323fd468eab2b926c5715c994 . +_:N89d38dc48bd64f1d894f7f8c5494c264 . + "The highest level of risk posed by an AI system."@en . +_:N13396ee366a94de388e2aff47754e81f . +_:N6bd3d2cfd9cd4f248e354deb40a851ff . + "specification" . + . +_:Ne68051bb209048da9a57bc5dbaf28bf0 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + . + . + _:N034bf868068348fb92f2f33976cad5ae . +_:Na461e12485ec495f9d16f08504499025 . + . +_:Nc4156282a9c34b6190b0869cdc1793db . +_:N0bf807da343b4645904db560abf69583 . + "blake2b384" . + "the element follows the AI profile specification"@en . + "The result of applying a hash algorithm to an Element."@en . + "Describes one a profile which the creator of this ElementCollection intends to\nconform to."@en . + . + "Used to associate a `from` Artifact with each `to` Vulnerability."@en . + "The Element is data."@en . + "A reference to the issue tracker for a package."@en . + . +_:N132cde65c9b14a1694d400388aecf0cc _:N23a349d7f4a14351adf4c70293152926 . + . +_:Nf26016059c3e414da185e30155b543f5 . + "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element."@en . + _:Ndde9f898797c42b989ef522557debf64 . +_:N4f6d0abf94b14a189b945346f00ba9dc "1"^^ . + . + . + "riskAssessment" . + . +_:N8e672d95ff7d48e68c1ed7ecf019b269 "1"^^ . + . +_:N40f9e58aac214052a173ad93b4ed57e9 _:Nf81435c80dee4c1db825f1917f62e947 . +_:Nb2f2a5ddadbe4718954d50737f92e201 _:Na44640dae5c34e6ab6f3759a75426eb0 . + "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)."@en . + . + . + . + "A reference to a published list of releases for a package."@en . + "Provides information about the creation of the Element."@en . + . + . + . +_:N687efc23ea2c4c0b9a09c9ca45dc49b3 . +_:N329ecc1447f349cc968623ddffe6a2f7 . +_:N963f7603cd844b03bd4631e0713b1635 . + . +_:Ne93ae5d0cb664d7ab2554eaa72a23f25 . + . + "The Element is a software library."@en . + . + "audio" . +_:Nb4381a5cee3143a482af28cf9a364f3c . + "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."@en . +_:Nc3c21678fc9a459784f054a6954a9aa8 . +_:Na96bc2776ef4488595f136d0fbac26a6 . + . + . + . +_:N8adbab8e05cf4258a0b7e9eedbd03e5f . +_:N731241b6024d4e109893eb1354404ec5 _:N897df0f6e23b488988a2d2db8aad5bc4 . + "directory" . + "Refers to one or more Elements that are part of an ElementCollection."@en . + . + "A relationship has specific context implications during an element's design."@en . +_:N58b8de667bb54771976a5e86a8a8139a . +_:Nbd47cac50394462f9015e00ec4b449a6 . + "buildSystem" . +_:N894cee407d8747ec8adc2f05ce722a86 "1"^^ . +_:N00fcf1f501a749fc9cbbdbdf23a7aaa8 "1"^^ . +_:Nda71586c3c6541b4a6a907d316dca405 "1"^^ . + . +_:N34cf4751490f48f9852ff2fa143a6321 _:Nd1b797da281643468add752e036349fd . + . + "filesystemImage" . + "Specifies the version of a VEX statement."@en . +_:N942417ca6d844df0914d75b099a457f8 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . +_:N9c1ccbc2b86f454395a450f736b67eec . + . + "framework" . + . +_:N9dbe04a2eaac4271aafe4a7650ec4e15 _:N261545ecf40d4f65bf47dc050598e90f . + . +_:N45b62edbd5f3406dba20232288ec19fd "1"^^ . + . + . + . +_:Na3925605d49b4db382603ae946c37f51 . +_:Ndb06ff981cef4e94bfdbec22badacd4d "1"^^ . +_:N9bd771ac02cc41519919a01d4deca105 . + "releaseNotes" . +_:N41fda4edc0294fce84cdb5688d8ef9ef _:Ne06f01bddfb24f69a9e1c0ba9694b11d . + . + . + . + . + . + . + "Specifies the CVSS vector string for a vulnerability."@en . +_:N3d9237b249544033acbf7d94cac2b424 . +_:N2b7fa052bf664f2a9e1923831d282602 _:Na5ef7f1675b84ce99e4f4ca36d200a91 . +_:N8e672d95ff7d48e68c1ed7ecf019b269 . +_:N74551d5c49b94ece99a5fdec0d58d233 . +_:N034bf868068348fb92f2f33976cad5ae . + . + . + "The `from` Element has been trained on the `to` Element(s)."@en . + . +_:N62b8677868664944abc9f19745aed957 . +_:Nc3c21678fc9a459784f054a6954a9aa8 . + "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period."@en . +_:Nb850dda843534d3ab3ffbadf70766fef . +_:N4aa1ea2c440f4aecb7a6656a599fbf22 . + "sha3_256" . + "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)."@en . + "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs."@en . +_:Ne11c75cafdb0438299216847b06716cf "1"^^ . + . +_:N5a2b8b0073a54a3db4d6092f1c5043ed "1"^^ . +_:Na2b089e6c69d4697ae4de61d18f020f7 . + "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package."@en . + "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period."@en . + _:N0bf807da343b4645904db560abf69583 . +_:N615be2b8b7174608b24884d12a2039ad _:N37829b662873490d9964f7bbbc300fce . + "patchedBy" . + "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships."@en . +_:N894cee407d8747ec8adc2f05ce722a86 . + _:Ne20cfbefa1424ba79abfc89287f1eef3 . + . +_:N00fcf1f501a749fc9cbbdbdf23a7aaa8 . +_:Nb40076de31ba4cc08826656559e10385 _:N59f692071bb64860ab9f02cfb4670088 . +_:Nda71586c3c6541b4a6a907d316dca405 . +_:N7a48123f699948b5867af1fec0d7b88e . + . + . +_:Nc8b9ea4213214eccb17ccccf3790161d "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + "A reference to metrics related to package such as OpenSSF scorecards."@en . +_:Na8cf54eee3ac40cca0ed6cfdaef6a576 . +_:Nae7b37ebeef141519b9f1102ae1b30c5 . +_:N0713bbcf2b1f4e23b912a81e12b5d270 . + . +_:N542022ab56194a2184bd872572ca204b . + . + "buildMeta" . + _:Nce9a69dc19af4e1394f03174c67c5857 . +_:Nf44042158d4d4c85a5bd6a0fcb538498 . + . +_:Nf5531d9c16ff4f589dff19f480634c29 "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" . + . +_:N991d42b910e64656b45d7c4ce9e7f5e3 _:N734a831b529349fb969fd328dc6dcb1c . +_:N565a78360e28494ea80897aadf944c0c . + . + "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under."@en . + . +_:N5b2278fb3a8e4e239193a033f8b4bf04 . + "publishedBy" . + . + _:N4f6d0abf94b14a189b945346f00ba9dc . + "hasDependencyManifest" . + "Dataset may be distributed freely, without restriction."@en . + _:N0781395df11e44a6a3186f0fa8908958 . +_:N5a2b8b0073a54a3db4d6092f1c5043ed . + . + "Provides information about the primary purpose of an Element."@en . + "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."@en . + . +_:N763c69315ee040a88ca27b5205984626 . + "Specifies the unit of energy consumption."@en . + "sensor" . + . + . + "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)."@en . + "Captures the threshold that was used for computation of a metric described in\nthe metric field."@en . + "Specifies whether the License is listed as free by the\nFree Software Foundation (FSF)."@en . + . +_:N80dc66a1ccec469392596c5291fa2864 . +_:Nebecc80c7e4045d1b3ad15ab0c1d04ec . +_:N9b9dc778bc5c415fad7f82cf4f6047d2 _:N68767751c5f64fc1afe82f2dcbae6636 . + "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc."@en . + . + "A reference to a risk assessment for a package."@en . + "A tuple of two positive integers that define a range."@en . +_:Na2b089e6c69d4697ae4de61d18f020f7 . + . + . +_:Ne820a8ec67114d53b03a71f5f7be31f5 "1"^^ . +_:N105628f6c8b040edb9db617f35f30bec . + "the dataset is publicly available and can be downloaded directly."@en . + . + "sha224" . + . +_:Ne11c75cafdb0438299216847b06716cf . + "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element)."@en . + "References the Element on the left-hand side of a relationship."@en . + "Specifies the exploit catalog type."@en . +_:N7c7a260c778e4d4491ba75a0fe083ebe "1"^^ . +_:Nd6f4245b3ebe44e6b100782b191deb97 _:Nf58f6bed32c5414ca98526a5d6a7b6dc . +_:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0 . + . + . + "A reference to funding information related to a package."@en . + "securityOther" . + . +_:N9ed65925a89e40e8b7faaa925d739c72 . + _:Nc51fb19223644705a84f646344b7e9d3 . +_:Na2b089e6c69d4697ae4de61d18f020f7 "1"^^ . + . + . +_:N58c62d134f5e41d78440946685ecf0cc . + . + . +_:N230a41f8c8d549b8844a37595ce56867 . + "securityFix" . +_:N13396ee366a94de388e2aff47754e81f . + . +_:Ne3b40c9739164b2eb0ae163374d9c4ac . +_:Nda71586c3c6541b4a6a907d316dca405 "1"^^ . +_:N10002d3538094764a9c6d3893234cd04 _:N037a9f94d4da4593a56a6804fca57483 . +_:N210fbcf85b384009a2cee68e4a7e6b78 . + . + "The relationship is known to be exhaustive."@en . +_:N4f6d0abf94b14a189b945346f00ba9dc . +_:N682abb8a6bbc40e9947aa2d9d66eec4d _:N4571ded3acc34f068931feecaa278a44 . +_:N2056bd91659a4260a6eb99a0cbdd9f14 . + . + . + _:N825f749765e348a0abfef75f63c1588a . + . + _:N53970517ea09401691d51549f8e0fd90 . + . +_:Naf01116eff7c4759be95f8f97c257d9c "1"^^ . +_:Nf44042158d4d4c85a5bd6a0fcb538498 . +_:N07868b0098174c478ac47f3fbc946ff0 . + . +_:N53970517ea09401691d51549f8e0fd90 "1"^^ . +_:N1314ef461724483f9bd5c56d939b17c4 _:N4dcad64fd9cf4af2b8d6ea98d6c5450a . + . + "Provides the location of an external reference."@en . + . + _:N10f5cc15b506459db381c02764d60e76 . + . + _:Nd3d538fe1cb544b5808c51dffd844c81 . + "Identifies who or what created the Element."@en . + . + "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`."@en . + _:Nd11df36dd5014f759eab790e847b9857 . + "hasVariant" . + "deployed" . + "The `from` Element depends on each `to` Element, during a LifecycleScopeType period."@en . + . + . + . + . +_:N510a0fe04f844da5bb96208d9e6a563c . + . +_:N7c7a260c778e4d4491ba75a0fe083ebe . +_:N6369a0cffc0445e888c1e30a54a5be5d . + . + . + "Describes relevant information about different steps of the training process."@en . +_:N3c8c7c06f10e44fea576f974877ed15b . + "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition."@en . +_:N3c163fcab8684aa09c61e78b4cbb9b38 "1"^^ . +_:N77f1a43a35e5447c83116261ae574acc . +_:N329ecc1447f349cc968623ddffe6a2f7 . + . +_:Nae7b37ebeef141519b9f1102ae1b30c5 _:N682abb8a6bbc40e9947aa2d9d66eec4d . + _:N786a3eaa8fbe4cf0bb67c4e086fa8b5b . + "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element."@en . + . +_:N0274510beacf46b0b7cd7048ff3cbb4d _:N3b50e4323e8b4d388d8d522e18a49070 . + . +_:N4aa1ea2c440f4aecb7a6656a599fbf22 . +_:Nc704d39d408f41caa9805e140ff0016a . + "A reference to the security adversary model for a package."@en . + "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period."@en . + "eolNotice" . +_:N954579de61d84bef909737ad4568a536 _:N48b3e9d109d34fdeaa6cbef58c05c171 . +_:Nc4156282a9c34b6190b0869cdc1793db . +_:N5ddf9ddcd2bc446f8729bd7a23566faf . +_:Nb40076de31ba4cc08826656559e10385 . +_:N91d11db27b28462b8545b78734a27503 . + . + "sha512" . +_:N8adbab8e05cf4258a0b7e9eedbd03e5f . + . + "track" . +_:N79b4dcdd054d4ca8a87fc86377c9366b _:N30d1dbbf97fb456eb18d38b76c8004d3 . + . + _:N7a66c734ced842b4913ff95c5f5cf452 . +_:N5ab248e680454bbcb3ed254de24ac49f "1"^^ . +_:N4182e8c878544ebb842682b1ece2bd3a _:Nae7b37ebeef141519b9f1102ae1b30c5 . + _:Na42e3794f624483e818646ed683c5ba2 . + "An entity that is authorized to issue identification credentials."@en . + "medium" . +_:N7f095ac56c3e4bccbcd4348b29980439 . +_:Nf142b126cd744b69be8d6c35ee1361e4 . +_:Ndbf7c5384f2242b98dd62b6a8d6a503f . + . + . + "This individual element was defined by the spec."@en . +_:N83935261300041758021c5a3fbdae6c0 _:N7368659f06844e79815bdbdeac2b73f3 . + "syntactic" . + "The Element is an archived collection of one or more files (.tar, .zip, etc.)."@en . + "graph" . +_:Na79e142094fb464da3de3ceb4108e4ff _:N28c7097edd884a9b92697ec6b6729dc9 . + . +_:N5b2e4dda703849e4933338ff0970e968 . + . +_:Naf01116eff7c4759be95f8f97c257d9c . +_:N68e2aefd82ab40c59cc6c2bfeab0adc4 "1"^^ . + . +_:N87131d5acc2b478ba16230f714aa0bb0 . +_:N27a8c8f61e944083abcc670fe4586df8 . + . + . + . +_:Na3925605d49b4db382603ae946c37f51 . + "software" . + "A reference to a certification report for a package from an accredited/independent body."@en . + . +_:Naa7e95f812804669b3e89daed8d27b21 . + "Used when someone reviews the Element."@en . +_:Nc7f12b88e8f5489dacbbfeb81192696a . + "Dataset can be shared within a community of peers and partners."@en . + . + . +_:Ndde9f898797c42b989ef522557debf64 . +_:Ncae19f1586924a439b37e75eb5b57ed4 . +_:N96120491adc84204822952240ddadf13 . + . +_:N39638ea4b52f4236b7a808cb979d2f4b . +_:Na1ce1658c3be4bc0b082944caae9ddea "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . +_:N328adb4bb1ec422084a2169890188a03 "1"^^ . +_:N507c6135f8424e8db67fe59ae93eb464 . +_:N8692a82c280845c3a6fa37c02ddae229 . + . + . + _:N3c163fcab8684aa09c61e78b4cbb9b38 . + "Provides a detailed description of the Element."@en . + . + _:N07cb32d0626a45cfbea37a7dd2a8b854 . +_:N942417ca6d844df0914d75b099a457f8 . + "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms."@en . + . + . + "red" . + "swhid" . +_:N8b86dbc23a22407a9380fbd9376d3b83 . +_:N07cb32d0626a45cfbea37a7dd2a8b854 . +_:N510a0fe04f844da5bb96208d9e6a563c _:N9dbe04a2eaac4271aafe4a7650ec4e15 . + . +_:Nef3e82bf7eac41aa8dc101eabd0f1815 _:N4ac93d52ef544d5cb73aeaeb279b7567 . + "Property describing a parameter used in an instance of a build."@en . +_:Nfcc30e48020d4dd2b3493a0cd55ea457 "1"^^ . +_:N27a8c8f61e944083abcc670fe4586df8 . +_:N0b728d22a9674ecc87af12fde5aae61c . + "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected."@en . +_:Nf507b9bee5ae4254bafe4ce3c72a9f18 "1"^^ . + "Specifies the amount of energy consumed during inference time by an AI model\nthat is being used in the AI system."@en . + . + "A License participating in a 'with addition' model."@en . +_:Nb6e99584403541df96486fcac6d79017 . +_:Nc15495aea74e4883afce40f042a057d5 _:N58c3f747313349d396ead702e2de2953 . +_:N14d7232930234cad917631e1993d7ccd . + "Specifies the time an artifact was released."@en . +_:Ndb06ff981cef4e94bfdbec22badacd4d . + "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.)."@en . +_:N65301d1be04341678842dfc049e2a33c "1"^^ . + . + . + . + . + _:N269b628c85f04f5d8a10fa3c500745a4 . +_:N264b55b33a4549a6a131d79763879896 _:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0 . +_:Nc82d9b6d9a4a40d6b95e4cd04612ac98 _:N4ad4011b5f8c44cbb3e76f5da0885cfd . + . + . +_:N516b1b46dbb04f1c953906f0388bf8b4 . +_:N722c45f262084ffa9b063b852952397b . + "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent."@en . + . +_:N8a37deb026864cdca312209746e2caaa . + "dependsOn" . + "A reference to binary artifacts related to a package."@en . +_:N0e471571470240e5872be57bfd58fed9 . +_:Naa7e95f812804669b3e89daed8d27b21 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + . + "Specifies an Element contained in a piece of software where a vulnerability was\nfound."@en . + . +_:N45481eab750645b4929b7b63c8ca7916 _:Nf94717c65e4f4b86b4df261ecf26650d . +_:Ne820a8ec67114d53b03a71f5f7be31f5 . + "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)."@en . +_:N5e678b3ba38745b58c0103b8e085d5c8 . + "The Element is a software manifest."@en . + . +_:N7f2c8d25f5df4c27b35c70d38090eab3 . + . + . +_:N1a8882804ac24104946e7afa0b36905a . + "Specifies the algorithm used for calculating the hash value."@en . + "endOfSupport" . + . + _:N85ad449141be453592e9e80c2bc379f4 . + . + "Identifies from where or whom the Element originally came."@en . +_:N328adb4bb1ec422084a2169890188a03 . + _:Ne81afbff18a74c75ac853da24ab327a0 . + "affects" . + "incomplete" . +_:Nabd40767fbd84edea7e048b911a681e4 _:Ncba4137ebcf84a728acd12bde91130e9 . + "Provides an IntegrityMethod with which the integrity of an Element can be\nasserted."@en . +_:N61b9a25cae674e199ce6572456d8e72f "1"^^ . + . +_:N00d83dee7aa44a7991821a46e83e5164 "1"^^ . +_:Nc4286224070a4248ad8590c45a7c8bc6 _:N425d570f86674f7facee623f8d84a311 . +_:Na3d930b22d4f462cb8bcb86adb108e16 . +_:Nd73c69088f734dffb4cc9539c637aecf . + _:Nadd5d6fa295c47ee82d49e5fde059110 . +_:N6f8ca85700744b0e9f7a8672675d1dca "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + . + "Captures the size of the dataset."@en . + . + _:Nf507b9bee5ae4254bafe4ce3c72a9f18 . + . +_:N1aac3c1c2ffb45d79910e133d9ec02f9 _:N3c34004e669a4f809790739b55299420 . + . + "hasAssociatedVulnerability" . +_:Ne03121e956234709bc0f8f288597ff50 _:N261c61aa119e4f4e9ce3c9387fb29c9f . +_:N40bcef929ef64825a68929a36aefa27c . + "falcon" . + "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day."@en . + . +_:Nc82d9b6d9a4a40d6b95e4cd04612ac98 . +_:N1256cfafa26e453a9d5f8b08cc5920d7 . + _:N90cb783276d74a2881e21a08abf01e2f . +_:N61b9a25cae674e199ce6572456d8e72f . +_:N74551d5c49b94ece99a5fdec0d58d233 "1"^^ . + _:Nc3c21678fc9a459784f054a6954a9aa8 . +_:N00d83dee7aa44a7991821a46e83e5164 _:N2456bf573caa4efeab27607dfed5a451 . + . + "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)"@en . + "The Element is a software framework."@en . + . +_:Nda791debefe5491aa84d61433873c630 . +_:N93d2d1d1dc3e4b7ea516ee004f674bfb _:Nc71de92f1cc649fcab4d77d974dac329 . + "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset."@en . +_:N916e8c3c85774fcd96b700a20240ca75 . +_:Nb2747510507b404f9243bfd7225f629d _:Nc9235a4485e64fff9b1298095061a58e . +_:N904326509fc04cc4be66ea123ed9fdc4 "1"^^ . +_:Nc63741a7112e471ba97ce37e05f2dac1 . +_:N50c6944cf3544d0ab17d40d70d7715c3 . + . + . +_:N53970517ea09401691d51549f8e0fd90 . + "Specifies the type of an annotation."@en . +_:N9b79adf6684a4d328dc28ae0ee98d95d . + . + "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships."@en . +_:N45b62edbd5f3406dba20232288ec19fd . + . + . +_:Nf9bf03371d92462f91a54baa946fd625 . + "the element follows the SimpleLicensing profile specification"@en . + "releaseHistory" . + "none" . + . +_:N10f5cc15b506459db381c02764d60e76 _:Ne41f054fce23460dba46863153e67567 . + . +_:Ndaeba75fb43b4db7b777e9b00ecd7064 . + . +_:N8bdb3da6da754d98843024e1dcbe3e43 _:Ndc659c8552d54ab684aadbdacdbd7a8d . +_:Nd05558aa816f416f8c26895bb8d1d9bb . + "Describes the confidentiality level of the data points contained in the dataset."@en . + . + . + "requirement" . +_:N97120636b11b4b158892706019486fb5 _:N89d38dc48bd64f1d894f7f8c5494c264 . +_:N96c753d614db4e7b844bcb3b5f9ff291 _:N168bcfc831bd4f85b6a82742eb7ad4f5 . + . +_:Ndb31c53559be41e0b28e79b74da0b557 . +_:N425d570f86674f7facee623f8d84a311 . + . +_:N38e1279dca3f4e53be4eb3245a0e4ec2 . +_:N916e8c3c85774fcd96b700a20240ca75 _:Ne976bc717eb6446291a939038610ee2c . + . + _:Nbc1332652da345c49ad3c948238f404b . + . + "The relative file name of a file to be excluded from the\n`PackageVerificationCode`."@en . + . + . +_:N894cee407d8747ec8adc2f05ce722a86 . + . + "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet."@en . +_:Ne7cb91f8739a4acdb1e220785f261efb . +_:N77f1a43a35e5447c83116261ae574acc _:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0 . +_:N94e6bbd4fb004035a4cbdb3e969a1fbb . + . + . + . + "Capture the scope of information about a specific relationship between elements."@en . + . + . + "hasRequirement" . + "socialMedia" . +_:N328adb4bb1ec422084a2169890188a03 "1"^^ . +_:N8692a82c280845c3a6fa37c02ddae229 "1"^^ . + . +_:N825f749765e348a0abfef75f63c1588a . + . + . + . +_:Nc4156282a9c34b6190b0869cdc1793db . + . +_:N75f6c4472b7b45349200afcce0dbacef . + _:N58c62d134f5e41d78440946685ecf0cc . + . +_:N2b7fa052bf664f2a9e1923831d282602 . +_:N250a4372ab014e66ba3eec07accb85dc . + . +_:N74551d5c49b94ece99a5fdec0d58d233 . + . +_:N163fe4499b2a454a9641b23118bf53ae . +_:Ne976bc717eb6446291a939038610ee2c _:Nc5485992ed4e4cbea07fa6d87ee716ac . + "Captures a standard that is being complied with."@en . + . +_:N716ee87802fd4b6f98bfcff38ca5ff8a . + . + "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent."@en . +_:N4881d1614aa0403894d16c3ca276d790 "1"^^ . + . + "The software is not affected because the vulnerable component is not in the product."@en . + . +_:N53970517ea09401691d51549f8e0fd90 . +_:N461fe7f9c28b4d81a4fb17726fc9adf6 . +_:Nf5531d9c16ff4f589dff19f480634c29 . +_:N105628f6c8b040edb9db617f35f30bec "1"^^ . + "Megajoule."@en . + . +_:Nb850dda843534d3ab3ffbadf70766fef "1"^^ . + _:Ne820a8ec67114d53b03a71f5f7be31f5 . + . + "A reference to the instant messaging system used by the maintainer for a package."@en . + . + _:Nbd47cac50394462f9015e00ec4b449a6 . + "numeric" . +_:N4d92ede494e34e51ba6eca91292dc0dc . +_:N91d11db27b28462b8545b78734a27503 _:N1a8882804ac24104946e7afa0b36905a . +_:Nf81435c80dee4c1db825f1917f62e947 _:N507c6135f8424e8db67fe59ae93eb464 . +_:Na3743aad0c334d06a729f81988609c9f _:N7f2c8d25f5df4c27b35c70d38090eab3 . +_:N82b5fa65536b400a809bd5f3104f6ec0 _:Ndfe4dc1d7d574b10a92ee8955837ad9d . + "usesTool" . + . + "A reference to an alternative download location."@en . + . + . +_:N0b353053b3cd41e89351acf39abb719c . + . + . +_:Na449b0b56e3540618b2a2698204edde9 . + "nuget" . + "data is video based, such as a collection of movie clips featuring Tom Hanks."@en . + . +_:Nae8e63939c7c4cf4aa4ba555362d775c . +_:Nfa72871f5924444491d18910ec431abb . + "A reference build system used to create or publish the package."@en . +_:Nd77657e0b19d459c931f64f48ed7e1a6 . +_:Nd90adf23ae66491daa68ac6dd4501bdf _:N243ef6907efb40d38e00f4430d63fc19 . +_:N93d2d1d1dc3e4b7ea516ee004f674bfb . + . + "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period."@en . +_:N25b71b41baf8408a91b66336f376a5b6 . + . +_:N30d5cdb21c144005b1d74c81aa0e129e . + . + . +_:Nc37985fef6884679b49d387a2ef08d3f . + _:N105628f6c8b040edb9db617f35f30bec . +_:Nd11df36dd5014f759eab790e847b9857 . + "Identifies when the Element was originally created."@en . + . + . +_:N565a78360e28494ea80897aadf944c0c _:N3d9237b249544033acbf7d94cac2b424 . + . +_:Ncc35596b6f164968b0bd35143cbc52ea _:N0dc54ccc3f8d4afe897d7be97f9f6928 . +_:Nfc3f4dc279d7471b83aa1a9df09f8d3f . +_:N4881d1614aa0403894d16c3ca276d790 . + "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM."@en . +_:N64ae0543871444f6b7d2a497fcf55186 _:Na0242fde5c314aa599a3a00cfb01634c . +_:Nd90adf23ae66491daa68ac6dd4501bdf . + "data is a collection of images such as pictures of animals."@en . + . + . +_:N5eab3a0a527f4705bdb2f04b7c39e36c _:Nb6e99584403541df96486fcac6d79017 . + . + . +_:Nb07efffce0ba43a2bcac0e3a90a48609 _:Nb245e59ae52342bea2f1feb05bb80e79 . + . +_:N34cf4751490f48f9852ff2fa143a6321 . +_:N377b547285074591a904911ef1fc1977 . + . + . + . + . + "Specifies until when the artifact can be used before its usage needs to be\nreassessed."@en . +_:Ne976bc717eb6446291a939038610ee2c . + "data consists only of numeric entries."@en . +_:Ncba4137ebcf84a728acd12bde91130e9 . + . +_:Nb916f2dfc1c640bd8e0dac9bb5956172 . + "The `from` Element has been copied to each `to` Element."@en . + "operatingSystem" . + "The Element contains a set of changes to update, fix, or improve another Element."@en . + "When a CVSS score is between 7.0 - 8.9"@en . + "swid" . +_:N91adaf3024344ddcbcbf3f943faaad6b . +_:Nf6a05248229d4fe292d04534a4c4573d . +_:N7a66c734ced842b4913ff95c5f5cf452 . + _:Nad909dcc4fad4339a9eb809fabd6a871 . + "Provide an enumerated set of lifecycle phases that can provide context to relationships."@en . + "vulnerabilityDisclosureReport" . +_:N33da303c78e142a2acc0db12f3ee6686 _:Nedaa28cbd856413e95e7805cf2d255dd . + . + . +_:N8bdb3da6da754d98843024e1dcbe3e43 . +_:N8ec4229c1a674693bde766506ca93e87 _:N5f694c64068844ca80652791ca7749d9 . + . + . + "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)."@en . + "data is audio based, such as a collection of music from the 80s."@en . + "The product is not affected because the code underlying the vulnerability is not present in the product."@en . +_:Nc8b9ea4213214eccb17ccccf3790161d . +_:N4f6d0abf94b14a189b945346f00ba9dc . + . +_:N2dbc8b0a30da433a94050a3ab1190bb8 . +_:Nb4381a5cee3143a482af28cf9a364f3c "1"^^ . +_:Nd33af007bad14a4594f7039df1c5df75 . +_:Na267e7b88a344e4fbd0c59a6dc760e65 . +_:N1a0a0b40de254f55a8372bba19b60496 . + "A reference to the release notes for a package."@en . + . +_:N694be39aecbe44d49f3850275de952ec _:N29cadfcf5dfa4e73b1b0f56fa6e4352f . +_:Nfbb5f5e996be44989d31d47d46540443 . + . +_:Nc7b49cc0a08745e08e5ba42ee492184f . + "The `from` Element is available from the additional supplier described by each `to` Element."@en . +_:Nf4609fa7f53e4898a47341b507b5e03e . + _:N91adaf3024344ddcbcbf3f943faaad6b . +_:Nd2a11bb8a1a14a82994d02e9dd610275 . + _:N4382805b6a5947d38ffcfd8b182bddbf . +_:N79e0fdc8a753446e8e1931aab90b02ae "1"^^ . + . + "the element follows the ExpandedLicensing profile specification"@en . + . + . + "An SPDX version 2.X compatible verification method for software packages."@en . + "fixedBy" . +_:Ne778a773be4f408192f2ed37c6143a5d . + _:N2a72f2e0c3d44dd5ac4c0633f336d556 . +_:N5e678b3ba38745b58c0103b8e085d5c8 . +_:Ncb6c9deb0ba44382a0b957b7ea80228c . +_:N8ad3af20ea5248df91865def0b7a98de _:Nd0d48abef81b4c44a952c0925a6e30a9 . +_:N1dd7c94072d1478ca91bee2c7af967a8 . + . +_:Nda791debefe5491aa84d61433873c630 . + "md5" . +_:N8358def5fd2b4668b759d786315e799f . + "vulnerabilityExploitabilityAssessment" . +_:Nddcc9ac569c4442b894f208d7722b4f8 . + _:N65301d1be04341678842dfc049e2a33c . + . + . + . + . +_:Na00b6f47e860415881f7e8a524a04316 _:Nf6f1751e3ea84341bdeec66f7c44a8ce . + . + . +_:N694e3d4238ff4006b46b450b91f4179a . +_:Ndc4f18efad334d78a498ea9df84fbd02 . + . + _:N329ecc1447f349cc968623ddffe6a2f7 . +_:N261545ecf40d4f65bf47dc050598e90f _:N451bba51c46a4c9d9a2343aef3356453 . +_:Nd1b797da281643468add752e036349fd . + "A license that is listed on the SPDX License List."@en . + "data is recorded from a physical sensor, such as a thermometer reading or biometric device."@en . +_:Nddcc9ac569c4442b894f208d7722b4f8 . +_:Nbb0a3a63cdba4f078c6de6eef7ff6579 . + . +_:N5eab3a0a527f4705bdb2f04b7c39e36c . + . + . +_:N9bd771ac02cc41519919a01d4deca105 . + "The Element is the evidence that a specification or requirement has been fulfilled."@en . +_:Nc63741a7112e471ba97ce37e05f2dac1 . + . + . + . +_:N315dc3dd043c41a49ffaaba74d10eeb0 . + "securityPolicy" . +_:Nb916f2dfc1c640bd8e0dac9bb5956172 . + . + "amber" . + . +_:N40f9e58aac214052a173ad93b4ed57e9 . + . +_:N29cadfcf5dfa4e73b1b0f56fa6e4352f . + "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period."@en . +_:Na3d930b22d4f462cb8bcb86adb108e16 _:N236307149ca247fcad8df1b0dd41fcfc . +_:Nce9a69dc19af4e1394f03174c67c5857 . +_:N10f5cc15b506459db381c02764d60e76 "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . +_:N4c8c5257e6c144099de859c3f43b1961 . +_:N963f7603cd844b03bd4631e0713b1635 "2"^^ . + . +_:Ne20cfbefa1424ba79abfc89287f1eef3 . + . +_:N07cb32d0626a45cfbea37a7dd2a8b854 "1"^^ . + . +_:N3b50e4323e8b4d388d8d522e18a49070 . + . + "Data points in the dataset are highly confidential and can only be shared with named recipients."@en . +_:Ne883dfda4a7445ceb1e70f39ddd03fea . +_:Na267e7b88a344e4fbd0c59a6dc760e65 _:N89d361d3f1d94de5b28ee82b1d3da3de . + . +_:N91adaf3024344ddcbcbf3f943faaad6b . + . +_:N904326509fc04cc4be66ea123ed9fdc4 . +_:Nca9532c3dd0b421e95d0800b68e3442a . +_:N79e0fdc8a753446e8e1931aab90b02ae . + "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + _:N3ba51db196c04386ae47cb64aab6c95c . + . + "Records the biases that the dataset is known to encompass."@en . + . +_:Nd8679c5e3311467ca097a4151ac8fa54 . + "timeseries" . +_:Nc7f12b88e8f5489dacbbfeb81192696a "1"^^ . + "Indicates the type of support that is associated with an artifact."@en . + . +_:Ned1f0afb78d3460c9478383abf3da36b . + . + "A relationship has specific context implications during development phase of an element."@en . + "hasDataFile" . + . + . +_:Nf284f365ba5c4e4da40d7d7900d82744 "1"^^ . +_:Na449b0b56e3540618b2a2698204edde9 _:Ndc4add4edebe43f4821fb10dd712e481 . +_:Ndc4add4edebe43f4821fb10dd712e481 . + "Specifies whether an additional text identifier has been marked as deprecated."@en . + . +_:N28c7097edd884a9b92697ec6b6729dc9 _:N02fadd3757064be6a0b797d8675b611e . +_:Ne81afbff18a74c75ac853da24ab327a0 . + . +_:Nc63741a7112e471ba97ce37e05f2dac1 . + . + "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3."@en . + "An element of hardware and/or software utilized to carry out a particular function."@en . +_:N5d195bb929fc404584503e9c9b17a526 . + . +_:Naf01116eff7c4759be95f8f97c257d9c "1"^^ . + _:N626b5ad29167479dabae9a9177315404 . +_:N3c8c7c06f10e44fea576f974877ed15b _:N79b4dcdd054d4ca8a87fc86377c9366b . + _:N87131d5acc2b478ba16230f714aa0bb0 . +_:Nf3c62ca118b94d17a1ef6b04e407421c _:N186b972a57284ae1946b3f7d8e762830 . +_:N9ed65925a89e40e8b7faaa925d739c72 . + . + . +_:N722c45f262084ffa9b063b852952397b _:Nf4609fa7f53e4898a47341b507b5e03e . + "development" . +_:N63f963c2c8a4467bb803f9af7eaafd3d "1"^^ . + . +_:Nba03adbea09d477299a596cac9fd8319 . + "The Element is an operating system."@en . +_:N024478cff6eb4ef48dc45dabdb7b0a35 "1"^^ . + _:Nff33e8337dc8421d9e74b338e35a75d5 . + _:N7c9974a53d5443c5831f3e7dc56073d0 . +_:Nbd47cac50394462f9015e00ec4b449a6 "1"^^ . +_:N8adbab8e05cf4258a0b7e9eedbd03e5f _:N7eb015d497fc4c09bb8530f59c65624d . + . + . +_:N348ad67a2abe4f9d929b1e20acc594b5 . + "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)."@en . + "Property describing the session in which a build is invoked."@en . +_:N82b5fa65536b400a809bd5f3104f6ec0 . +_:N3bf9008e5422473bb689602da04ccca1 "1"^^ . +_:Nad909dcc4fad4339a9eb809fabd6a871 . + . + . + "altDownloadLocation" . + . + . + "Provides a numerical (0-10) representation of the severity of a vulnerability."@en . +_:N6eb9ec15081f404a99935ff4e2aaa14b . +_:N7676f1bbd99e47659502f87b9936453e . + "Enumeration of dataset types."@en . +_:N98018fef19484e2fae944af82b21920e . +_:Nc704d39d408f41caa9805e140ff0016a . +_:N328adb4bb1ec422084a2169890188a03 . +_:N1314ef461724483f9bd5c56d939b17c4 . + "The `from` archive expands out as an artifact described by each `to` Element."@en . +_:N7676f1bbd99e47659502f87b9936453e _:N5b2278fb3a8e4e239193a033f8b4bf04 . +_:N9a582f09d0b7426d81ae74b09a5ed252 _:N7f095ac56c3e4bccbcd4348b29980439 . +_:Nb3e77cdb9a14442eafb0659c7081c110 . + _:Nf26016059c3e414da185e30155b543f5 . +_:Ndb31c53559be41e0b28e79b74da0b557 . + "install" . + . + . + "Identifies all the text and metadata associated with a license in the license\nXML format."@en . +_:N72dd028519c2443b94229cfc4a2639bc . +_:N5912892962274966938ef83f3f23c015 . +_:N6f8ca85700744b0e9f7a8672675d1dca . +_:N30d1dbbf97fb456eb18d38b76c8004d3 _:Nece0b4f721a847f98727202b50f4a753 . + . + . + "Availability of dataset."@en . +_:N894cee407d8747ec8adc2f05ce722a86 . +_:Nc9ccffdec66347509395f75c9845128f "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + . +_:N576b7fbe3ba74572a6eb065c67761847 . + . + . + . + "fixedIn" . + . + "other" . +_:N4ad4011b5f8c44cbb3e76f5da0885cfd _:N9e3f2c4f96904bddb1aa46c01701b0f6 . +_:N38aeb59117654398b393a546eaaa5fd9 _:N17c879855daa4fd7b7d7ef9da34e7ea6 . + . +_:Nce436d556d4e4606ba37d9ad32d22967 . + . +_:Nfcc30e48020d4dd2b3493a0cd55ea457 . + . + "Uniquely identifies an external element."@en . +_:N024478cff6eb4ef48dc45dabdb7b0a35 . + . + . + . + "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period."@en . + . + "This ontology defines the terms and relationships used in the SPDX specification to describe system packages"@en . +_:Nd951591fca6c47c2985dd159db6ad52c . +_:Na96bc2776ef4488595f136d0fbac26a6 . +_:N61b9a25cae674e199ce6572456d8e72f . + . +_:N694be39aecbe44d49f3850275de952ec . +_:N7b50bf552c054e5baab961ecc882b722 . +_:Nbd013d07f45a42d99931fe619ee4ca95 _:N7583808b54c947658126a7846ad7cc76 . +_:Nbbbec88245754e9d9390b9a11f0b67c2 . + . + . + . +_:N54d1f829ecc441b9b7d9248324cbea6b . +_:N8b86dbc23a22407a9380fbd9376d3b83 _:N4f9424fdcb0643a6b8dbd2c83de164a1 . + "A concrete subclass of AnyLicenseInfo used by Individuals in the\nExpandedLicensing profile."@en . + "securityPenTestReport" . +_:N951ec4cbce414b3bab847840bf18d59f . +_:Na82fb3a822a04f6180f1ca7808276d8f _:Nc6bdb22311b243119db2aee3b54fabe4 . + "Abstract ancestor class for all vulnerability assessments"@en . + . +_:Nfcc30e48020d4dd2b3493a0cd55ea457 "1"^^ . +_:Nadd6173eaf8b4550a3ec8c90524cc599 _:N4d86b5ad122d431bbf443326643a51df . +_:Nabd40767fbd84edea7e048b911a681e4 . + "Specifies the time from which an element is applicable / valid."@en . + . + . + "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . +_:N58b8de667bb54771976a5e86a8a8139a . + . +_:Nd77e569c4d2d4d2c9bb29ea462bc94cc _:N39638ea4b52f4236b7a808cb979d2f4b . + . + . +_:N4d2df683a0ea4c39be288b78f9e61ca4 _:N184c02d9c66a4e9d988d681d20c5ddc6 . + . + "Specifies the CVSS base, temporal, threat, or environmental severity type."@en . +_:N3de741ac343042e6ac53564501076e44 _:Ne0ff4ba19d0a41c18c6ccfc733f2193d . + "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)."@en . + . +_:N4278c3d777ea4ebd81cd23af80459c2d . +_:N73833299f42a4f78b3a3379f9d2302d7 _:N38e1279dca3f4e53be4eb3245a0e4ec2 . +_:N30a10bdc909f4c4bb84f02821147b416 _:Nf6a05248229d4fe292d04534a4c4573d . + . +_:Nb2747510507b404f9243bfd7225f629d . + . +_:Nf81435c80dee4c1db825f1917f62e947 . +_:N61753ca6fa484199b143356d20b0476e . +_:N5a2b8b0073a54a3db4d6092f1c5043ed . + "manifest" . +_:N7b5b4ad7f9a54d91a292ac0738539050 . + . + "metrics" . + . + . + "A mathematical algorithm that maps data of arbitrary size to a bit string."@en . + "noAssertion" . + . + "The `from` Element is documented by each `to` Element."@en . +_:Nc2ac7680f26b40408ebfc2b4bb40def7 . + . +_:Nc6bdb22311b243119db2aee3b54fabe4 . + . + "Low/no risk is posed by an AI system."@en . + . + "hasOptionalDependency" . +_:N963f7603cd844b03bd4631e0713b1635 . +_:N70cf024bfa9e40a08de101b510631f60 _:N4f925ef656b840928e22aa51252c2976 . +_:Na3b27046864941989a486e5a70e0edb4 "1"^^ . +_:Ndc659c8552d54ab684aadbdacdbd7a8d _:Nf142b126cd744b69be8d6c35ee1361e4 . + . + "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)."@en . +_:Ncff880d9e9c24887adcf512cbce2a444 . + . + _:Na1ce1658c3be4bc0b082944caae9ddea . +_:N74551d5c49b94ece99a5fdec0d58d233 . +_:N0e4d30a5dd60459dbbb5efc7333deb37 . +_:N73e74213eec84d8daaa36a51dab963d6 . +_:Nf3c62ca118b94d17a1ef6b04e407421c . +_:N8692a82c280845c3a6fa37c02ddae229 . +_:N7091d1b764924e4db3551e0b422e61ba "1"^^ . +_:N1d4668e7f12244a7a9407b898c9b0534 . + "A value used in a generic key-value pair."@en . + . +_:N28c7097edd884a9b92697ec6b6729dc9 . + "A relationship has specific context implications during an element's testing phase, during development."@en . + . + "hasDynamicLink" . + "Refers to any unit of content that can be associated with a distribution of\nsoftware."@en . + "Identifies the tooling that was used during the creation of the Element."@en . + "An Individual Value for Element representing a set of Elements of unknown\nidentify or cardinality (number)."@en . + "A buildType is a hint that is used to indicate the toolchain, platform, or\ninfrastructure that the build was invoked on."@en . +_:N453a2981f56c4d3a943752e7740f87fd "1"^^ . +_:N6e913b09266e498887238fae6898e289 _:N6bd3d2cfd9cd4f248e354deb40a851ff . + . +_:N072d6f5c7eee40859e3a93d05034536f _:N4a3178783c58491bb646a056a8dbb37a . + "A reference to an alternative web page."@en . +_:Nc71de92f1cc649fcab4d77d974dac329 _:Nfc3f4dc279d7471b83aa1a9df09f8d3f . +_:N4f7ca95fbfad4d20810e92ab09220394 . + "reportedBy" . +_:Ne883dfda4a7445ceb1e70f39ddd03fea . +_:Nbd0d551be201428eb241c70d0e315cfa . + . + . +_:N79b4dcdd054d4ca8a87fc86377c9366b . + . +_:N8115c0678af046f9bb8fe56f1541b92b . +_:N2456bf573caa4efeab27607dfed5a451 _:Nb40076de31ba4cc08826656559e10385 . +_:N5912892962274966938ef83f3f23c015 . + . + . +_:Nd3d538fe1cb544b5808c51dffd844c81 . +_:N269b628c85f04f5d8a10fa3c500745a4 . +_:N95c7a63c89e94f8d9ceb0dd0c34ac9e3 _:N348ad67a2abe4f9d929b1e20acc594b5 . + "noSupport" . +_:Nef3e82bf7eac41aa8dc101eabd0f1815 . +_:Nadd5d6fa295c47ee82d49e5fde059110 . + . +_:N0dc54ccc3f8d4afe897d7be97f9f6928 _:N6946aaeee89545da9d91b8527c54139a . + "hasTestCase" . +_:N8eab6125211e4549a03d744617823ad5 . + . + . + "hasDeletedFile" . + _:Na92e8ceda7e548bb9a144c2e9c857639 . + _:N74551d5c49b94ece99a5fdec0d58d233 . + "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent."@en . +_:Nd385c846dfa14371a0a3697f7168b4c1 . +_:N91adaf3024344ddcbcbf3f943faaad6b "1"^^ . +_:N8f24e4128c124ec08b9e80f45a43dd1e . + "A software agent."@en . +_:N951ec4cbce414b3bab847840bf18d59f . +_:N451bba51c46a4c9d9a2343aef3356453 . +_:N4e6142c3e2dd4f3f9e2aed1df9452bc7 _:N716ee87802fd4b6f98bfcff38ca5ff8a . +_:Nc37985fef6884679b49d387a2ef08d3f "1"^^ . +_:Na3b27046864941989a486e5a70e0edb4 . + . + . + "crystalsKyber" . + "hasOptionalComponent" . +_:Nc1bb7a1b7d034342906511e27e066abc _:Nf21725c3245f4286b67bd679d3351c59 . +_:Nd05558aa816f416f8c26895bb8d1d9bb . + "Specifies a vulnerability and its associated information."@en . + . +_:N4382805b6a5947d38ffcfd8b182bddbf . + . +_:Ne3b40c9739164b2eb0ae163374d9c4ac . + "Property describing the start time of a build."@en . + "medium" . +_:N7a66c734ced842b4913ff95c5f5cf452 "1"^^ . +_:Nf0752cee7bef48efaa39267516a6b21a . + . + "Describes the type of the given dataset."@en . + "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)."@en . + . + "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)."@en . + . +_:N7091d1b764924e4db3551e0b422e61ba . +_:Nf41c7f62f52f4c10b14344ec13dfe1e5 . +_:Nb6e99584403541df96486fcac6d79017 _:N4538304380bf48b895869aa8dbea3275 . +_:Ne223bb746dc9463bbbe16ca844619e98 _:N45481eab750645b4929b7b63c8ca7916 . +_:N06465237afe4406eb4803558f7a57c08 . + "noAssertion" . + . +_:N024478cff6eb4ef48dc45dabdb7b0a35 . +_:Nce9a69dc19af4e1394f03174c67c5857 . + . + . +_:N9e3f2c4f96904bddb1aa46c01701b0f6 . + . + "low" . +_:N453a2981f56c4d3a943752e7740f87fd . + "support" . +_:Ne11c75cafdb0438299216847b06716cf . + . + . +_:N2c7697a923534e9988689746f1d03e41 . + "hasDistributionArtifact" . +_:Nb28702ad1ccc478ba7b8aa42bc12985d _:Na3d930b22d4f462cb8bcb86adb108e16 . +_:N4b7945a329d940d7a4167237a4e60e53 . + "high" . +_:N2056bd91659a4260a6eb99a0cbdd9f14 "1"^^ . +_:Nf94717c65e4f4b86b4df261ecf26650d . + _:N576b7fbe3ba74572a6eb065c67761847 . + . + "design" . + . +_:N6eb9ec15081f404a99935ff4e2aaa14b . + . + "Agent represents anything with the potential to act on a system."@en . +_:Na42e3794f624483e818646ed683c5ba2 . +_:N734a831b529349fb969fd328dc6dcb1c . + . +_:Ne03121e956234709bc0f8f288597ff50 . + . + _:N78c7513398064da1a55c5df1b3c96444 . +_:Nf44042158d4d4c85a5bd6a0fcb538498 "1"^^ . + . + "Refers to any object that stores content on a computer."@en . + . + _:N61753ca6fa484199b143356d20b0476e . + . +_:Nc22ee04d695b4582bd604f6206900620 . + . + "A LicenseAddition participating in a 'with addition' model."@en . + "hasDeclaredLicense" . +_:N187a93895c7b43bea96131212a0ba3f5 . +_:Nce6e2333750a40619f2e93e40be35d7e "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + "Specified the time and date when a vulnerability was withdrawn."@en . + . + . +_:Nc37985fef6884679b49d387a2ef08d3f . + "hasEvidence" . +_:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3 _:Nb81407b76fc94f228f1f5ad011d931a5 . +_:Nf0752cee7bef48efaa39267516a6b21a . + . +_:Na1ce1658c3be4bc0b082944caae9ddea . + "A relationship has specific context implications during an element's build phase, during development."@en . + . +_:N7a66c734ced842b4913ff95c5f5cf452 . +_:Nadc18a90b6ca4cc3af0fb2aa7418dda8 _:Nc2ac7680f26b40408ebfc2b4bb40def7 . +_:Nd8679c5e3311467ca097a4151ac8fa54 "1"^^ . + "Identifies an external Element used within an SpdxDocument but defined\nexternal to that SpdxDocument."@en . + . + . + . +_:N0e4d30a5dd60459dbbb5efc7333deb37 _:N10ab85203a394bd3ba6ef86074d64233 . +_:N95b6da49b56e4298924cd2f153f00905 . + "Describes what the given dataset should be used for."@en . + . +_:Nf507b9bee5ae4254bafe4ce3c72a9f18 . + . +_:N7c9974a53d5443c5831f3e7dc56073d0 . + . + "trackStar" . + "Contains a URL where the License or LicenseAddition can be found in use."@en . +_:Ndc4f18efad334d78a498ea9df84fbd02 . + "Specifies the amount of energy consumed when finetuning the AI model that is\nbeing used in the AI system."@en . + "extension" . + "Information about the relationship between two Elements."@en . +_:N61753ca6fa484199b143356d20b0476e . + "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/)."@en . + . + "The `from` Vulnerability has had an exploit created against it by each `to` Agent."@en . +_:Nbd14f0a1267744e89f6930e710689414 . +_:Ndfe4dc1d7d574b10a92ee8955837ad9d . +_:Na96bc2776ef4488595f136d0fbac26a6 "1"^^ . + "hasHost" . + . +_:N4c8c5257e6c144099de859c3f43b1961 _:N97120636b11b4b158892706019486fb5 . +_:N45481eab750645b4929b7b63c8ca7916 . +_:N87131d5acc2b478ba16230f714aa0bb0 "1"^^ . + . + _:N2056bd91659a4260a6eb99a0cbdd9f14 . +_:N30d5cdb21c144005b1d74c81aa0e129e _:Nbffaba2351c747ef8e380b89888a5f14 . +_:N80dac4ea19f44488ae2dc09ba1429116 . +_:N2b94274553ab4bc2bbc78307f39b3327 . + "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships."@en . +_:Naa7e95f812804669b3e89daed8d27b21 "1"^^ . +_:N451bba51c46a4c9d9a2343aef3356453 _:N731241b6024d4e109893eb1354404ec5 . + . + . + . +_:Nbd14f0a1267744e89f6930e710689414 "1"^^ . +_:N25b71b41baf8408a91b66336f376a5b6 _:N29e8eb1e03be45ae92093e6937585f14 . + . +_:N954579de61d84bef909737ad4568a536 . + "2024-11-22T03:00:01Z"^^ . +_:N16cb468a2dcd423bb3654b71a6f00062 . +_:Ndb50eefe33ac4feda6cfb13073b5324e . + . + "Abstract class for the portion of an AnyLicenseInfo representing a license."@en . +_:N94e6bbd4fb004035a4cbdb3e969a1fbb _:Ncf68ed04ac534a92808a38217fa55530 . + . +_:N453a2981f56c4d3a943752e7740f87fd . + "A license addition that is not listed on the SPDX Exceptions List."@en . + . + . +_:N072d6f5c7eee40859e3a93d05034536f . +_:N02fadd3757064be6a0b797d8675b611e . + . + . +_:Ne7cb91f8739a4acdb1e220785f261efb _:N38aeb59117654398b393a546eaaa5fd9 . + . + . + . + "file" . + _:Nc704d39d408f41caa9805e140ff0016a . + . +_:N47d32bc3b4e04c9ab083ec76d4f22585 . +_:N6f8ca85700744b0e9f7a8672675d1dca "1"^^ . + . +_:N30a10bdc909f4c4bb84f02821147b416 . + . + . + . +_:N03140b327b9d4620b37b847528c7140b _:N4d2df683a0ea4c39be288b78f9e61ca4 . +_:Nd1b797da281643468add752e036349fd _:N40bcef929ef64825a68929a36aefa27c . +_:Nb0ab9a298e9845b1b1b770398def929d _:Nabd40767fbd84edea7e048b911a681e4 . + . + . +_:Nc704d39d408f41caa9805e140ff0016a . + "The Element is configuration data."@en . +_:Nbd45f3e248c84b27b2e1a0da67d47a71 . + "A name used in a CdxPropertyEntry name-value pair."@en . + "amendedBy" . + "An Individual Value for License when no assertion can be made about its actual\nvalue."@en . +_:N8adbab8e05cf4258a0b7e9eedbd03e5f "1"^^ . +_:Nc7f12b88e8f5489dacbbfeb81192696a . +_:N80dac4ea19f44488ae2dc09ba1429116 "1"^^ . + . + _:N2b94274553ab4bc2bbc78307f39b3327 . +_:N23a349d7f4a14351adf4c70293152926 _:N6e913b09266e498887238fae6898e289 . + . +_:N0b353053b3cd41e89351acf39abb719c . +_:Ndcdb30d7deca45a8bc3e563144933f0e _:N6be5db9035a14b779b13bfa0a5a51c3e . +_:Na96bc2776ef4488595f136d0fbac26a6 . + . + . + "Describes a mechanism to update the dataset."@en . +_:N8711a8ae5ca942d1bbd795a0144ca9a7 _:N13f4d81403034faaa93ea1abc3bd3d91 . +_:N32f50a51e84f4a2499a5d17f54bbed6b _:N694be39aecbe44d49f3850275de952ec . +_:Na5a538a0052340c0ba01747cca3d3da8 . + . + . + "A reference to instructions for reporting newly discovered security vulnerabilities for a package."@en . + "other" . + . +_:N8f24e4128c124ec08b9e80f45a43dd1e . + "productMetadata" . + . +_:N4466be96ec5a4942b916c3f1fad2d3ee . + . +_:N904326509fc04cc4be66ea123ed9fdc4 . + "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . +_:N48b3e9d109d34fdeaa6cbef58c05c171 _:N220b4463e39147e99e8eeeb9974c5370 . +_:N7d2dbee05b72455c995a675186de5fd1 "1"^^ . + . +_:Nf028d12b2d0f4f6cb20747b6b39a8b5b _:Ncb6c9deb0ba44382a0b957b7ea80228c . + . + . +_:Nd6f4245b3ebe44e6b100782b191deb97 . +_:N1358bfc70dc14db6aa3a799228bc2fdd _:N4091b2fb3d5c417fad7305927740d1d5 . +_:Nbd0d551be201428eb241c70d0e315cfa _:Nd0cfba2a98544626a8566f29105598e9 . +_:Nc9235a4485e64fff9b1298095061a58e _:N05edbc4959e844438800e546abaebaea . +_:N68e2aefd82ab40c59cc6c2bfeab0adc4 . + . + . + . +_:N0c49370c41124d50ac6081418cb2432d _:N511c01e1b6a146c3bf99fe3e88272f2e . + . +_:N00fcf1f501a749fc9cbbdbdf23a7aaa8 . + . +_:Nfbd5a9c0923c423a84d0bb8fef89f4a3 . + . + . + . + . + . + _:N58b8de667bb54771976a5e86a8a8139a . + "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package."@en . +_:N6f8ca85700744b0e9f7a8672675d1dca . +_:N3d9237b249544033acbf7d94cac2b424 . +_:N64a80dfe5e954cf59753ab8a96e4eff3 . +_:Na1cdda0a73e94e598b769cac4a5a5cb8 "1"^^ . + "A license that is not listed on the SPDX License List."@en . + . + . +_:N9c1ccbc2b86f454395a450f736b67eec _:N0f4d0a9a8e7d46a0b9cf255274bcce6b . +_:Nbc8ae53aacf942ca88840a6c1d655d6c . + . + "Specifies the type of an external identifier."@en . + "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless)."@en . + . + . + . + . +_:N243ef6907efb40d38e00f4430d63fc19 . + . +_:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0 . + "Provides an exploit assessment of a vulnerability."@en . + . + "Provides an EPSS assessment for a vulnerability."@en . + . +_:Nfa72871f5924444491d18910ec431abb . +_:Nbdc672a90df4480da8648bd31507d48e . +_:Nf142b126cd744b69be8d6c35ee1361e4 _:N5b2e4dda703849e4933338ff0970e968 . + . +_:N2b94274553ab4bc2bbc78307f39b3327 . + . + "A reference to related security information of unspecified type."@en . +_:N72dd028519c2443b94229cfc4a2639bc _:N0a961d271f304c8cbb2e0a1307a9d8ad . +_:N89d361d3f1d94de5b28ee82b1d3da3de . +_:Ndaeba75fb43b4db7b777e9b00ecd7064 "1"^^ . + . + . + "library" . +_:N4b7945a329d940d7a4167237a4e60e53 . + . + . +_:Nc6d18260ddfa478b84c2dc19c2059aa2 "1"^^ . +_:N3c163fcab8684aa09c61e78b4cbb9b38 . + . +_:Nb28702ad1ccc478ba7b8aa42bc12985d . + "availableFrom" . + . +_:N7d2dbee05b72455c995a675186de5fd1 . +_:Nccde3ac271484f91b83ed5fb2e1d70c9 _:N0f568f8825144082a14a0e000b8ff13f . +_:N619e2a32fb994ed69f916340e12ed7f3 _:N315dc3dd043c41a49ffaaba74d10eeb0 . + . +_:Nddcc9ac569c4442b894f208d7722b4f8 . + . +_:Ndaeba75fb43b4db7b777e9b00ecd7064 . + . + . +_:Nc22ee04d695b4582bd604f6206900620 . +_:N4a56b875349e44729e9aca40972c86cd . +_:N4538304380bf48b895869aa8dbea3275 . + "text" . + "sha384" . +_:Ne4baf3becb8740a79f8bceb49f40679f _:Nd91122440e7149a28656eb9394e082b2 . +_:N6bd3d2cfd9cd4f248e354deb40a851ff _:N618f8c59ed9345ca8692a68f777a0fb0 . +_:N6ac0694afb0c40c1bb0988b0569f0cb4 . +_:Na449b0b56e3540618b2a2698204edde9 "1"^^ . +_:Na1cdda0a73e94e598b769cac4a5a5cb8 . + . + . + "altWebPage" . + "Used when the type does not match any of the other options."@en . + . + . + . +_:Nc8b9ea4213214eccb17ccccf3790161d . +_:N132cde65c9b14a1694d400388aecf0cc . + "A license exception that is listed on the SPDX Exceptions list."@en . + "copiedTo" . +_:N9bd771ac02cc41519919a01d4deca105 _:N96c753d614db4e7b844bcb3b5f9ff291 . + "runtime" . + "3.0.1" . +_:N763c69315ee040a88ca27b5205984626 "1"^^ . + "sha1" . + _:N2b7fa052bf664f2a9e1923831d282602 . + . +_:N236307149ca247fcad8df1b0dd41fcfc . +_:N269b628c85f04f5d8a10fa3c500745a4 . +_:N4538304380bf48b895869aa8dbea3275 _:Ne223bb746dc9463bbbe16ca844619e98 . +_:N163b018b3d984833a5523252ed920c58 . +_:N511c01e1b6a146c3bf99fe3e88272f2e _:Nd0ec388aab40469ab0a4297c30e0c906 . + . + "Specifies an AI package and its associated information."@en . +_:N1256cfafa26e453a9d5f8b08cc5920d7 _:N4182e8c878544ebb842682b1ece2bd3a . +_:N9b79adf6684a4d328dc28ae0ee98d95d _:N5eab3a0a527f4705bdb2f04b7c39e36c . + "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period."@en . + "A concrete subclass of Element used by Individuals in the\nCore profile."@en . + _:N0b728d22a9674ecc87af12fde5aae61c . +_:N2f8145031850475ba01bc466221debed . +_:Nf9bf03371d92462f91a54baa946fd625 "1"^^ . + . +_:N7b50bf552c054e5baab961ecc882b722 _:Nf593d6da70614e2581430bd37d9cd4ef . +_:N4278c3d777ea4ebd81cd23af80459c2d _:N82b5fa65536b400a809bd5f3104f6ec0 . +_:N4e4b35788e1b4064b856bcd8d2cc6670 . + "kev" . + . + _:Nd2a11bb8a1a14a82994d02e9dd610275 . + . +_:N0753f471dae945e885cde15702c705bb _:N619e2a32fb994ed69f916340e12ed7f3 . +_:N2b7fa052bf664f2a9e1923831d282602 "1"^^ . + "The Element is a module of a piece of software."@en . + "cpe23" . +_:Na92e8ceda7e548bb9a144c2e9c857639 . + . +_:N9dbe04a2eaac4271aafe4a7650ec4e15 . + . + . +_:Ncb6c9deb0ba44382a0b957b7ea80228c _:Ne7cb91f8739a4acdb1e220785f261efb . +_:N96c753d614db4e7b844bcb3b5f9ff291 . + "mavenCentral" . + "md6" . + "blake2b512" . +_:N8b5253826157456ba3297cf9f4f8db15 . +_:N516b1b46dbb04f1c953906f0388bf8b4 . + . + "critical" . + . +_:N83935261300041758021c5a3fbdae6c0 . +_:Ne20cfbefa1424ba79abfc89287f1eef3 . + . + . +_:N3ba51db196c04386ae47cb64aab6c95c . +_:N1d4668e7f12244a7a9407b898c9b0534 . + _:Naa7e95f812804669b3e89daed8d27b21 . +_:Nc3c21678fc9a459784f054a6954a9aa8 "1"^^ . +_:N5011f0cdb4544a70b796520ecd436a25 "1"^^ . +_:N4f925ef656b840928e22aa51252c2976 . + _:Nce6e2333750a40619f2e93e40be35d7e . +_:N91d11db27b28462b8545b78734a27503 . +_:N626b5ad29167479dabae9a9177315404 . +_:N96120491adc84204822952240ddadf13 _:Nb0ab9a298e9845b1b1b770398def929d . +_:Nb3e77cdb9a14442eafb0659c7081c110 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + "generates" . + "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)."@en . + "secureSoftwareAttestation" . + . + "the artifact is in active development and is not considered ready for formal support from the supplier."@en . +_:Nc5485992ed4e4cbea07fa6d87ee716ac _:Nc85a3a5deac54465a32d993ba5434b00 . +_:Nf6a05248229d4fe292d04534a4c4573d _:N83935261300041758021c5a3fbdae6c0 . +_:N737b3d5b3c8f4cb7b5fb665b52f1dd96 . +_:Ne820a8ec67114d53b03a71f5f7be31f5 "1"^^ . +_:N80dc66a1ccec469392596c5291fa2864 . + . +_:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0 _:N461fe7f9c28b4d81a4fb17726fc9adf6 . +_:N763c69315ee040a88ca27b5205984626 . + _:Nf7fd042770064703a84cd9039273e4f7 . +_:Ne03121e956234709bc0f8f288597ff50 . +_:N3b695bebf32746039b555b8460ffe552 . + "doesNotAffect" . +_:Nbffaba2351c747ef8e380b89888a5f14 _:N288949a61054447689377b531414e0b7 . + "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog."@en . +_:N2b94274553ab4bc2bbc78307f39b3327 . + "A key used in a generic key-value pair."@en . +_:Nad909dcc4fad4339a9eb809fabd6a871 . + . + . + . + . +_:Nccde3ac271484f91b83ed5fb2e1d70c9 . +_:N4e4b35788e1b4064b856bcd8d2cc6670 . + _:Ndb31c53559be41e0b28e79b74da0b557 . + _:N942417ca6d844df0914d75b099a457f8 . + "Specifies the level of support associated with an artifact."@en . + . + "A mapping between prefixes and namespace partial URIs."@en . +_:Na42e3794f624483e818646ed683c5ba2 . + . +_:Nf9bf03371d92462f91a54baa946fd625 . +_:Nc6d18260ddfa478b84c2dc19c2059aa2 "1"^^ . + . + _:N377b547285074591a904911ef1fc1977 . +_:N78c7513398064da1a55c5df1b3c96444 . + "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)"@en . +_:N0b728d22a9674ecc87af12fde5aae61c . +_:N73e74213eec84d8daaa36a51dab963d6 . +_:N75f6c4472b7b45349200afcce0dbacef _:N91fee785616543dd9952683d70d387bf . + "Specifies the VEX justification type."@en . +_:N06465237afe4406eb4803558f7a57c08 . + . +_:N4ac93d52ef544d5cb73aeaeb279b7567 . +_:N00fcf1f501a749fc9cbbdbdf23a7aaa8 . +_:Ndbf7c5384f2242b98dd62b6a8d6a503f . +_:Nf71f6300b14a4726a20ffad899bed919 . +_:Nc9ddcdf86e874968aa8f5ba821975eb4 "1"^^ . +_:N105628f6c8b040edb9db617f35f30bec . + "Records a hyperparameter used to build the AI model contained in the AI\npackage."@en . + . +_:Nfbb5f5e996be44989d31d47d46540443 "1"^^ . + "other" . + . +_:N163fe4499b2a454a9641b23118bf53ae "1"^^ . + . +_:N5011f0cdb4544a70b796520ecd436a25 . +_:N0bf807da343b4645904db560abf69583 . +_:Nadd5d6fa295c47ee82d49e5fde059110 . +_:Ne778a773be4f408192f2ed37c6143a5d "1"^^ . + _:Na1cdda0a73e94e598b769cac4a5a5cb8 . + . + . + "The Element is a single or a collection of source files."@en . + _:Nc63741a7112e471ba97ce37e05f2dac1 . + "A reference to a resource outside the scope of SPDX-3.0 content related to an Element."@en . + "source" . + . + "complete" . +_:Nf71f6300b14a4726a20ffad899bed919 . + . + . + "2024-11-22T03:00:01Z"^^ . +_:Nb916f2dfc1c640bd8e0dac9bb5956172 . +_:Nbc1332652da345c49ad3c948238f404b . + . +_:Nce9a69dc19af4e1394f03174c67c5857 . +_:N64a80dfe5e954cf59753ab8a96e4eff3 . + . +_:Nfe1814d375d7456e843deb8cde1cf341 . + . + . + "This individual element was defined by the spec."@en . +_:Nbbe9948554644fd8b49899d278739242 . + "A class for describing the energy consumption incurred by an AI model in\ndifferent stages of its lifecycle."@en . + _:N8adbab8e05cf4258a0b7e9eedbd03e5f . + . + "Describes a relationship between one or more elements."@en . + "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period."@en . + . +_:N73f9586a8a7d4b978afcb9cfe998050b "1"^^ . + . + . +_:N897df0f6e23b488988a2d2db8aad5bc4 _:Nfa72871f5924444491d18910ec431abb . +_:N7b5b4ad7f9a54d91a292ac0738539050 _:Nb28702ad1ccc478ba7b8aa42bc12985d . +_:N70cf024bfa9e40a08de101b510631f60 . + "md4" . +_:Nc9ddcdf86e874968aa8f5ba821975eb4 . +_:Na267e7b88a344e4fbd0c59a6dc760e65 . +_:N66b43817d95d4468bf805207af159230 . + "Records the type of the model used in the AI software."@en . + . +_:N90cb783276d74a2881e21a08abf01e2f "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + "The name of a relevant standard that may apply to an artifact."@en . +_:Na92e8ceda7e548bb9a144c2e9c857639 "1"^^ . +_:N288949a61054447689377b531414e0b7 . + . +_:Nca9532c3dd0b421e95d0800b68e3442a "1"^^ . + . + "Other exploit catalogs"@en . +_:Nbd47cac50394462f9015e00ec4b449a6 . + . + . + "securityAdvisory" . +_:N675847984777421d9fb9b171cdf0bb53 . + . + "A reference to a purchase order for a package."@en . + "securityAdversaryModel" . + . + "Class that describes a build instance of software/artifacts."@en . +_:N261c61aa119e4f4e9ce3c9387fb29c9f _:Nb9165bd1d4e8406eb56e237a892cfba4 . + . +_:N80dc66a1ccec469392596c5291fa2864 . +_:Nc6d18260ddfa478b84c2dc19c2059aa2 . + "When a CVSS score is between 0.1 - 3.9"@en . +_:N5d195bb929fc404584503e9c9b17a526 . + "sha3_384" . + . +_:N5912892962274966938ef83f3f23c015 . + "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License."@en . +_:N5e678b3ba38745b58c0103b8e085d5c8 "1"^^ . + . + . + . + . + . + _:Nc22ee04d695b4582bd604f6206900620 . + . + "Makes no assertion about the field."@en . +_:N59f692071bb64860ab9f02cfb4670088 _:N27a8c8f61e944083abcc670fe4586df8 . +_:N05edbc4959e844438800e546abaebaea . +_:Nff8e6ed55f604249b913b2bbc6d8411d . + . + . + "The field describes the availability of a dataset."@en . +_:Nfbb5f5e996be44989d31d47d46540443 . + . + . + "A key with an associated value."@en . + "The Element is used to install software on disk."@en . +_:N7c7a260c778e4d4491ba75a0fe083ebe . + . +_:N73f9586a8a7d4b978afcb9cfe998050b . + . + "Property that describes the time at which a build stops."@en . + . +_:N58c62d134f5e41d78440946685ecf0cc "1"^^ . + . + . + . + . +_:N88e97455b377466daa24bff58cde8f0d . + . + "attend" . + . +_:Nfc8b91023a9e4e08ae989e08b6c0b9ec _:Nf7e1508801cf4398b830fad84fe53388 . + . +_:Nae8e63939c7c4cf4aa4ba555362d775c "1"^^ . +_:Ndfe4dc1d7d574b10a92ee8955837ad9d _:N0e31c4b45c4b442e9f1d32ab917a76ae . + . +_:N168bcfc831bd4f85b6a82742eb7ad4f5 . +_:Nad909dcc4fad4339a9eb809fabd6a871 "1"^^ . + . +_:Na92e8ceda7e548bb9a144c2e9c857639 . +_:N45b62edbd5f3406dba20232288ec19fd . + "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends."@en . + . +_:Nc9ddcdf86e874968aa8f5ba821975eb4 "1"^^ . + "directDownload" . + . +_:Nfe1814d375d7456e843deb8cde1cf341 . + _:N5e678b3ba38745b58c0103b8e085d5c8 . + "ai" . + . + . + . + "build" . + "A reference to a version control system related to a software artifact."@en . + "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/)."@en . + . +_:N5b2278fb3a8e4e239193a033f8b4bf04 _:Nf3c62ca118b94d17a1ef6b04e407421c . + "A string in the license expression format."@en . +_:Naf01116eff7c4759be95f8f97c257d9c . +_:N2b94274553ab4bc2bbc78307f39b3327 _:Nadd6173eaf8b4550a3ec8c90524cc599 . + "Identifies who or what supplied the artifact or VulnAssessmentRelationship\nreferenced by the Element."@en . +_:N79e0fdc8a753446e8e1931aab90b02ae . +_:N9e3f2c4f96904bddb1aa46c01701b0f6 _:N8ad3af20ea5248df91865def0b7a98de . + _:Na3925605d49b4db382603ae946c37f51 . +_:N7c9974a53d5443c5831f3e7dc56073d0 "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . +_:N0f4d0a9a8e7d46a0b9cf255274bcce6b _:N70cf024bfa9e40a08de101b510631f60 . +_:Nf10e65ca64f84003827c23ef339743e5 . + . +_:Nbbe9948554644fd8b49899d278739242 _:N7b50bf552c054e5baab961ecc882b722 . + "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries."@en . + "Specifies the type of the content identifier."@en . + . +_:Ne81afbff18a74c75ac853da24ab327a0 . + . + "Timestamp of impact statement."@en . +_:N4dda90621fe746a2972ace6f1e26f9c9 _:Na00b6f47e860415881f7e8a524a04316 . +_:N91fee785616543dd9952683d70d387bf _:N94e6bbd4fb004035a4cbdb3e969a1fbb . + . + . +_:N47d32bc3b4e04c9ab083ec76d4f22585 . +_:N58c3f747313349d396ead702e2de2953 . +_:N0cac787ed3f3421fa6687df4da790a0c _:N44928392b4d8458f847c7fd69533d2ee . + "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact."@en . +_:Ne68051bb209048da9a57bc5dbaf28bf0 . + "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact."@en . +_:Nbac401e4be1249dd86dd149952baf59b _:N5bda6a3731444310990a06326743f6aa . + "A group of people who work together in an organized way for a shared purpose."@en . +_:N0d2bee57931544d786ff3bc0afb223b0 _:N8f1dd8dbe42e46fb934adf94515048b1 . +_:Nc22ee04d695b4582bd604f6206900620 . +_:Nd385c846dfa14371a0a3697f7168b4c1 . +_:N8a37deb026864cdca312209746e2caaa _:Nf3dfbb7f98e84c61b58f5b17e3ae9f19 . + "Abstract class representing a license combination consisting of one or more licenses."@en . +_:Ne820a8ec67114d53b03a71f5f7be31f5 . + "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack."@en . +_:Na82fb3a822a04f6180f1ca7808276d8f . + . +_:N13acbf7806c648f19f147c9073a04385 . + "noAssertion" . +_:N0d09683a42354debacdd0b0625119609 . + . +_:N8f1dd8dbe42e46fb934adf94515048b1 . + "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`."@en . +_:N991d42b910e64656b45d7c4ce9e7f5e3 . +_:Nae8e63939c7c4cf4aa4ba555362d775c . + . + . +_:N0f4d0a9a8e7d46a0b9cf255274bcce6b . + . + . +_:N5ab248e680454bbcb3ed254de24ac49f . + _:Nbd14f0a1267744e89f6930e710689414 . +_:Na267e7b88a344e4fbd0c59a6dc760e65 . + . +_:Nbb0a3a63cdba4f078c6de6eef7ff6579 "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + . + "file" . +_:Nb81407b76fc94f228f1f5ad011d931a5 _:Nc82d9b6d9a4a40d6b95e4cd04612ac98 . + "A value used in a CdxPropertyEntry name-value pair."@en . + . + . +_:N1a0a0b40de254f55a8372bba19b60496 . + _:N61b9a25cae674e199ce6572456d8e72f . + _:N63f963c2c8a4467bb803f9af7eaafd3d . + . + . + _:Nddcc9ac569c4442b894f208d7722b4f8 . + "qualityAssessmentReport" . + . +_:N4382805b6a5947d38ffcfd8b182bddbf . +_:Nf7fd042770064703a84cd9039273e4f7 . +_:Nac0a6f045e7e4efd9dbaf01201286a14 _:N2c7697a923534e9988689746f1d03e41 . + "gitoid" . + _:Nf5531d9c16ff4f589dff19f480634c29 . + . + "other" . + . +_:N2b7fa052bf664f2a9e1923831d282602 . + "Describes the preprocessing steps that were applied to the raw data to create the given dataset."@en . + _:N9bd771ac02cc41519919a01d4deca105 . +_:N4f6d0abf94b14a189b945346f00ba9dc "1"^^ . + . +_:N72a328f4b7e14cb194d99b35236c3430 "1"^^ . + "data that is classified into a discrete number of categories, such as the eye color of a population of people."@en . + _:N3b695bebf32746039b555b8460ffe552 . +_:N6f8ca85700744b0e9f7a8672675d1dca . +_:N17c879855daa4fd7b7d7ef9da34e7ea6 . +_:Nd91122440e7149a28656eb9394e082b2 . + "development" . +_:N1647e706f6764e7d9ec4e0aa8979d0c6 . + . + "Specifies an Extension characterization of some aspect of an Element."@en . +_:N53970517ea09401691d51549f8e0fd90 . +_:Nc15495aea74e4883afce40f042a057d5 . + . + "A license expression participating in a license set."@en . + . +_:N89d641eef49d4a5f9ef42bfe5c4221bd . + . + "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element."@en . + . + . + . + "A reference to additional license information related to an artifact."@en . +_:N8bdb3da6da754d98843024e1dcbe3e43 . +_:Nf6541e98d99947d9a7ccb49088b43ea0 . + . +_:N230a41f8c8d549b8844a37595ce56867 . + "A reference to the mailing list used by the maintainer for a package."@en . + "Defines the beginning of a range."@en . +_:N618f8c59ed9345ca8692a68f777a0fb0 _:N36b7d391e5cf402199bf454d82f5735c . + "A reference build metadata related to a published package."@en . +_:N13acbf7806c648f19f147c9073a04385 . +_:N7a48123f699948b5867af1fec0d7b88e . +_:Ne11c75cafdb0438299216847b06716cf . +_:N4881d1614aa0403894d16c3ca276d790 "1"^^ . +_:N9bd771ac02cc41519919a01d4deca105 . +_:N65301d1be04341678842dfc049e2a33c . + . + . + . + . + "Specifies the time an artifact was built."@en . +_:N85ad449141be453592e9e80c2bc379f4 . +_:N7676f1bbd99e47659502f87b9936453e "1"^^ . + . + "A property name with an associated value."@en . +_:Ne4baf3becb8740a79f8bceb49f40679f . + _:Nb916f2dfc1c640bd8e0dac9bb5956172 . +_:N8ec4229c1a674693bde766506ca93e87 . + "An SPDX Element containing an SPDX license expression string."@en . +_:N88e97455b377466daa24bff58cde8f0d . + "query" . + _:Nc38c872821b548ee8f430a027b2d711f . +_:N3ba51db196c04386ae47cb64aab6c95c . +_:N80dac4ea19f44488ae2dc09ba1429116 . + . + . +_:N64ae0543871444f6b7d2a497fcf55186 . + . + "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license."@en . +_:N763c69315ee040a88ca27b5205984626 . + . +_:N41fda4edc0294fce84cdb5688d8ef9ef . + . + . + _:N13396ee366a94de388e2aff47754e81f . + . +_:N06465237afe4406eb4803558f7a57c08 "1"^^ . +_:Nd3d538fe1cb544b5808c51dffd844c81 "1"^^ . +_:N4f6d0abf94b14a189b945346f00ba9dc . + . + . +_:N72a328f4b7e14cb194d99b35236c3430 . +_:Ncf68ed04ac534a92808a38217fa55530 . + _:N250a4372ab014e66ba3eec07accb85dc . + "An Individual Value for Element representing a set of Elements with\ncardinality (number/count) of zero."@en . + "firmware" . +_:N13f4d81403034faaa93ea1abc3bd3d91 _:Ncff880d9e9c24887adcf512cbce2a444 . + _:Na5a538a0052340c0ba01747cca3d3da8 . + . +_:N0cac787ed3f3421fa6687df4da790a0c . +_:N2456bf573caa4efeab27607dfed5a451 . +_:Nc8b9ea4213214eccb17ccccf3790161d . + . + _:N5912892962274966938ef83f3f23c015 . +_:Nc51fb19223644705a84f646344b7e9d3 "1"^^ . +_:N675847984777421d9fb9b171cdf0bb53 . + . + _:N68e2aefd82ab40c59cc6c2bfeab0adc4 . +_:Ne70b85feb564419597741ca637d61d03 . + "Records if sensitive personal information is used during model training or\ncould be used during the inference."@en . + . + "Describes all the preprocessing steps applied to the training data before the\nmodel training."@en . + . +_:N5d195bb929fc404584503e9c9b17a526 "1"^^ . + . +_:N5a2b8b0073a54a3db4d6092f1c5043ed "1"^^ . + "Enumeration of the valid profiles."@en . + _:N72a328f4b7e14cb194d99b35236c3430 . + . +_:Nc4286224070a4248ad8590c45a7c8bc6 . + "The Element provides a requirement needed as input for another Element."@en . + . + "An Organization representing the SPDX Project."@en . +_:N13396ee366a94de388e2aff47754e81f . +_:Nf7fd042770064703a84cd9039273e4f7 "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" . + _:Ncae19f1586924a439b37e75eb5b57ed4 . + . + "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3."@en . + . + . +_:Nce9a69dc19af4e1394f03174c67c5857 "1"^^ . + "Provides information about the creation of the Element."@en . + _:N91d11db27b28462b8545b78734a27503 . + . + "green" . + "The Element is an Artifact that can be run on a computer."@en . +_:N4d86b5ad122d431bbf443326643a51df . + . +_:N88e97455b377466daa24bff58cde8f0d . +_:N4571ded3acc34f068931feecaa278a44 _:N1aac3c1c2ffb45d79910e133d9ec02f9 . + "evidence" . + _:N4e4b35788e1b4064b856bcd8d2cc6670 . + "urlScheme" . + . + "low" . + "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)."@en . +_:N7f095ac56c3e4bccbcd4348b29980439 _:Na461e12485ec495f9d16f08504499025 . +_:N61753ca6fa484199b143356d20b0476e . + _:N72dd028519c2443b94229cfc4a2639bc . + "limitedSupport" . + "descendantOf" . +_:Nd8679c5e3311467ca097a4151ac8fa54 . +_:N06465237afe4406eb4803558f7a57c08 . + "The Element is a container image which can be used by a container runtime application."@en . + . +_:N763c69315ee040a88ca27b5205984626 "1"^^ . + . + "The percentile of the current probability score."@en . + . + . + "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/)."@en . +_:N5ab248e680454bbcb3ed254de24ac49f "^[^\\/]+\\/[^\\/]+$" . + . +_:N32f50a51e84f4a2499a5d17f54bbed6b . +_:N716ee87802fd4b6f98bfcff38ca5ff8a _:Nd951591fca6c47c2985dd159db6ad52c . + "Provides a CVSS version 3 assessment for a vulnerability."@en . + . +_:N8ad3af20ea5248df91865def0b7a98de . + "The file represents a directory and all content stored in that directory."@en . +_:Na00b6f47e860415881f7e8a524a04316 . +_:N14d2ccc3ee7749088945c0ba96e7a88a _:N2dbc8b0a30da433a94050a3ab1190bb8 . + . +_:Na44640dae5c34e6ab6f3759a75426eb0 . + "2024-11-22T03:00:01Z"^^ . +_:Nbdc672a90df4480da8648bd31507d48e . +_:N963f7603cd844b03bd4631e0713b1635 . + . + . + . +_:N5ab248e680454bbcb3ed254de24ac49f . +_:N034bf868068348fb92f2f33976cad5ae "1"^^ . + _:N6eb9ec15081f404a99935ff4e2aaa14b . + "A buildId is a locally unique identifier used by a builder to identify a unique\ninstance of a build produced by it."@en . +_:Ne0ff4ba19d0a41c18c6ccfc733f2193d _:N4e1bd25f594a483ab492b4c24a5748eb . + "hasInput" . + . +_:Nd385c846dfa14371a0a3697f7168b4c1 "1"^^ . + . + "The Element is documentation."@en . + "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM."@en . + "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated."@en . +_:Ne81afbff18a74c75ac853da24ab327a0 . + . + . + . + . + . + "dataset" . + "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/)."@en . +_:N7d2dbee05b72455c995a675186de5fd1 . + "cpe22" . +_:Nf26016059c3e414da185e30155b543f5 . +_:Nfbd5a9c0923c423a84d0bb8fef89f4a3 _:Nadc18a90b6ca4cc3af0fb2aa7418dda8 . + _:Nc4156282a9c34b6190b0869cdc1793db . +_:N954579de61d84bef909737ad4568a536 . + "Provide consumers with comments by the creator of the Element about the\nElement."@en . +_:Nd0d48abef81b4c44a952c0925a6e30a9 _:N9bb1cced9aa14e08b36ebf9f952b1d01 . + "privacyAssessment" . +_:N4881d1614aa0403894d16c3ca276d790 . + _:Nd05558aa816f416f8c26895bb8d1d9bb . +_:Nb07efffce0ba43a2bcac0e3a90a48609 . +_:Nc1bb7a1b7d034342906511e27e066abc . + "Describes potentially noisy elements of the dataset."@en . +_:Ne5e123ab8f7d4aa4b35a7442690fe19d _:N072d6f5c7eee40859e3a93d05034536f . +_:Nfbd3df443088485abe551fc6374a3c4c . + "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + "The Element is a software application."@en . + . +_:Nb850dda843534d3ab3ffbadf70766fef . +_:N7eb015d497fc4c09bb8530f59c65624d . +_:N4091b2fb3d5c417fad7305927740d1d5 . +_:Ne1917fc7b2894ab7a09e78e8e8b21989 _:Nbc8ae53aacf942ca88840a6c1d655d6c . +_:Nc3c21678fc9a459784f054a6954a9aa8 "1"^^ . +_:Nb345ac20ec3244e480ec30eee26dc06e . + . + _:N187a93895c7b43bea96131212a0ba3f5 . + . +_:N904326509fc04cc4be66ea123ed9fdc4 . + . + . +_:Na3925605d49b4db382603ae946c37f51 . + "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + _:N024478cff6eb4ef48dc45dabdb7b0a35 . +_:Nf028d12b2d0f4f6cb20747b6b39a8b5b . + . + "A canonical, unique, immutable identifier of the artifact content, that may be\nused for verifying its identity and/or integrity."@en . +_:Nd77657e0b19d459c931f64f48ed7e1a6 . + _:Nd33af007bad14a4594f7039df1c5df75 . +_:N694e3d4238ff4006b46b450b91f4179a _:N9a582f09d0b7426d81ae74b09a5ed252 . + . + . + _:Ne11c75cafdb0438299216847b06716cf . + . + . + "The `from` Element is an ancestor of each `to` Element."@en . + . + . + . + "archive" . + "kilowattHour" . + "hasProvidedDependency" . + "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness."@en . +_:N0781395df11e44a6a3186f0fa8908958 "1"^^ . + . + . + . + "Provides a reference number that can be used to understand how to parse and\ninterpret an Element."@en . + . + _:Nc37985fef6884679b49d387a2ef08d3f . + "A collection of SPDX Elements that could potentially be serialized."@en . + _:N0d09683a42354debacdd0b0625119609 . + . + . +_:Nb9165bd1d4e8406eb56e237a892cfba4 . + . + "expandsTo" . +_:Nf10e65ca64f84003827c23ef339743e5 _:Ne1917fc7b2894ab7a09e78e8e8b21989 . +_:N833dac5833c24d35a16d11f2e318aeef _:Nd90adf23ae66491daa68ac6dd4501bdf . +_:Nece0b4f721a847f98727202b50f4a753 . +_:Na5a538a0052340c0ba01747cca3d3da8 "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + . + . + "componentAnalysisReport" . +_:Nd83655f2100e4025b2eefd465fc154ab _:N0c3b30ca2bdf4cb1839bdc608bc41186 . + . + . + "serializedInArtifact" . + "packageUrl" . +_:N168bcfc831bd4f85b6a82742eb7ad4f5 _:Ned1f0afb78d3460c9478383abf3da36b . +_:N2f8145031850475ba01bc466221debed _:Nfb655ff9dcc6442baa6046d411f0624c . + "Specifies the exploit catalog type."@en . + _:N8f24e4128c124ec08b9e80f45a43dd1e . +_:Nf4609fa7f53e4898a47341b507b5e03e . +_:N210fbcf85b384009a2cee68e4a7e6b78 _:N02daaf1ea3874989948c16e26274de9f . +_:Ne68051bb209048da9a57bc5dbaf28bf0 "1"^^ . +_:N97120636b11b4b158892706019486fb5 . +_:N8186b6d9dc534ac1b7a906d040a88d6a _:N9b79adf6684a4d328dc28ae0ee98d95d . + _:N73e74213eec84d8daaa36a51dab963d6 . + . + . +_:Ne94d7f462c66468a8c52086b6b54de89 . +_:N682abb8a6bbc40e9947aa2d9d66eec4d . +_:N10ab85203a394bd3ba6ef86074d64233 . +_:Ne778a773be4f408192f2ed37c6143a5d "1"^^ . + "An assertion made in relation to one or more elements."@en . + "A reference to an artifact containing the sources for a package."@en . +_:N7c9974a53d5443c5831f3e7dc56073d0 _:N8358def5fd2b4668b759d786315e799f . + . + "Specifies the type of the external identifier."@en . +_:N5e678b3ba38745b58c0103b8e085d5c8 . + _:Nebecc80c7e4045d1b3ad15ab0c1d04ec . + _:Na3b27046864941989a486e5a70e0edb4 . + "An Element an annotator has made an assertion about."@en . +_:N4e4b35788e1b4064b856bcd8d2cc6670 _:Nce436d556d4e4606ba37d9ad32d22967 . +_:Ne06f01bddfb24f69a9e1c0ba9694b11d . + "underInvestigationFor" . + "A reference to the software support channel or other support information for a package."@en . +_:Na3925605d49b4db382603ae946c37f51 "1"^^ . +_:N90cb783276d74a2881e21a08abf01e2f _:N986501d57648498ea8ed156092baf32c . +_:Nd73c69088f734dffb4cc9539c637aecf . + . +_:N58c3f747313349d396ead702e2de2953 _:N5ddf9ddcd2bc446f8729bd7a23566faf . + "Provides an unambiguous mechanism for conveying a URI fragment portion of an\nElement ID."@en . + . + "Specifies the safety risk level."@en . + "A probability score between 0 and 1 of a vulnerability being exploited."@en . + "A reference to the documentation for a package."@en . + "Conveys information about how VEX status was determined."@en . +_:Nb9165bd1d4e8406eb56e237a892cfba4 _:N0753f471dae945e885cde15702c705bb . + . +_:N88ce0438020d4326924db53dec9bd6b5 . +_:Nb4381a5cee3143a482af28cf9a364f3c . +_:Nbbbec88245754e9d9390b9a11f0b67c2 . + . + "Specifies the time when a vulnerability was published."@en . + _:Nbbbec88245754e9d9390b9a11f0b67c2 . + "application" . + "documentation" . + . + "Specifies the type of the external reference."@en . + . +_:Nf7fd042770064703a84cd9039273e4f7 "1"^^ . + . +_:N98018fef19484e2fae944af82b21920e . + . + . + . +_:N7676f1bbd99e47659502f87b9936453e . + "deployed" . +_:Nccde3ac271484f91b83ed5fb2e1d70c9 "1"^^ . +_:N4e4b35788e1b4064b856bcd8d2cc6670 "1"^^ . + _:N00fcf1f501a749fc9cbbdbdf23a7aaa8 . +_:N79e0fdc8a753446e8e1931aab90b02ae . +_:Naa7e95f812804669b3e89daed8d27b21 . + "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)."@en . + . +_:Ne68051bb209048da9a57bc5dbaf28bf0 . + "A collection of SPDX Elements describing a single package."@en . + "Information about the relationship between two Elements."@en . +_:Nf7e1508801cf4398b830fad84fe53388 . + . + _:Nccde3ac271484f91b83ed5fb2e1d70c9 . + . + . +_:N40bcef929ef64825a68929a36aefa27c _:N4d92ede494e34e51ba6eca91292dc0dc . +_:Na461e12485ec495f9d16f08504499025 _:N73833299f42a4f78b3a3379f9d2302d7 . + "The Element represents a runtime environment."@en . +_:N6aa0e623203745d7b1fb18b485918354 _:Nc4286224070a4248ad8590c45a7c8bc6 . + . +_:N7c7a260c778e4d4491ba75a0fe083ebe . +_:Ne1917fc7b2894ab7a09e78e8e8b21989 . +_:Nc51fb19223644705a84f646344b7e9d3 . +_:N576b7fbe3ba74572a6eb065c67761847 . + "Provides the location for more information regarding an external identifier."@en . +_:N1a8882804ac24104946e7afa0b36905a _:Nc7b49cc0a08745e08e5ba42ee492184f . + "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability."@en . + . + . + "When a CVSS score is between 4.0 - 6.9"@en . +_:N619e2a32fb994ed69f916340e12ed7f3 . + _:N98018fef19484e2fae944af82b21920e . +_:N68767751c5f64fc1afe82f2dcbae6636 . +_:Nb2f2a5ddadbe4718954d50737f92e201 . + "Provides an independently reproducible mechanism that permits verification of a specific Element."@en . + "vulnerableCodeNotPresent" . +_:N5d195bb929fc404584503e9c9b17a526 . + "Property that describes the URI of the build configuration source file."@en . + "hasAddedFile" . +_:N5a2b8b0073a54a3db4d6092f1c5043ed . + . + . +_:N186b972a57284ae1946b3f7d8e762830 . +_:N45b62edbd5f3406dba20232288ec19fd . + . + "A reference to a static analysis report for a package."@en . +_:N66b43817d95d4468bf805207af159230 "1"^^ . + . +_:N4e4b35788e1b4064b856bcd8d2cc6670 . +_:Nc38c872821b548ee8f430a027b2d711f . + . + . +_:N516b1b46dbb04f1c953906f0388bf8b4 . +_:N58021835a49a4b959f9428f8df7f7198 . + "Indicates presence of the field."@en . + . +_:N1d4668e7f12244a7a9407b898c9b0534 "1"^^ . +_:Nff33e8337dc8421d9e74b338e35a75d5 "1"^^ . + "other" . +_:N07cb32d0626a45cfbea37a7dd2a8b854 . + . +_:N250a4372ab014e66ba3eec07accb85dc . + . + . + "The relationship is known not to be exhaustive."@en . +_:N7091d1b764924e4db3551e0b422e61ba . + "the element follows the Software profile specification"@en . + _:N963f7603cd844b03bd4631e0713b1635 . + . + _:Nc8b9ea4213214eccb17ccccf3790161d . + . + . +_:Ne21f363965114243b81ce67f76575de3 _:Nf6541e98d99947d9a7ccb49088b43ea0 . +_:N3de741ac343042e6ac53564501076e44 . + . + "hasStaticLink" . + "CISA's Known Exploited Vulnerability (KEV) Catalog"@en . + _:Ne778a773be4f408192f2ed37c6143a5d . +_:N0dc54ccc3f8d4afe897d7be97f9f6928 . + "The `from` Element generates each `to` Element."@en . + . + . +_:Nc8b9ea4213214eccb17ccccf3790161d "1"^^ . + . +_:N8e672d95ff7d48e68c1ed7ecf019b269 "1"^^ . +_:N5bda6a3731444310990a06326743f6aa . +_:N942417ca6d844df0914d75b099a457f8 . + _:N4881d1614aa0403894d16c3ca276d790 . + . +_:N8b5253826157456ba3297cf9f4f8db15 _:Nff9c0c2a18f24f76bfa32806ec48ce59 . + . +_:Nadd5d6fa295c47ee82d49e5fde059110 "1"^^ . + . + "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance."@en . +_:Nbd45f3e248c84b27b2e1a0da67d47a71 _:N54d1f829ecc441b9b7d9248324cbea6b . +_:N7583808b54c947658126a7846ad7cc76 . + . +_:Nf71f6300b14a4726a20ffad899bed919 . + _:N50c6944cf3544d0ab17d40d70d7715c3 . + . + . +_:N00d83dee7aa44a7991821a46e83e5164 . +_:Ne20cfbefa1424ba79abfc89287f1eef3 . +_:Nc2ac7680f26b40408ebfc2b4bb40def7 _:Nfd592b5830bc43009e433a4172fb036b . + "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines."@en . + . + . + "An Individual Value for License where the SPDX data creator determines that no\nlicense is present."@en . +_:Nff9c0c2a18f24f76bfa32806ec48ce59 _:N64ae0543871444f6b7d2a497fcf55186 . +_:N4e1bd25f594a483ab492b4c24a5748eb _:N1314ef461724483f9bd5c56d939b17c4 . +_:Ncedd59bf4f1a4436ac8325d34d020df5 . + "Categories of confidentiality level."@en . +_:N618f8c59ed9345ca8692a68f777a0fb0 . + "System Package Data Exchange (SPDX) Ontology"@en . + . +_:Neff5f08fa9fd4aaeb51026e2484443c7 . +_:N63f963c2c8a4467bb803f9af7eaafd3d . +_:N931294357284457f9a6f643757b29e72 _:N687efc23ea2c4c0b9a09c9ca45dc49b3 . + . +_:N66b43817d95d4468bf805207af159230 . + . + . + . + . + "categorical" . + . +_:N2061c93cd5774c61823bf76c952d5242 . + "Specifies whether the License is listed as approved by the\nOpen Source Initiative (OSI)."@en . +_:Nff33e8337dc8421d9e74b338e35a75d5 . +_:Ncae19f1586924a439b37e75eb5b57ed4 . + . +_:N453a2981f56c4d3a943752e7740f87fd "1"^^ . + . + . + "2024-11-22T03:00:01Z"^^ . + "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`."@en . +_:Nedaa28cbd856413e95e7805cf2d255dd _:N2f8145031850475ba01bc466221debed . +_:Nf7fd042770064703a84cd9039273e4f7 . + . + "The class that helps note down the quantity of energy consumption and the unit\nused for measurement."@en . + . + "documentation" . + . + . + "video" . + . +_:N0e471571470240e5872be57bfd58fed9 _:Ndbf7c5384f2242b98dd62b6a8d6a503f . + . + "timestamp" . +_:N377b547285074591a904911ef1fc1977 . +_:Nd83655f2100e4025b2eefd465fc154ab . +_:N73f9586a8a7d4b978afcb9cfe998050b . + . +_:N904326509fc04cc4be66ea123ed9fdc4 _:N10002d3538094764a9c6d3893234cd04 . + . + "A reference to a Software Composition Analysis (SCA) report."@en . +_:Nfb655ff9dcc6442baa6046d411f0624c _:N8711a8ae5ca942d1bbd795a0144ca9a7 . +_:N72a328f4b7e14cb194d99b35236c3430 . + _:Nf44042158d4d4c85a5bd6a0fcb538498 . +_:N461fe7f9c28b4d81a4fb17726fc9adf6 . +_:Ndb50eefe33ac4feda6cfb13073b5324e _:N8b86dbc23a22407a9380fbd9376d3b83 . + "Copyright (C) 2024 SPDX Project"@en . +_:Nb345ac20ec3244e480ec30eee26dc06e . +_:Nf9bf03371d92462f91a54baa946fd625 . + . + . + _:Nb4381a5cee3143a482af28cf9a364f3c . +_:N187a93895c7b43bea96131212a0ba3f5 "1"^^ . +_:N236307149ca247fcad8df1b0dd41fcfc _:N88ce0438020d4326924db53dec9bd6b5 . +_:N82be0a238ea44c658a60ca20e0c8c6fa . + _:N4b7945a329d940d7a4167237a4e60e53 . + _:Ne03121e956234709bc0f8f288597ff50 . +_:N50c6944cf3544d0ab17d40d70d7715c3 . + . +_:N1647e706f6764e7d9ec4e0aa8979d0c6 . +_:N73e74213eec84d8daaa36a51dab963d6 . + _:Nf0752cee7bef48efaa39267516a6b21a . + . + . + . + . + . + "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/)."@en . +_:N8f1dd8dbe42e46fb934adf94515048b1 . + "Portion of an AnyLicenseInfo representing a set of licensing information where\nonly one of the elements applies."@en . +_:Nadd6173eaf8b4550a3ec8c90524cc599 . +_:N4ac93d52ef544d5cb73aeaeb279b7567 _:N07868b0098174c478ac47f3fbc946ff0 . +_:Nd33af007bad14a4594f7039df1c5df75 . +_:N74551d5c49b94ece99a5fdec0d58d233 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . +_:Ne94d7f462c66468a8c52086b6b54de89 _:Nb07efffce0ba43a2bcac0e3a90a48609 . + . + . +_:N14d2ccc3ee7749088945c0ba96e7a88a . + "A reference to a quality assessment for a package."@en . + . + _:Nb850dda843534d3ab3ffbadf70766fef . + . + "3.0.1" . + . + . + . + . +_:Nf5531d9c16ff4f589dff19f480634c29 . + _:Ne3b40c9739164b2eb0ae163374d9c4ac . + . +_:N187a93895c7b43bea96131212a0ba3f5 . +_:N65301d1be04341678842dfc049e2a33c . +_:N825f749765e348a0abfef75f63c1588a . + "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + "contains" . + . +_:N0d09683a42354debacdd0b0625119609 . + "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added."@en . +_:N0c49370c41124d50ac6081418cb2432d . + . +_:Nd0cfba2a98544626a8566f29105598e9 . + "2024-04-05"^^ . +_:N16cb468a2dcd423bb3654b71a6f00062 _:N7b5b4ad7f9a54d91a292ac0738539050 . +_:Nc9ccffdec66347509395f75c9845128f _:N8eab6125211e4549a03d744617823ad5 . +_:Nf71f6300b14a4726a20ffad899bed919 _:N2aa73eafba6f4d55938fb60c96ff2379 . + "exploitCreatedBy" . + . + _:Nfe1814d375d7456e843deb8cde1cf341 . + "A reference to additional product metadata such as reference within organization's product catalog."@en . + . +_:Nb345ac20ec3244e480ec30eee26dc06e . +_:N511c01e1b6a146c3bf99fe3e88272f2e . +_:Nbf6c9a626dad41fa8a0422cb3ddab7a3 . + . +_:Na1ce1658c3be4bc0b082944caae9ddea _:Nff8e6ed55f604249b913b2bbc6d8411d . +_:Nda791debefe5491aa84d61433873c630 _:N1a0279389d714631b1d12935e9f2b014 . +_:N07cb32d0626a45cfbea37a7dd2a8b854 "^[^\\/]+\\/[^\\/]+$" . + "container" . +_:Nd2a11bb8a1a14a82994d02e9dd610275 "1"^^ . +_:N0781395df11e44a6a3186f0fa8908958 . + "structured" . + . +_:Na267e7b88a344e4fbd0c59a6dc760e65 "1"^^ . +_:N184c02d9c66a4e9d988d681d20c5ddc6 . + "Provide context for a relationship that occurs in the lifecycle."@en . + . + . + . + . +_:Nb245e59ae52342bea2f1feb05bb80e79 _:N6aa0e623203745d7b1fb18b485918354 . +_:Na3b27046864941989a486e5a70e0edb4 . +_:N90cb783276d74a2881e21a08abf01e2f . + . + . + _:Na449b0b56e3540618b2a2698204edde9 . +_:Nd05558aa816f416f8c26895bb8d1d9bb . + "Provides information about the content type of an Element or a Property."@en . +_:Ne81afbff18a74c75ac853da24ab327a0 "2"^^ . + . + . +_:Ne0ff4ba19d0a41c18c6ccfc733f2193d . +_:Nf0752cee7bef48efaa39267516a6b21a . + "Provides additional purpose information of the software artifact."@en . + . + . + _:N45b62edbd5f3406dba20232288ec19fd . +_:Nc51fb19223644705a84f646344b7e9d3 "1"^^ . +_:Nf284f365ba5c4e4da40d7d7900d82744 . +_:N7676f1bbd99e47659502f87b9936453e . +_:Nf26016059c3e414da185e30155b543f5 . + . +_:N105628f6c8b040edb9db617f35f30bec "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . +_:Ncff880d9e9c24887adcf512cbce2a444 _:Ne3e1ac11e78640fab50085207414679f . +_:N4571ded3acc34f068931feecaa278a44 . + . + . + . + . +_:Nce436d556d4e4606ba37d9ad32d22967 _:Ne5e123ab8f7d4aa4b35a7442690fe19d . + "Indicates the amount of energy consumption incurred by an AI model."@en . + "bom" . + . + . + . +_:Na79e142094fb464da3de3ceb4108e4ff . +_:Nc71de92f1cc649fcab4d77d974dac329 . +_:N47d32bc3b4e04c9ab083ec76d4f22585 "1"^^ . + . +_:N30d1dbbf97fb456eb18d38b76c8004d3 . +_:N9bd771ac02cc41519919a01d4deca105 "1"^^ . + . +_:Nc51fb19223644705a84f646344b7e9d3 . +_:N0c3b30ca2bdf4cb1839bdc608bc41186 _:N0713bbcf2b1f4e23b912a81e12b5d270 . + "blake3" . +_:N3bf9008e5422473bb689602da04ccca1 . + . + "describes" . + . + . +_:Ne70b85feb564419597741ca637d61d03 . +_:N4a3178783c58491bb646a056a8dbb37a _:N615be2b8b7174608b24884d12a2039ad . + . +_:N58c62d134f5e41d78440946685ecf0cc . + . + "Describes the anonymization methods used."@en . + "hasSpecification" . + "Specifies the amount of energy consumed when training the AI model that is\nbeing used in the AI system."@en . + "Provides relevant information about the AI software, not including the model\ndescription."@en . + _:N516b1b46dbb04f1c953906f0388bf8b4 . + "A reference to a privacy assessment for a package."@en . +_:Nc6d7eec7a63445c8a64113d0e59ce02c . +_:Nfd592b5830bc43009e433a4172fb036b . + . +_:Ne93ae5d0cb664d7ab2554eaa72a23f25 _:Ne94d7f462c66468a8c52086b6b54de89 . +_:N50c6944cf3544d0ab17d40d70d7715c3 . + . + . + _:N3bf9008e5422473bb689602da04ccca1 . + . +_:Na449b0b56e3540618b2a2698204edde9 . + . + "Provides a CVSS version 4 assessment for a vulnerability."@en . + . + . +_:N45b62edbd5f3406dba20232288ec19fd _:N0eb0fa7732fb4a2db7455731d6a1ce53 . + . +_:N7a66c734ced842b4913ff95c5f5cf452 . +_:N3c163fcab8684aa09c61e78b4cbb9b38 . +_:N4a56b875349e44729e9aca40972c86cd _:N3de741ac343042e6ac53564501076e44 . +_:Nc6bdb22311b243119db2aee3b54fabe4 . + . +_:Na3b27046864941989a486e5a70e0edb4 . + . + . +_:N91adaf3024344ddcbcbf3f943faaad6b "1"^^ . +_:Ne883dfda4a7445ceb1e70f39ddd03fea . +_:N4d92ede494e34e51ba6eca91292dc0dc _:Nfc8b91023a9e4e08ae989e08b6c0b9ec . + . +_:N931294357284457f9a6f643757b29e72 . + "A relationship has specific context implications during the execution phase of an element."@en . + _:Nbb0a3a63cdba4f078c6de6eef7ff6579 . +_:Nc6d7eec7a63445c8a64113d0e59ce02c _:N30a10bdc909f4c4bb84f02821147b416 . +_:Nbd013d07f45a42d99931fe619ee4ca95 . + . + . + . +_:N0bf807da343b4645904db560abf69583 _:N1bd597d8851e43b79e3bde3fb6388627 . + . + "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period."@en . +_:N7091d1b764924e4db3551e0b422e61ba . + . + "Used when the type does not match any of the other options."@en . + . +_:Nd3d538fe1cb544b5808c51dffd844c81 . + . + "The `from` Element has been tested on the `to` Element(s)."@en . + . + "This individual element was defined by the spec."@en . +_:N2056bd91659a4260a6eb99a0cbdd9f14 . + . + . + . +_:Nf21725c3245f4286b67bd679d3351c59 _:N916e8c3c85774fcd96b700a20240ca75 . + . + . +_:Nfc8b91023a9e4e08ae989e08b6c0b9ec . + . + . +_:N453a2981f56c4d3a943752e7740f87fd . + . +_:N17c879855daa4fd7b7d7ef9da34e7ea6 _:N8ff2b7ece321489a9ff262a2c697c89c . + . +_:N73e74213eec84d8daaa36a51dab963d6 _:Ne93ae5d0cb664d7ab2554eaa72a23f25 . +_:Nf284f365ba5c4e4da40d7d7900d82744 "1"^^ . + . + "A canonical, unique, immutable identifier"@en . + . + . + "security" . + "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any."@en . + _:N737b3d5b3c8f4cb7b5fb665b52f1dd96 . + . + . + . + . +_:Ne41f054fce23460dba46863153e67567 . +_:Na5ef7f1675b84ce99e4f4ca36d200a91 . + _:Na2b089e6c69d4697ae4de61d18f020f7 . + _:Ne883dfda4a7445ceb1e70f39ddd03fea . + "Records any relevant background information or additional comments\nabout the origin of the package."@en . + . + . +_:N47d32bc3b4e04c9ab083ec76d4f22585 . + . + _:N13acbf7806c648f19f147c9073a04385 . +_:Ndb06ff981cef4e94bfdbec22badacd4d . +_:Nbbbec88245754e9d9390b9a11f0b67c2 . + "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3."@en . +_:Nd77e569c4d2d4d2c9bb29ea462bc94cc . + . + "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types."@en . + "hasOutput" . + . + . + . + . +_:N7d2dbee05b72455c995a675186de5fd1 . + . + . +_:Ne7777394524c4639973161dd3aff2db3 _:N33da303c78e142a2acc0db12f3ee6686 . + . +_:Nc85a3a5deac54465a32d993ba5434b00 . +_:Ne3e1ac11e78640fab50085207414679f . + "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom\nLicense Addition to its URI ID."@en . + "other" . + . +_:N4182e8c878544ebb842682b1ece2bd3a . + . + . +_:Nd6f4245b3ebe44e6b100782b191deb97 "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + . +_:N87131d5acc2b478ba16230f714aa0bb0 . +_:N80dac4ea19f44488ae2dc09ba1429116 "1"^^ . + . + "Property describes the invocation entrypoint of a build."@en . + "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . + . + "The Element represents software that controls hardware devices."@en . +_:Nd951591fca6c47c2985dd159db6ad52c _:N4f7ca95fbfad4d20810e92ab09220394 . +_:N1a0279389d714631b1d12935e9f2b014 . +_:N91adaf3024344ddcbcbf3f943faaad6b . +_:Ndc4add4edebe43f4821fb10dd712e481 _:N8a37deb026864cdca312209746e2caaa . + . +_:N3b695bebf32746039b555b8460ffe552 "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + "The Element is a file system image that can be written to a disk (or virtual) partition."@en . +_:Nf94717c65e4f4b86b4df261ecf26650d . +_:N825f749765e348a0abfef75f63c1588a . +_:N0b728d22a9674ecc87af12fde5aae61c _:N3899f43be1b142148dc7af5c1cd6a1b9 . + "other" . + "The Element is a test used to verify functionality on an software element."@en . +_:N250a4372ab014e66ba3eec07accb85dc . +_:Na96bc2776ef4488595f136d0fbac26a6 "1"^^ . + . +_:N0bf807da343b4645904db560abf69583 . + . + _:N7a48123f699948b5867af1fec0d7b88e . + . + . + _:Ndb06ff981cef4e94bfdbec22badacd4d . + . +_:N1d4668e7f12244a7a9407b898c9b0534 . +_:N0b3155ddb4cc46678a8dadb3eb9e5e43 . + _:Nfcc30e48020d4dd2b3493a0cd55ea457 . +_:N2aa73eafba6f4d55938fb60c96ff2379 _:N8b5253826157456ba3297cf9f4f8db15 . +_:N833dac5833c24d35a16d11f2e318aeef . +_:N63f963c2c8a4467bb803f9af7eaafd3d . +_:N7a48123f699948b5867af1fec0d7b88e "1"^^ . + "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data."@en . + . + . +_:Nebecc80c7e4045d1b3ad15ab0c1d04ec . + . + . +_:N33da303c78e142a2acc0db12f3ee6686 . + . +_:N02fadd3757064be6a0b797d8675b611e _:Nef3e82bf7eac41aa8dc101eabd0f1815 . +_:N904326509fc04cc4be66ea123ed9fdc4 "1"^^ . + "bower" . + "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment."@en . +_:N4e4b35788e1b4064b856bcd8d2cc6670 "1"^^ . + . +_:Nd2a11bb8a1a14a82994d02e9dd610275 . +_:N615be2b8b7174608b24884d12a2039ad . +_:Nbc1332652da345c49ad3c948238f404b "1"^^ . + "Provides an SSVC assessment for a vulnerability."@en . + . + "there is no support for the artifact from the supplier, consumer assumes any support obligations."@en . + . + "The Element is a bill of materials."@en . + "Describes if a given file is a directory or non-directory kind of file."@en . +_:Nba03adbea09d477299a596cac9fd8319 _:Ndbfe3b48ba714fb990a0e903863ea1ed . + "Artifact representing a serialization instance of SPDX data containing the\ndefinition of a particular Element."@en . + "hasDocumentation" . + . +_:N2847f93323fd468eab2b926c5715c994 _:N4a56b875349e44729e9aca40972c86cd . + . + "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software."@en . + . +_:Nadd5d6fa295c47ee82d49e5fde059110 . +_:N80dac4ea19f44488ae2dc09ba1429116 . +_:Nf507b9bee5ae4254bafe4ce3c72a9f18 . + . + . + "any hashing algorithm that does not exist in this list of entries"@en . +_:Ne03121e956234709bc0f8f288597ff50 . + . + "npm" . +_:N7583808b54c947658126a7846ad7cc76 _:N4466be96ec5a4942b916c3f1fad2d3ee . +_:N10f5cc15b506459db381c02764d60e76 . + "the element follows the Lite profile specification"@en . + . +_:Nbc8ae53aacf942ca88840a6c1d655d6c _:N58021835a49a4b959f9428f8df7f7198 . + "A distinct article or unit within the digital domain."@en . + "Provides a map of a property names to a values."@en . +_:N29cadfcf5dfa4e73b1b0f56fa6e4352f _:Nb2747510507b404f9243bfd7225f629d . + . + . + . +_:Nb916f2dfc1c640bd8e0dac9bb5956172 _:N57e86c05425144f4a08e64395a0d5e1d . + "The `from` Element is amended by each `to` Element."@en . + . + . +_:N942417ca6d844df0914d75b099a457f8 . +_:N2aa14aff363e4fc1ab2ed86f71eb8873 . + "lite" . +_:N3bf9008e5422473bb689602da04ccca1 . +_:N37829b662873490d9964f7bbbc300fce . + . + _:Nf71f6300b14a4726a20ffad899bed919 . + _:Naf01116eff7c4759be95f8f97c257d9c . +_:Ndb31c53559be41e0b28e79b74da0b557 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + . + "source" . + . + _:Nca9532c3dd0b421e95d0800b68e3442a . + "An individual human being."@en . + "license" . + "A mathematically calculated representation of a grouping of data."@en . +_:Nc7f12b88e8f5489dacbbfeb81192696a . +_:Nc22ee04d695b4582bd604f6206900620 "1"^^ . + . + "Indicates absence of the field."@en . +_:N78c7513398064da1a55c5df1b3c96444 . +_:N13396ee366a94de388e2aff47754e81f "1"^^ . +_:N53970517ea09401691d51549f8e0fd90 _:N77f1a43a35e5447c83116261ae574acc . + _:N7091d1b764924e4db3551e0b422e61ba . + . +_:Nbc1332652da345c49ad3c948238f404b . + "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it."@en . +_:Naf01116eff7c4759be95f8f97c257d9c . +_:N5a0ed5449f124c1e9ea7b05f0826cabd _:Ne64dea82135241279d97934d928f2d35 . +_:Na449b0b56e3540618b2a2698204edde9 "1"^^ . +_:N05edbc4959e844438800e546abaebaea . +_:N825f749765e348a0abfef75f63c1588a "1"^^ . +_:N89d38dc48bd64f1d894f7f8c5494c264 _:N0d2bee57931544d786ff3bc0afb223b0 . +_:N98018fef19484e2fae944af82b21920e "1"^^ . + _:Nb345ac20ec3244e480ec30eee26dc06e . +_:N6aa0e623203745d7b1fb18b485918354 . +_:N675847984777421d9fb9b171cdf0bb53 . +_:Nc9ddcdf86e874968aa8f5ba821975eb4 . +_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b . +_:Nd91122440e7149a28656eb9394e082b2 _:Nb2f2a5ddadbe4718954d50737f92e201 . +_:N23a349d7f4a14351adf4c70293152926 . +_:Ndaeba75fb43b4db7b777e9b00ecd7064 . + . + . + . +_:N187a93895c7b43bea96131212a0ba3f5 . +_:N4dcad64fd9cf4af2b8d6ea98d6c5450a . + "The second-highest level of risk posed by an AI system."@en . + . + "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)."@en . + . + "staticAnalysisReport" . +_:Ne06f01bddfb24f69a9e1c0ba9694b11d . + "Provide the enumeration of possible decisions in the\n[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)."@en . +_:Nc6d18260ddfa478b84c2dc19c2059aa2 . + . + . + "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle."@en . + . +_:N7eb015d497fc4c09bb8530f59c65624d _:Nbd0d551be201428eb241c70d0e315cfa . + . + "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . +_:N95b6da49b56e4298924cd2f153f00905 . + _:N7c7a260c778e4d4491ba75a0fe083ebe . +_:N87131d5acc2b478ba16230f714aa0bb0 "^[^\\/]+\\/[^\\/]+$" . + "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used."@en . + . +_:N10002d3538094764a9c6d3893234cd04 . + _:Nbdc672a90df4480da8648bd31507d48e . + "Defines the byte range in the original host file that the snippet information\napplies to."@en . + . + _:N951ec4cbce414b3bab847840bf18d59f . + . + . + "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)."@en . +_:N220b4463e39147e99e8eeeb9974c5370 _:N75f6c4472b7b45349200afcce0dbacef . + "Describes how the dataset was collected."@en . +_:N87131d5acc2b478ba16230f714aa0bb0 . + . + . +_:N163b018b3d984833a5523252ed920c58 . + . + . +_:N626b5ad29167479dabae9a9177315404 . + . +_:N00d83dee7aa44a7991821a46e83e5164 . + . + . +_:Nce6e2333750a40619f2e93e40be35d7e . + "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . +_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b . + . +_:N0713bbcf2b1f4e23b912a81e12b5d270 _:Nbd013d07f45a42d99931fe619ee4ca95 . + . + . +_:N0781395df11e44a6a3186f0fa8908958 . + "vulnerableCodeNotInExecutePath" . +_:Neff5f08fa9fd4aaeb51026e2484443c7 _:N16cb468a2dcd423bb3654b71a6f00062 . + . +_:N2aa14aff363e4fc1ab2ed86f71eb8873 _:N6ac0694afb0c40c1bb0988b0569f0cb4 . + _:Nd6f4245b3ebe44e6b100782b191deb97 . + . +_:N5a0ed5449f124c1e9ea7b05f0826cabd . +_:Nbffaba2351c747ef8e380b89888a5f14 . + . + . + "certificationReport" . +_:Na3925605d49b4db382603ae946c37f51 "1"^^ . +_:N683c5b7b252949bda929dd4befe8bb50 . + . + . +_:N5a2b8b0073a54a3db4d6092f1c5043ed _:Nc1bb7a1b7d034342906511e27e066abc . +_:N95c7a63c89e94f8d9ceb0dd0c34ac9e3 . + _:N4278c3d777ea4ebd81cd23af80459c2d . +_:N8711a8ae5ca942d1bbd795a0144ca9a7 . + . +_:N4f9424fdcb0643a6b8dbd2c83de164a1 . +_:N1a0a0b40de254f55a8372bba19b60496 "1"^^ . + "executable" . + . +_:N6369a0cffc0445e888c1e30a54a5be5d _:Ncc35596b6f164968b0bd35143cbc52ea . +_:N10ab85203a394bd3ba6ef86074d64233 _:N0b353053b3cd41e89351acf39abb719c . + . + . + . +_:N315dc3dd043c41a49ffaaba74d10eeb0 _:N4e6142c3e2dd4f3f9e2aed1df9452bc7 . +_:Naa7e95f812804669b3e89daed8d27b21 . + . + . + . + . + . + "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling."@en . +_:N03140b327b9d4620b37b847528c7140b . + . + _:N1a0a0b40de254f55a8372bba19b60496 . + . + "hasMetadata" . + . + "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period."@en . +_:N5011f0cdb4544a70b796520ecd436a25 . +_:Nf4e0c03b381d4fb584571d8fdd2ca0a7 _:Nc15495aea74e4883afce40f042a057d5 . + _:Nf9bf03371d92462f91a54baa946fd625 . + . + _:N80dac4ea19f44488ae2dc09ba1429116 . +_:Na2b089e6c69d4697ae4de61d18f020f7 "1"^^ . +_:N731241b6024d4e109893eb1354404ec5 . + . +_:N184c02d9c66a4e9d988d681d20c5ddc6 _:N32f50a51e84f4a2499a5d17f54bbed6b . + . + "core" . + . + . +_:N9eda1b52fa264730ab0b383d300e1726 . + . +_:Na0242fde5c314aa599a3a00cfb01634c _:N694e3d4238ff4006b46b450b91f4179a . +_:N68e2aefd82ab40c59cc6c2bfeab0adc4 "1"^^ . +_:N897df0f6e23b488988a2d2db8aad5bc4 . +_:N2dbc8b0a30da433a94050a3ab1190bb8 _:Nf10e65ca64f84003827c23ef339743e5 . + "Describes a sensor used for collecting the data."@en . +_:N4382805b6a5947d38ffcfd8b182bddbf . + . + . + . + . + "A type of extension consisting of a list of name value pairs."@en . + "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript."@en . + . + . +_:N5b2e4dda703849e4933338ff0970e968 . + . +_:N037a9f94d4da4593a56a6804fca57483 . + "When a CVSS score is 0.0"@en . + "trainedOn" . + . +_:Nda791debefe5491aa84d61433873c630 . + . +_:N89d641eef49d4a5f9ef42bfe5c4221bd _:N230a41f8c8d549b8844a37595ce56867 . +_:N8f24e4128c124ec08b9e80f45a43dd1e . +_:Nbac401e4be1249dd86dd149952baf59b "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + . + "model" . +_:N036299b1f2af44eeb966da8a1217ac9e . + . + "the element follows the Dataset profile specification"@en . +_:Ncc35596b6f164968b0bd35143cbc52ea . + . + "The version of the SPDX License List used in the license expression."@en . + "securityOther" . + _:Nd77657e0b19d459c931f64f48ed7e1a6 . +_:Nf58f6bed32c5414ca98526a5d6a7b6dc . + . + . +_:Nf593d6da70614e2581430bd37d9cd4ef . + . +_:Ne64dea82135241279d97934d928f2d35 _:Nbf6c9a626dad41fa8a0422cb3ddab7a3 . +_:Ncf68ed04ac534a92808a38217fa55530 . + . + . +_:Na2b089e6c69d4697ae4de61d18f020f7 . + "high" . + "3.0.1" . +_:Nfbb5f5e996be44989d31d47d46540443 . + . +_:N73e74213eec84d8daaa36a51dab963d6 "1"^^ . + "Provides an ExternalMap of Element identifiers."@en . + . +_:Nf593d6da70614e2581430bd37d9cd4ef _:N132cde65c9b14a1694d400388aecf0cc . +_:N0e31c4b45c4b442e9f1d32ab917a76ae _:N0e471571470240e5872be57bfd58fed9 . + _:Nbac401e4be1249dd86dd149952baf59b . +_:Ndb06ff981cef4e94bfdbec22badacd4d _:N0e4d30a5dd60459dbbb5efc7333deb37 . + . +_:N02daaf1ea3874989948c16e26274de9f _:N06a4b77ca26e4742a10723dc3349c395 . + . + . + "Identifies the name of an Element as designated by the creator."@en . +_:N59f692071bb64860ab9f02cfb4670088 . + . + "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)."@en . + . + "data type is not known."@en . + . + _:N5a2b8b0073a54a3db4d6092f1c5043ed . +_:N54d1f829ecc441b9b7d9248324cbea6b _:N96120491adc84204822952240ddadf13 . +_:N70cbc4a60eda4e648df0df882fab278d _:N4c8c5257e6c144099de859c3f43b1961 . +_:Nf21725c3245f4286b67bd679d3351c59 . +_:Ne778a773be4f408192f2ed37c6143a5d . + . + . + _:N904326509fc04cc4be66ea123ed9fdc4 . +_:N261545ecf40d4f65bf47dc050598e90f . + "Records the results of general safety risk assessment of the AI system."@en . + . + . +_:Ncba4137ebcf84a728acd12bde91130e9 _:N8ec4229c1a674693bde766506ca93e87 . + . + . +_:Nccde3ac271484f91b83ed5fb2e1d70c9 . +_:N4278c3d777ea4ebd81cd23af80459c2d . +_:Nac0a6f045e7e4efd9dbaf01201286a14 . +_:N38e1279dca3f4e53be4eb3245a0e4ec2 . + "The affected code is not reachable through the execution of the code, including non-anticipated states of the product."@en . +_:Nc9ccffdec66347509395f75c9845128f . + . + . +_:N4382805b6a5947d38ffcfd8b182bddbf "1"^^ . + . + . + _:Nae8e63939c7c4cf4aa4ba555362d775c . + "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . +_:Nfd592b5830bc43009e433a4172fb036b _:N9b9dc778bc5c415fad7f82cf4f6047d2 . +_:N3899f43be1b142148dc7af5c1cd6a1b9 _:N0274510beacf46b0b7cd7048ff3cbb4d . +_:N9b9dc778bc5c415fad7f82cf4f6047d2 . + . +_:Nce6e2333750a40619f2e93e40be35d7e . + "md2" . +_:Nd8679c5e3311467ca097a4151ac8fa54 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . +_:N2b7fa052bf664f2a9e1923831d282602 . +_:Nd0d48abef81b4c44a952c0925a6e30a9 . + "other" . + "deviceDriver" . + . + . +_:N0b3155ddb4cc46678a8dadb3eb9e5e43 _:N1dd7c94072d1478ca91bee2c7af967a8 . + . +_:N3ba51db196c04386ae47cb64aab6c95c . +_:Nd8679c5e3311467ca097a4151ac8fa54 . + "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact."@en . +_:N0e31c4b45c4b442e9f1d32ab917a76ae . + . +_:Nc9235a4485e64fff9b1298095061a58e . +_:N73f9586a8a7d4b978afcb9cfe998050b . + "sha3_512" . + _:N7d2dbee05b72455c995a675186de5fd1 . + . +_:Nece0b4f721a847f98727202b50f4a753 _:N210fbcf85b384009a2cee68e4a7e6b78 . + . + . + "Defines the line range in the original host file that the snippet information\napplies to."@en . + . + . +_:Nda71586c3c6541b4a6a907d316dca405 . +_:N1647e706f6764e7d9ec4e0aa8979d0c6 . + . + "module" . +_:Nbdc672a90df4480da8648bd31507d48e . +_:N4a3178783c58491bb646a056a8dbb37a . + "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it."@en . + . + . + . +_:N034bf868068348fb92f2f33976cad5ae . + _:N47d32bc3b4e04c9ab083ec76d4f22585 . + "Specifies the SSVC decision type."@en . +_:Na92e8ceda7e548bb9a144c2e9c857639 . +_:N8ff2b7ece321489a9ff262a2c697c89c _:N542022ab56194a2184bd872572ca204b . +_:N1aac3c1c2ffb45d79910e133d9ec02f9 . +_:Nca9532c3dd0b421e95d0800b68e3442a . +_:N986501d57648498ea8ed156092baf32c . + "A License participating in an 'or later' model."@en . +_:Ne70b85feb564419597741ca637d61d03 "1"^^ . +_:N13acbf7806c648f19f147c9073a04385 . + _:N30d5cdb21c144005b1d74c81aa0e129e . + "mailingList" . + "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)."@en . +_:N9eda1b52fa264730ab0b383d300e1726 . + "Provides an indication of where to retrieve an external Element."@en . + . + "packagedBy" . +_:N542022ab56194a2184bd872572ca204b _:N036299b1f2af44eeb966da8a1217ac9e . +_:Nf5531d9c16ff4f589dff19f480634c29 "1"^^ . +_:N48b3e9d109d34fdeaa6cbef58c05c171 . +_:N0eb0fa7732fb4a2db7455731d6a1ce53 . + . +_:N91d11db27b28462b8545b78734a27503 "1"^^ . + "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage."@en . + _:N8bdb3da6da754d98843024e1dcbe3e43 . + . +_:N02daaf1ea3874989948c16e26274de9f . +_:Na92e8ceda7e548bb9a144c2e9c857639 "1"^^ . + . +_:N1bd597d8851e43b79e3bde3fb6388627 _:Neff5f08fa9fd4aaeb51026e2484443c7 . + . +_:Nd11df36dd5014f759eab790e847b9857 "1"^^ . + . +_:N0d2bee57931544d786ff3bc0afb223b0 . +_:N942417ca6d844df0914d75b099a457f8 "1"^^ . + . + . + . + "design" . +_:N88ce0438020d4326924db53dec9bd6b5 _:N722c45f262084ffa9b063b852952397b . + . +_:Nf6f1751e3ea84341bdeec66f7c44a8ce . + "This property is used to denote the root Element(s) of a tree of elements contained in a BOM."@en . + "build" . +_:N91fee785616543dd9952683d70d387bf . + _:N95b6da49b56e4298924cd2f153f00905 . + "Identifies the full text of a LicenseAddition."@en . + . + "the element follows the Extension profile specification"@en . + "Provides a License author's preferred text to indicate that a file is covered\nby the License."@en . + . + "A collection of Elements, not necessarily with unifying context."@en . +_:N4dda90621fe746a2972ace6f1e26f9c9 . + "Captures a limitation of the AI software."@en . + . + . + . +_:Nb916f2dfc1c640bd8e0dac9bb5956172 "1"^^ . +_:N8692a82c280845c3a6fa37c02ddae229 "1"^^ . +_:N58c62d134f5e41d78440946685ecf0cc . + . + "SPDX Project"@en . + _:N894cee407d8747ec8adc2f05ce722a86 . +_:Nd2a11bb8a1a14a82994d02e9dd610275 . + . + "adler32" . + "Identifies the full text of a LicenseAddition, in SPDX templating format."@en . +_:Ndde9f898797c42b989ef522557debf64 . + "Kilowatt-hour."@en . + . +_:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3 . + "build" . + . +_:Nad909dcc4fad4339a9eb809fabd6a871 . +_:Nf4e0c03b381d4fb584571d8fdd2ca0a7 . +_:N57e86c05425144f4a08e64395a0d5e1d _:N833dac5833c24d35a16d11f2e318aeef . +_:N7f2c8d25f5df4c27b35c70d38090eab3 _:N8186b6d9dc534ac1b7a906d040a88d6a . + "funding" . + . + "A place for the SPDX document creator to record a website that serves as the\npackage's home page."@en . + . + . + . + "other" . + "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)"@en . +_:Ne70b85feb564419597741ca637d61d03 . + "clickthrough" . + "Represents the energy quantity."@en . + . +_:N737b3d5b3c8f4cb7b5fb665b52f1dd96 . +_:N06a4b77ca26e4742a10723dc3349c395 _:N03140b327b9d4620b37b847528c7140b . +_:Nf6f1751e3ea84341bdeec66f7c44a8ce _:N0c49370c41124d50ac6081418cb2432d . + "analyzed" . +_:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0 . +_:N5f694c64068844ca80652791ca7749d9 _:N4dda90621fe746a2972ace6f1e26f9c9 . +_:Nf5531d9c16ff4f589dff19f480634c29 . + "platform" . + . + . + . + . + "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource."@en . + "Identifies the full text of a License, in SPDX templating format."@en . +_:N377b547285074591a904911ef1fc1977 "1"^^ . + . + _:N4aa1ea2c440f4aecb7a6656a599fbf22 . + . + . + . +_:N82be0a238ea44c658a60ca20e0c8c6fa . +_:N85ad449141be453592e9e80c2bc379f4 . +_:N9a582f09d0b7426d81ae74b09a5ed252 . +_:N1a0a0b40de254f55a8372bba19b60496 . + _:Nb3e77cdb9a14442eafb0659c7081c110 . + . +_:N57e86c05425144f4a08e64395a0d5e1d . + . +_:N3bf9008e5422473bb689602da04ccca1 . + "A short description of an Element."@en . + . +_:Nfc3f4dc279d7471b83aa1a9df09f8d3f _:N64a80dfe5e954cf59753ab8a96e4eff3 . + "Identifies the download Uniform Resource Identifier for the package at the time\nthat the document was created."@en . + "The `from` Element contains each `to` Element."@en . + "swhid" . + "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label."@en . + "A map of Element identifiers that are used within an SpdxDocument but defined\nexternal to that SpdxDocument."@en . + "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply."@en . + "scrapingScript" . + . + . +_:Na3743aad0c334d06a729f81988609c9f . +_:N8e672d95ff7d48e68c1ed7ecf019b269 . + . + "The third-highest level of risk posed by an AI system."@en . + . + . + . +_:N024478cff6eb4ef48dc45dabdb7b0a35 . +_:N29e8eb1e03be45ae92093e6937585f14 . + . + "Used when there is a security related identifier of unspecified type."@en . +_:N786a3eaa8fbe4cf0bb67c4e086fa8b5b . +_:N037a9f94d4da4593a56a6804fca57483 _:N163b018b3d984833a5523252ed920c58 . + . + . +_:Nd33af007bad14a4594f7039df1c5df75 "1"^^ . + . +_:Nce6e2333750a40619f2e93e40be35d7e "1"^^ . +_:N30d5cdb21c144005b1d74c81aa0e129e "1"^^ . +_:N91d11db27b28462b8545b78734a27503 . + . + . + "configures" . +_:N61b9a25cae674e199ce6572456d8e72f . +_:Nb3e77cdb9a14442eafb0659c7081c110 . + . + . + . + "the element follows the Security profile specification"@en . + "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period."@en . +_:N72dd028519c2443b94229cfc4a2639bc "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + . + "Base domain class from which all other SPDX-3.0 domain classes derive."@en . +_:N44928392b4d8458f847c7fd69533d2ee _:N0b3155ddb4cc46678a8dadb3eb9e5e43 . +_:N4f925ef656b840928e22aa51252c2976 _:Ndb50eefe33ac4feda6cfb13073b5324e . +_:N4ad4011b5f8c44cbb3e76f5da0885cfd . +_:Ndcdb30d7deca45a8bc3e563144933f0e . + . + "hasPrerequisite" . +_:N47d32bc3b4e04c9ab083ec76d4f22585 "1"^^ . + . +_:N261c61aa119e4f4e9ce3c9387fb29c9f . +_:N507c6135f8424e8db67fe59ae93eb464 _:Nc6d7eec7a63445c8a64113d0e59ce02c . +_:N2a72f2e0c3d44dd5ac4c0633f336d556 . +_:Nf6541e98d99947d9a7ccb49088b43ea0 _:N931294357284457f9a6f643757b29e72 . +_:N220b4463e39147e99e8eeeb9974c5370 . +_:Na1cdda0a73e94e598b769cac4a5a5cb8 . + . + _:Nba03adbea09d477299a596cac9fd8319 . +_:Ne70b85feb564419597741ca637d61d03 "1"^^ . + "The `from` Element has manifest files that contain dependency information in each `to` Element."@en . +_:Nff9c0c2a18f24f76bfa32806ec48ce59 . + . + . + "issueTracker" . + . + _:Nd385c846dfa14371a0a3697f7168b4c1 . + "Describes methods that can be used to explain the results from the AI model."@en . + "Describes a certain part of a file."@en . + . + "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion."@en . + . + "Specifies the time from which an element is no longer applicable / valid."@en . +_:N72a328f4b7e14cb194d99b35236c3430 . + . + . + _:N763c69315ee040a88ca27b5205984626 . +_:Nd11df36dd5014f759eab790e847b9857 "1"^^ . + "2024-11-22T03:00:01Z"^^ . + _:N5011f0cdb4544a70b796520ecd436a25 . +_:N288949a61054447689377b531414e0b7 _:N41fda4edc0294fce84cdb5688d8ef9ef . +_:Nca9532c3dd0b421e95d0800b68e3442a . + "hasAssessmentFor" . +_:Nb8a14d0c45314542aa2d6a98232399be . + . +_:Nb0ab9a298e9845b1b1b770398def929d . + "device" . + . + "inlineMitigationsAlreadyExist" . + . + . +_:N2c7697a923534e9988689746f1d03e41 _:Nf4e0c03b381d4fb584571d8fdd2ca0a7 . + . + . +_:N70cbc4a60eda4e648df0df882fab278d . + "Captures the domain in which the AI package can be used."@en . + "securityThreatModel" . + "Provides a set of values to be used to describe the common types of SBOMs that\ntools may create."@en . + . +_:N6e913b09266e498887238fae6898e289 . +_:N4aa1ea2c440f4aecb7a6656a599fbf22 . + . +_:N269b628c85f04f5d8a10fa3c500745a4 . +_:Nce6e2333750a40619f2e93e40be35d7e . +_:N3b50e4323e8b4d388d8d522e18a49070 _:Nac0a6f045e7e4efd9dbaf01201286a14 . + . + . + "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends."@en . + "diskImage" . + "vulnerableCodeCannotBeControlledByAdversary" . +_:N348ad67a2abe4f9d929b1e20acc594b5 _:N52399fdf517c416ebb2e470463b71b5d . + . +_:N8692a82c280845c3a6fa37c02ddae229 . + . + . + _:N80dc66a1ccec469392596c5291fa2864 . + "A substitute for a URI."@en . + "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)."@en . + "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + . +_:N2a72f2e0c3d44dd5ac4c0633f336d556 . +_:N3b695bebf32746039b555b8460ffe552 _:Nb8a14d0c45314542aa2d6a98232399be . +_:N4d2df683a0ea4c39be288b78f9e61ca4 . +_:N66b43817d95d4468bf805207af159230 . +_:Nd33af007bad14a4594f7039df1c5df75 . + . + . + . + . + . + "No assertion can be made about the completeness of the relationship."@en . + . + . +_:N8bdb3da6da754d98843024e1dcbe3e43 "1"^^ . +_:N2aa73eafba6f4d55938fb60c96ff2379 . + . + . +_:Nfe1814d375d7456e843deb8cde1cf341 "1"^^ . + _:Ne68051bb209048da9a57bc5dbaf28bf0 . +_:Nc38c872821b548ee8f430a027b2d711f "1"^^ . +_:Nd3d538fe1cb544b5808c51dffd844c81 . +_:N98018fef19484e2fae944af82b21920e . +_:N39638ea4b52f4236b7a808cb979d2f4b . +_:Nbd47cac50394462f9015e00ec4b449a6 "1"^^ . +_:N8ff2b7ece321489a9ff262a2c697c89c . +_:N9eda1b52fa264730ab0b383d300e1726 . +_:Ne820a8ec67114d53b03a71f5f7be31f5 . + . +_:Ne11c75cafdb0438299216847b06716cf "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact."@en . + . + "3.0.1" . + . + . + _:Nd8679c5e3311467ca097a4151ac8fa54 . +_:N951ec4cbce414b3bab847840bf18d59f . + _:N9eda1b52fa264730ab0b383d300e1726 . + . + . +_:Nebecc80c7e4045d1b3ad15ab0c1d04ec "1"^^ . + _:N163fe4499b2a454a9641b23118bf53ae . + _:Ne70b85feb564419597741ca637d61d03 . + . +_:Nfbd3df443088485abe551fc6374a3c4c _:N1256cfafa26e453a9d5f8b08cc5920d7 . + . + . + _:N00d83dee7aa44a7991821a46e83e5164 . + . + "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability."@en . +_:Nedaa28cbd856413e95e7805cf2d255dd . +_:N329ecc1447f349cc968623ddffe6a2f7 . + "invokedBy" . + "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + "componentNotPresent" . +_:N0eb0fa7732fb4a2db7455731d6a1ce53 _:Nd73c69088f734dffb4cc9539c637aecf . + "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability."@en . + . + . +_:Nfb655ff9dcc6442baa6046d411f0624c . +_:N687efc23ea2c4c0b9a09c9ca45dc49b3 _:Nc91762ec925048e0a85d224bd2bd6d32 . + . +_:N377b547285074591a904911ef1fc1977 . + . + . + "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . +_:N4dcad64fd9cf4af2b8d6ea98d6c5450a _:N264b55b33a4549a6a131d79763879896 . +_:N0a961d271f304c8cbb2e0a1307a9d8ad . + . +_:Nf284f365ba5c4e4da40d7d7900d82744 . + . + "Provides information about the primary purpose of the software artifact."@en . + "Identifies the full text of a License or Addition."@en . + "foundBy" . + "hasConcludedLicense" . +_:Nf41c7f62f52f4c10b14344ec13dfe1e5 . + . + . + "The Element is a machine learning or artificial intelligence model."@en . +_:Nd11df36dd5014f759eab790e847b9857 . + _:N5d195bb929fc404584503e9c9b17a526 . + "Identify the version of a package."@en . + _:N675847984777421d9fb9b171cdf0bb53 . + "sha3_224" . +_:N2847f93323fd468eab2b926c5715c994 . +_:Nd385c846dfa14371a0a3697f7168b4c1 . +_:N4466be96ec5a4942b916c3f1fad2d3ee _:N14d2ccc3ee7749088945c0ba96e7a88a . +_:N1bd597d8851e43b79e3bde3fb6388627 . + . + . + . +_:N4d86b5ad122d431bbf443326643a51df _:Nfbd3df443088485abe551fc6374a3c4c . + . + "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification."@en . +_:N14d7232930234cad917631e1993d7ccd . +_:Na42e3794f624483e818646ed683c5ba2 . +_:Nfe1814d375d7456e843deb8cde1cf341 . +_:Nc38c872821b548ee8f430a027b2d711f . + "vcs" . + "exportControlAssessment" . + . + . +_:Nbd47cac50394462f9015e00ec4b449a6 . + "sha256" . + "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)."@en . +_:N3c34004e669a4f809790739b55299420 . + _:Nc7f12b88e8f5489dacbbfeb81192696a . + "email" . + . + _:N82be0a238ea44c658a60ca20e0c8c6fa . +_:N1dd7c94072d1478ca91bee2c7af967a8 _:N34cf4751490f48f9852ff2fa143a6321 . +_:Nc6d18260ddfa478b84c2dc19c2059aa2 . + "Defines the original host file that the snippet information applies to."@en . + "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)."@en . +_:N3899f43be1b142148dc7af5c1cd6a1b9 . + "Records the time when a recommended action was communicated in a VEX statement\nto mitigate a vulnerability."@en . + . + . + . + . +_:Ndbfe3b48ba714fb990a0e903863ea1ed . + "cwe" . + "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service."@en . + . + . + . + "Property that describes the digest of the build configuration file used to\ninvoke a build."@en . + "Defines the end of a range."@en . + "serious" . + "Commentary on an assertion that an annotator has made."@en . +_:N3bf9008e5422473bb689602da04ccca1 "1"^^ . +_:N91adaf3024344ddcbcbf3f943faaad6b _:N2aa14aff363e4fc1ab2ed86f71eb8873 . + "simpleLicensing" . + "Provides the license under which the SPDX documentation of the Element can be\nused."@en . +_:Nbbbec88245754e9d9390b9a11f0b67c2 "1"^^ . + "purchaseOrder" . +_:N68767751c5f64fc1afe82f2dcbae6636 _:N1358bfc70dc14db6aa3a799228bc2fdd . + "A reference to a export control assessment for a package."@en . +_:Nbd14f0a1267744e89f6930e710689414 . +_:Na449b0b56e3540618b2a2698204edde9 . + . + _:N328adb4bb1ec422084a2169890188a03 . +_:Nf71f6300b14a4726a20ffad899bed919 "1"^^ . +_:Nbac401e4be1249dd86dd149952baf59b . + . + _:N8e672d95ff7d48e68c1ed7ecf019b269 . +_:N5ab248e680454bbcb3ed254de24ac49f . + . +_:N163fe4499b2a454a9641b23118bf53ae . + _:N453a2981f56c4d3a943752e7740f87fd . + "coordinatedBy" . +_:N626b5ad29167479dabae9a9177315404 . +_:N243ef6907efb40d38e00f4430d63fc19 _:N9ed65925a89e40e8b7faaa925d739c72 . +_:Nda71586c3c6541b4a6a907d316dca405 . + . +_:Ndc659c8552d54ab684aadbdacdbd7a8d . +_:Ne5e123ab8f7d4aa4b35a7442690fe19d . +_:N0274510beacf46b0b7cd7048ff3cbb4d . + _:N5ab248e680454bbcb3ed254de24ac49f . +_:N68e2aefd82ab40c59cc6c2bfeab0adc4 . + . + . +_:N4e6142c3e2dd4f3f9e2aed1df9452bc7 . + . + . + "Indicates whether the system can perform a decision or action without human\ninvolvement or guidance."@en . + "noAssertion" . + . + . +_:N66595c518c6248f69bdca82dccebf454 _:Na82fb3a822a04f6180f1ca7808276d8f . + "Records the measurement of prediction quality of the AI model."@en . +_:Nd0cfba2a98544626a8566f29105598e9 _:Na79e142094fb464da3de3ceb4108e4ff . +_:N5f694c64068844ca80652791ca7749d9 . + . +_:N0781395df11e44a6a3186f0fa8908958 . + . + "review" . +_:Nd77657e0b19d459c931f64f48ed7e1a6 . + "A reference to the patch or source code that fixes a vulnerability."@en . + . + . +_:Nc5485992ed4e4cbea07fa6d87ee716ac . + "blake2b256" . + "runtimeAnalysisReport" . + . + _:Nf41c7f62f52f4c10b14344ec13dfe1e5 . +_:Nfcc30e48020d4dd2b3493a0cd55ea457 . + . + "Specifies a data package and its associated information."@en . + _:Ndaeba75fb43b4db7b777e9b00ecd7064 . + "This individual element was defined by the spec."@en . +_:Nf7fd042770064703a84cd9039273e4f7 "1"^^ . + . +_:N65301d1be04341678842dfc049e2a33c . + "A reference to a social media channel for a package."@en . + "Provides the location of an exploit catalog."@en . + "data is of a type not included in this list."@en . +_:Nff33e8337dc8421d9e74b338e35a75d5 . + _:N1d4668e7f12244a7a9407b898c9b0534 . +_:N13f4d81403034faaa93ea1abc3bd3d91 . +_:Ndb31c53559be41e0b28e79b74da0b557 "1"^^ . +_:N73e74213eec84d8daaa36a51dab963d6 "1"^^ . + _:N954579de61d84bef909737ad4568a536 . +_:N68e2aefd82ab40c59cc6c2bfeab0adc4 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + _:Nc6d18260ddfa478b84c2dc19c2059aa2 . + . +_:Ne7777394524c4639973161dd3aff2db3 . + "registration" . +_:Nbb0a3a63cdba4f078c6de6eef7ff6579 _:Ncedd59bf4f1a4436ac8325d34d020df5 . +_:N58b8de667bb54771976a5e86a8a8139a . +_:N9bb1cced9aa14e08b36ebf9f952b1d01 . + "This individual element was defined by the spec."@en . + . +_:Ne883dfda4a7445ceb1e70f39ddd03fea "1"^^ . + . + _:Nf284f365ba5c4e4da40d7d7900d82744 . +_:Nd0ec388aab40469ab0a4297c30e0c906 _:N9c1ccbc2b86f454395a450f736b67eec . + "The file represents a single file (default)."@en . + "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License."@en . + "chat" . +_:N6946aaeee89545da9d91b8527c54139a . + . +_:N58021835a49a4b959f9428f8df7f7198 _:Nd77e569c4d2d4d2c9bb29ea462bc94cc . + . +_:N6be5db9035a14b779b13bfa0a5a51c3e _:Nd83655f2100e4025b2eefd465fc154ab . +_:Nb3e77cdb9a14442eafb0659c7081c110 "1"^^ . + . + "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships."@en . + . +_:N683c5b7b252949bda929dd4befe8bb50 _:N991d42b910e64656b45d7c4ce9e7f5e3 . + "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)."@en . + . +_:N2b94274553ab4bc2bbc78307f39b3327 "1"^^ . + "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship."@en . +_:Nba03adbea09d477299a596cac9fd8319 "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en . + . + . +_:N0f568f8825144082a14a0e000b8ff13f . +_:Nae8e63939c7c4cf4aa4ba555362d775c "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . +_:N8e672d95ff7d48e68c1ed7ecf019b269 . + . + "crystalsDilithium" . +_:N0d09683a42354debacdd0b0625119609 . + "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . +_:Nc3c21678fc9a459784f054a6954a9aa8 . + "Provides a CVSS version 2.0 assessment for a vulnerability."@en . + _:Na267e7b88a344e4fbd0c59a6dc760e65 . + . + "The Element provides low level control over a device's hardware."@en . +_:N2056bd91659a4260a6eb99a0cbdd9f14 . +_:N0753f471dae945e885cde15702c705bb . + . + "runtime" . + "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."@en . +_:N3c163fcab8684aa09c61e78b4cbb9b38 . + . +_:N7a48123f699948b5867af1fec0d7b88e . + "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing."@en . + _:Nc9ddcdf86e874968aa8f5ba821975eb4 . +_:N07868b0098174c478ac47f3fbc946ff0 _:N2061c93cd5774c61823bf76c952d5242 . +_:N95b6da49b56e4298924cd2f153f00905 . + "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency."@en . +_:Nf7fd042770064703a84cd9039273e4f7 . +_:Nf41c7f62f52f4c10b14344ec13dfe1e5 "1"^^ . +_:N8bdb3da6da754d98843024e1dcbe3e43 . +_:Ne778a773be4f408192f2ed37c6143a5d . +_:Na5ef7f1675b84ce99e4f4ca36d200a91 _:N14d7232930234cad917631e1993d7ccd . + "Abstract class representing a License or an OrLaterOperator."@en . + . + "When a CVSS score is between 9.0 - 10.0"@en . + . +_:Ndb31c53559be41e0b28e79b74da0b557 . + "test" . + . + . + . +_:N45b62edbd5f3406dba20232288ec19fd "1"^^ . +_:Ne64dea82135241279d97934d928f2d35 . + "binaryArtifact" . +_:N0b728d22a9674ecc87af12fde5aae61c . + "Describes the type of annotation."@en . + _:Nda71586c3c6541b4a6a907d316dca405 . + . + "Specifies the unit in which energy is measured."@en . + . +_:N9bb1cced9aa14e08b36ebf9f952b1d01 _:Na3743aad0c334d06a729f81988609c9f . + "Specifies the value of the content identifier."@en . + _:Nc9ccffdec66347509395f75c9845128f . + "configuration" . +_:N44928392b4d8458f847c7fd69533d2ee . +_:N6eb9ec15081f404a99935ff4e2aaa14b "1"^^ . + . + . +_:N62b8677868664944abc9f19745aed957 _:Ne4baf3becb8740a79f8bceb49f40679f . +_:Nf3dfbb7f98e84c61b58f5b17e3ae9f19 . + . + . + "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period."@en . +_:N82be0a238ea44c658a60ca20e0c8c6fa . + . +_:Nf44042158d4d4c85a5bd6a0fcb538498 . +_:Nb3e77cdb9a14442eafb0659c7081c110 . +_:N4278c3d777ea4ebd81cd23af80459c2d "1"^^ . + "Specifies a time when a vulnerability assessment was modified"@en . + "The `from` Element is modified by each `to` Element."@en . + "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product."@en . + . + "cve" . + "gitoid" . + . +_:Nf7e1508801cf4398b830fad84fe53388 _:N62b8677868664944abc9f19745aed957 . + . + . + "Provides information about the type of an SBOM."@en . +_:Nb245e59ae52342bea2f1feb05bb80e79 . + . + . + "The `from` Element is a descendant of each `to` Element."@en . +_:Nff33e8337dc8421d9e74b338e35a75d5 . + . +_:Ncae19f1586924a439b37e75eb5b57ed4 . + . +_:N30d5cdb21c144005b1d74c81aa0e129e "1"^^ . +_:Nc91762ec925048e0a85d224bd2bd6d32 . +_:N95b6da49b56e4298924cd2f153f00905 "1"^^ . +_:Ndb06ff981cef4e94bfdbec22badacd4d . + . +_:Na5a538a0052340c0ba01747cca3d3da8 _:N8115c0678af046f9bb8fe56f1541b92b . +_:Nf41c7f62f52f4c10b14344ec13dfe1e5 . +_:Nfcc30e48020d4dd2b3493a0cd55ea457 . + "testedOn" . +_:Nc38c872821b548ee8f430a027b2d711f . + _:Ndc4f18efad334d78a498ea9df84fbd02 . + . + . +_:N0b728d22a9674ecc87af12fde5aae61c "1"^^ . + . + . +_:Nd11df36dd5014f759eab790e847b9857 . +_:N105628f6c8b040edb9db617f35f30bec . +_:Ned1f0afb78d3460c9478383abf3da36b _:Na8cf54eee3ac40cca0ed6cfdaef6a576 . +_:N734a831b529349fb969fd328dc6dcb1c _:N25b71b41baf8408a91b66336f376a5b6 . +_:Nb850dda843534d3ab3ffbadf70766fef . +_:Ndc4f18efad334d78a498ea9df84fbd02 . + . + _:Nda791debefe5491aa84d61433873c630 . + "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . +_:N6be5db9035a14b779b13bfa0a5a51c3e . + . + "The Element refers to a chipset, processor, or electronic board."@en . + "Categories of presence or absence."@en . +_:Nbd14f0a1267744e89f6930e710689414 "1"^^ . +_:Nf44042158d4d4c85a5bd6a0fcb538498 "1"^^ . +_:N6eb9ec15081f404a99935ff4e2aaa14b . + . + . + . + . +_:N06a4b77ca26e4742a10723dc3349c395 . +_:Nccde3ac271484f91b83ed5fb2e1d70c9 . + . +_:N36b7d391e5cf402199bf454d82f5735c . + . + . + . + "A reference to a dynamic analysis report for a package."@en . + "References an Element on the right-hand side of a relationship."@en . + "Abstract ancestor class for all VEX relationships"@en . + . +_:Nf3dfbb7f98e84c61b58f5b17e3ae9f19 _:N565a78360e28494ea80897aadf944c0c . + _:N79e0fdc8a753446e8e1931aab90b02ae . + . + "Specifies the type of an external reference."@en . + . +_:N5011f0cdb4544a70b796520ecd436a25 . + "data" . +_:N1358bfc70dc14db6aa3a799228bc2fdd . + . +_:Nf507b9bee5ae4254bafe4ce3c72a9f18 . + . +_:N0f568f8825144082a14a0e000b8ff13f _:N89d641eef49d4a5f9ef42bfe5c4221bd . + . + . + "image" . +_:Nc91762ec925048e0a85d224bd2bd6d32 _:Nf028d12b2d0f4f6cb20747b6b39a8b5b . + "ancestorOf" . +_:Nc85a3a5deac54465a32d993ba5434b00 _:Ne7777394524c4639973161dd3aff2db3 . + "3.0.1" . +_:N163fe4499b2a454a9641b23118bf53ae "1"^^ . +_:N29e8eb1e03be45ae92093e6937585f14 . + _:N88e97455b377466daa24bff58cde8f0d . + "Specifies whether a license or additional text identifier has been marked as\ndeprecated."@en . + "hasTest" . + "dynamicAnalysisReport" . +_:N328adb4bb1ec422084a2169890188a03 . + . + . +_:Nadc18a90b6ca4cc3af0fb2aa7418dda8 . + "the element follows the Build profile specification"@en . + _:N66b43817d95d4468bf805207af159230 . + "no" . + . + "Any other units of energy measurement."@en . + "test" . + "The Element is a plan, guideline or strategy how to create, perform or analyze an application."@en . + _:N06465237afe4406eb4803558f7a57c08 . + . + _:N6f8ca85700744b0e9f7a8672675d1dca . + . + _:N7676f1bbd99e47659502f87b9936453e . + _:N8692a82c280845c3a6fa37c02ddae229 . + . +_:N06465237afe4406eb4803558f7a57c08 "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . +_:N30d5cdb21c144005b1d74c81aa0e129e . +_:Nb81407b76fc94f228f1f5ad011d931a5 . +_:N4091b2fb3d5c417fad7305927740d1d5 _:N683c5b7b252949bda929dd4befe8bb50 . + "Enumeration of the different kinds of SPDX file."@en . + . +_:N73833299f42a4f78b3a3379f9d2302d7 . +_:N034bf868068348fb92f2f33976cad5ae . + . + "Provides information about the completeness of relationships."@en . + . +_:N6946aaeee89545da9d91b8527c54139a . +_:N4382805b6a5947d38ffcfd8b182bddbf "1"^^ . + "The Element doesn't fit into any of the other categories."@en . +_:N3c34004e669a4f809790739b55299420 _:N5a0ed5449f124c1e9ea7b05f0826cabd . +_:Nbd14f0a1267744e89f6930e710689414 . +_:Nc37985fef6884679b49d387a2ef08d3f . +_:Nb850dda843534d3ab3ffbadf70766fef "1"^^ . +_:Nd0ec388aab40469ab0a4297c30e0c906 . + "no assertion about the type of support is made. This is considered the default if no other support type is used."@en . +_:N737b3d5b3c8f4cb7b5fb665b52f1dd96 . +_:N8186b6d9dc534ac1b7a906d040a88d6a . + "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)"@en . + "[Dilithium](https://pq-crystals.org/dilithium/)"@en . + _:Nfbb5f5e996be44989d31d47d46540443 . diff --git a/rdf/spdx-model.pretty-xml b/rdf/spdx-model.pretty-xml new file mode 100644 index 0000000000..25c62f632b --- /dev/null +++ b/rdf/spdx-model.pretty-xml @@ -0,0 +1,4513 @@ + + + + A license addition that is not listed on the SPDX Exceptions List. + + + + + + An SPDX Element containing an SPDX license expression string. + + + + + + + + 1 + 1 + + + + + + ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + + 1 + + + + + + + + + + + + + System Package Data Exchange (SPDX) Ontology + This ontology defines the terms and relationships used in the SPDX specification to describe system packages + 2024-04-05 + SPDX Project + + + System Package Data Exchange (SPDX) Ontology + Copyright (C) 2024 SPDX Project + + + + A license or addition that is not listed on the SPDX License List. + + + + + + + + 1 + 1 + + + + + Designates elements as products where the impact of a vulnerability is being +investigated. + + + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + An Individual Value for Element representing a set of Elements of unknown +identify or cardinality (number). + + + + A collection of SPDX Elements describing a single package. + + + + + + + + + + + + + + + + + + + + + Portion of an AnyLicenseInfo representing a set of licensing information +where all elements apply. + + + + + + + + 2 + + + + + + Provides a CVSS version 2.0 assessment for a vulnerability. + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + A collection of SPDX Elements that could potentially be serialized. + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + An SPDX version 2.X compatible verification method for software packages. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + + + + + + + + Specifies a data package and its associated information. + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + An Individual Value for License when no assertion can be made about its actual +value. + + + + + Provides a CVSS version 4 assessment for a vulnerability. + + + + + + + + 1 + 1 + + + + + + + + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + An Individual Value for License where the SPDX data creator determines that no +license is present. + + + + + Class that describes a build instance of software/artifacts. + + + + + + + + 1 + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + + + + + + + + Connects a vulnerability and an element designating the element as a product +affected by the vulnerability. + + + + + + + + 1 + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + Portion of an AnyLicenseInfo representing a set of licensing information where +only one of the elements applies. + + + + + + + + 2 + + + + + + Links a vulnerability and one or more elements designating the latter as products +not affected by the vulnerability. + + + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + A license that is listed on the SPDX License List. + + + + + + + + 1 + + + + + + + + 1 + + + + + + Specifies a vulnerability and its associated information. + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + Portion of an AnyLicenseInfo representing a License which has additional +text applied to it. + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + Describes a certain part of a file. + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + 1 + + + + + + Provides a CVSS version 3 assessment for a vulnerability. + + + + + + + + 1 + 1 + + + + + + + + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + Specifies an AI package and its associated information. + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + A type of extension consisting of a list of name value pairs. + + + + + + + + 1 + + + + + + An assertion made in relation to one or more elements. + + + + + + + + + + + + 1 + 1 + + + + + + ^[^\/]+\/[^\/]+$ + + + 1 + + + + + + + + 1 + + + + + + + + 1 + 1 + + + + + Links a vulnerability and elements representing products (in the VEX sense) where +a fix has been applied and are no longer affected. + + + + + A license that is not listed on the SPDX License List. + + + + + + Provides an EPSS assessment for a vulnerability. + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + Provide context for a relationship that occurs in the lifecycle. + + + + + + + + + + + + + + + + 1 + + + + + + Provides an exploit assessment of a vulnerability. + + + + + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + Portion of an AnyLicenseInfo representing this version, or any later version, +of the indicated License. + + + + + + + + 1 + 1 + + + + + An individual human being. + + + + + + A license exception that is listed on the SPDX Exceptions list. + + + + + + + + 1 + + + + + + + + 1 + + + + + A software agent. + + + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + An Individual Value for Element representing a set of Elements with +cardinality (number/count) of zero. + + + + Provides an SSVC assessment for a vulnerability. + + + + + + + + + + + + + + 1 + 1 + + + + + + support + A reference to the software support channel or other support information for a package. + + + + serializedInArtifact + The `from` SpdxDocument can be found in a serialized form in each `to` Artifact. + + + + hasExample + Every `to` Element is an example for the `from` Element (`from` hasExample `to`). + + + Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. + + + + Describes if any sensitive personal information is present in the dataset. + + + + Agent represents anything with the potential to act on a system. + + + + + + support + the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support. + + + + sha256 + SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). + + + Maps a LicenseRef or AdditionRef string for a Custom License or a Custom +License Addition to its URI ID. + + + + + A canonical, unique, immutable identifier + + + + + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + other + Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless). + + + + act + The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible. + + + Describes a mechanism to update the dataset. + + + + + hasHost + The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on). + + + + other + Used when the type does not match any of the other options. + + + + deployed + in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service. + + + + A collection of Elements that have a shared context. + + + + + + + + 1 + + + + + + funding + A reference to funding information related to a package. + + + + build + A relationship has specific context implications during an element's build phase, during development. + + + + The class that helps note down the quantity of energy consumption and the unit +used for measurement. + + + + + + + 1 + 1 + + + + + + + + + + + + + 1 + 1 + + + + + A probability score between 0 and 1 of a vulnerability being exploited. + + + + + modifiedBy + The `from` Element is modified by each `to` Element. + + + + configuration + The Element is configuration data. + + + + email + Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3. + + + Provides a place for the SPDX data creator to record the package URL string +(in accordance with the Package URL specification) for a software Package. + + + + + amber + Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis. + + + + riskAssessment + A reference to a risk assessment for a package. + + + Defines the byte range in the original host file that the snippet information +applies to. + + + + + republishedBy + Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent. + + + Defines the beginning of a range. + + + + + A mapping between prefixes and namespace partial URIs. + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + clear + Dataset may be distributed freely, without restriction. + + + + sourceArtifact + A reference to an artifact containing the sources for a package. + + + + A distinct article or unit related to Software. + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + packagedBy + Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`). + + + + endOfSupport + there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact. + + + Abstract class representing a License or an OrLaterOperator. + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + delegatedTo + The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`). + + + + runtimeAnalysisReport + A reference to a runtime analysis report for a package. + + + + design + A relationship has specific context implications during an element's design. + + + Provides relevant information about the AI software, not including the model +description. + + + + + noAssertion + Makes no assertion about the field. + + + Artifact representing a serialization instance of SPDX data containing the +definition of a particular Element. + + + + Identifies the full text of a License or Addition. + + + + + text + data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript. + + + + securityThreatModel + A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package. + + + + megajoule + Megajoule. + + + + bom + The Element is a bill of materials. + + + + usesTool + The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period. + + + + falcon + [FALCON](https://falcon-sign.info/falcon.pdf) + + + + crystalsKyber + [Kyber](https://pq-crystals.org/kyber/) + + + + sha512 + SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). + + + + hasAddedFile + Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`). + + + + swhid + SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. + + + + hasDistributionArtifact + The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file). + + + Specifies the SSVC decision type. + + + + availableFrom + The `from` Element is available from the additional supplier described by each `to` Element. + + + + structured + data is stored in tabular format or retrieved from a relational database. + + + Specifies the type of a content identifier. + + + + A collection of Elements, not necessarily with unifying context. + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Abstract class for additional text intended to be added to a License, but +which is not itself a standalone License. + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + 1 + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + 1 + + + + + + + blake2b256 + BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. + + + + dynamicAnalysisReport + A reference to a dynamic analysis report for a package. + + + + blake3 + [BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf) + + + + patch + The Element contains a set of changes to update, fix, or improve another Element. + + + + lite + the element follows the Lite profile specification + + + + registration + the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms. + + + + exploitCreatedBy + The `from` Vulnerability has had an exploit created against it by each `to` Agent. + + + + Provides information about the creation of the Element. + + + + + ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + + 1 + 1 + + + + + + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + 1 + + + + + + + + 1 + + + + + + + + + + + + + yes + Indicates presence of the field. + + + + core + the element follows the Core profile specification + + + + expandedLicensing + the element follows the ExpandedLicensing profile specification + + + Gives information about the circumstances or unifying properties +that Elements of the bundle have been assembled under. + + + + Describes potentially noisy elements of the dataset. + + + + + serious + The highest level of risk posed by an AI system. + + + + specification + The Element is a plan, guideline or strategy how to create, perform or analyze an application. + + + + other + Any other units of energy measurement. + + + Describes a sensor used for collecting the data. + + + + + filesystemImage + The Element is a file system image that can be written to a disk (or virtual) partition. + + + + fixedIn + A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships. + + + + blake2b384 + BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. + + + + ai + the element follows the AI profile specification + + + The result of applying a hash algorithm to an Element. + + + + Describes one a profile which the creator of this ElementCollection intends to +conform to. + + + + + sha3_224 + SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + + hasAssociatedVulnerability + Used to associate a `from` Artifact with each `to` Vulnerability. + + + + data + The Element is data. + + + + issueTracker + A reference to the issue tracker for a package. + + + + doesNotAffect + The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships. + + + Provides a reference to a resource outside the scope of SPDX-3.0 content +that uniquely identifies an Element. + + + + + Abstract class for the portion of an AnyLicenseInfo representing a license. + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + 1 + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + Describes the anonymization methods used. + + + + + cwe + [Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/). + + + + coordinatedBy + The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent). + + + + runtime + A relationship has specific context implications during the execution phase of an element. + + + + hasConcludedLicense + The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license. + + + A name used in a CdxPropertyEntry name-value pair. + + + + + releaseHistory + A reference to a published list of releases for a package. + + + Provides information about the creation of the Element. + + + + Identifies the text of one or more copyright notices for a software Package, +File or Snippet, if any. + + + + Provide consumers with comments by the creator of the Element about the +Element. + + + + + mavenCentral + A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`. + + + + hasAssessmentFor + Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types. + + + + library + The Element is a software library. + + + Contains a URL where the License or LicenseAddition can be found in use. + + + + + audio + data is audio based, such as a collection of music from the 80s. + + + + inlineMitigationsAlreadyExist + Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability. + + + + extension + the element follows the Extension profile specification + + + + staticAnalysisReport + A reference to a static analysis report for a package. + + + + directory + The file represents a directory and all content stored in that directory. + + + Refers to one or more Elements that are part of an ElementCollection. + + + + Provides information about the primary purpose of the software artifact. + + + + + buildSystem + A reference build system used to create or publish the package. + + + Specifies the version of a VEX statement. + + + + Specifies whether the License is listed as free by the +Free Software Foundation (FSF). + + + + + framework + The Element is a software framework. + + + Specifies the VEX justification type. + + + Identifies from where or whom the Element originally came. + + + + + chat + A reference to the instant messaging system used by the maintainer for a package. + + + Provide an enumerated set of lifecycle phases that can provide context to relationships. + + + + releaseNotes + A reference to the release notes for a package. + + + + Provides an independently reproducible mechanism that permits verification of a specific Element. + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + 1 + + + + + + Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance. + + + + Specifies the CVSS vector string for a vulnerability. + + + + Timestamp of impact statement. + + + + + vulnerabilityDisclosureReport + A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final). + + + Specifies the time from which an element is applicable / valid. + + + + + firmware + The Element provides low level control over a device's hardware. + + + + trainedOn + The `from` Element has been trained on the `to` Element(s). + + + + hasPrerequisite + The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period. + + + + sha3_256 + SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + + build + SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs. + + + + eolNotice + A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package. + + + + hasOutput + The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period. + + + + patchedBy + Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`). + + + + underInvestigationFor + The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships. + + + + Refers to any unit of content that can be associated with a distribution of +software. + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + Specifies the level of support associated with an artifact. + + + + + contains + The `from` Element contains each `to` Element. + + + + metrics + A reference to metrics related to package such as OpenSSF scorecards. + + + Specifies the type of the external identifier. + + + + Records the time when a recommended action was communicated in a VEX statement +to mitigate a vulnerability. + + + + + buildMeta + A reference build metadata related to a published package. + + + + Abstract ancestor class for all vulnerability assessments + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + + runtime + SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an "Instrumented" or "Dynamic" SBOM. + + + + publishedBy + Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent. + + + + hasDeletedFile + Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`). + + + + hasDependencyManifest + The `from` Element has manifest files that contain dependency information in each `to` Element. + + + + Abstract ancestor class for all VEX relationships + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + 1 + + + + + + + + 1 + + + + + + Provides information about the primary purpose of an Element. + + + + track + The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines. + + + + md2 + MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/). + + + Specifies the unit of energy consumption. + + + + sensor + data is recorded from a physical sensor, such as a thermometer reading or biometric device. + + + An Element an annotator has made an assertion about. + + + + Captures the threshold that was used for computation of a metric described in +the metric field. + + + + + vulnerableCodeCannotBeControlledByAdversary + The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack. + + + + diskImage + The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc. + + + Provides an ExternalMap of Element identifiers. + + + + + A tuple of two positive integers that define a range. + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + A reference to a resource outside the scope of SPDX-3.0 content related to an Element. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + ^[^\/]+\/[^\/]+$ + + + 1 + + + + + + + + 1 + + + + + + directDownload + the dataset is publicly available and can be downloaded directly. + + + + sha224 + SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/). + + + + other + Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element). + + + References the Element on the left-hand side of a relationship. + + + + Specifies the exploit catalog type. + + + Identifies the full text of a LicenseAddition. + + + + + securityOther + Used when there is a security related identifier of unspecified type. + + + + hasDynamicLink + The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period. + + + + install + The Element is used to install software on disk. + + + + operatingSystem + The Element is an operating system. + + + + securityFix + A reference to the patch or source code that fixes a vulnerability. + + + + Describes a relationship between one or more elements. + + + + + + + + 1 + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 1 + + + + + + + + + + + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + complete + The relationship is known to be exhaustive. + + + A place for the SPDX document creator to record a website that serves as the +package's home page. + + + + Defines the original host file that the snippet information applies to. + + + + Specifies an Extension characterization of some aspect of an Element. + + + + Property that describes the digest of the build configuration file used to +invoke a build. + + + + Provides the location of an external reference. + + + + Describes the confidentiality level of the data points contained in the dataset. + + + + Identifies who or what created the Element. + + + + + adler32 + Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3. + + + + nuget + A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`. + + + + hasVariant + Every `to` Element is a variant the `from` Element (`from` hasVariant `to`). + + + + dependsOn + The `from` Element depends on each `to` Element, during a LifecycleScopeType period. + + + + blake2b512 + BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. + + + + exportControlAssessment + A reference to a export control assessment for a package. + + + + securityPolicy + A reference to instructions for reporting newly discovered security vulnerabilities for a package. + + + Describes relevant information about different steps of the training process. + + + + Specifies the licenseId that is preferred to be used in place of a deprecated +License or LicenseAddition. + + + + A characterization of some aspect of an Element that is associated with the Element in a generalized fashion. + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + Points to a resource outside the scope of the SPDX-3.0 content +that provides additional characteristics of an Element. + + + + + A class for describing the energy consumption incurred by an AI model in +different stages of its lifecycle. + + + + + + + + + + + + + + + + + + + + + + + + + + securityAdversaryModel + A reference to the security adversary model for a package. + + + + hasRequirement + The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period. + + + + development + the artifact is in active development and is not considered ready for formal support from the supplier. + + + + Base domain class from which all other SPDX-3.0 domain classes derive. + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + + + + + + + + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An entity that is authorized to issue identification credentials. + + + + + medium + The third-highest level of risk posed by an AI system. + + + A concrete subclass of Element used by Individuals in the +Core profile. + + + + + + syntactic + data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing. + + + + archive + The Element is an archived collection of one or more files (.tar, .zip, etc.). + + + + graph + data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends. + + + + software + the element follows the Software profile specification + + + + certificationReport + A reference to a certification report for a package from an accredited/independent body. + + + Provides an unambiguous mechanism for conveying a URI fragment portion of an +Element ID. + + + + + review + Used when someone reviews the Element. + + + + green + Dataset can be shared within a community of peers and partners. + + + + md4 + MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/). + + + Provides a detailed description of the Element. + + + + Provides a License author's preferred text to indicate that a file is covered +by the License. + + + + + query + the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset. + + + + packageUrl + Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification. + + + + red + Data points in the dataset are highly confidential and can only be shared with named recipients. + + + An element of hardware and/or software utilized to carry out a particular function. + + + + + Property describing a parameter used in an instance of a build. + + + + Specifies the amount of energy consumed during inference time by an AI model +that is being used in the AI system. + + + + A License participating in a 'with addition' model. + + + + Specifies the time an artifact was released. + + + + + file + The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.). + + + Specifies a time when a vulnerability assessment was modified + + + + Provides the location for more information regarding an external identifier. + + + + Specifies the value of the content identifier. + + + + Identifies the download Uniform Resource Identifier for the package at the time +that the document was created. + + + + + Refers to any object that stores content on a computer. + + + + + + ^[^\/]+\/[^\/]+$ + + + 1 + + + + + + + + + + + + 1 + + + + + + A key with an associated value. + + + + + + + 1 + 1 + + + + + + + + 1 + + + + + + binaryArtifact + A reference to binary artifacts related to a package. + + + A concrete subclass of AnyLicenseInfo used by Individuals in the +ExpandedLicensing profile. + + + + + Specifies an Element contained in a piece of software where a vulnerability was +found. + + + + + foundBy + Designates a `from` Vulnerability was originally discovered by the `to` Agent(s). + + + + manifest + The Element is a software manifest. + + + + clickthrough + the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage. + + + Identifies an external Element used within an SpdxDocument but defined +external to that SpdxDocument. + + + + Specifies the algorithm used for calculating the hash value. + + + + + A property name with an associated value. + + + + + + + 1 + 1 + + + + + + + + 1 + + + + + + affects + The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships. + + + + incomplete + The relationship is known not to be exhaustive. + + + Provides an IntegrityMethod with which the integrity of an Element can be +asserted. + + + + + A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element. + + + + + + + + + + + + + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + + + + 1 + + + + + + + + + + + + + + + 1 + + + + + Captures the size of the dataset. + + + + Describes the preprocessing steps that were applied to the raw data to create the given dataset. + + + + + timeseries + data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day. + + + Specifies the type of an annotation. + + + Identifies all the text and metadata associated with a license in the license +XML format. + + + + + simpleLicensing + the element follows the SimpleLicensing profile specification + + + + none + When a CVSS score is 0.0 + + + + crystalsDilithium + [Dilithium](https://pq-crystals.org/dilithium/) + + + + npm + A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`. + + + + requirement + The Element provides a requirement needed as input for another Element. + + + + trackStar + ("Track\*" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\* vulnerabilities within standard update timelines. + + + + noSupport + there is no support for the artifact from the supplier, consumer assumes any support obligations. + + + The relative file name of a file to be excluded from the +`PackageVerificationCode`. + + + + + A mathematically calculated representation of a grouping of data. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 1 + + + + + + + + 1 + 1 + + + + + Provides a place for the SPDX data creator to record acknowledgement text for +a software Package, File or Snippet. + + + + Capture the scope of information about a specific relationship between elements. + + + + + source + The Element is a single or a collection of source files. + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + + + + An Organization representing the SPDX Project. + + + + 3.0.1 + + + + socialMedia + A reference to a social media channel for a package. + + + The name of a relevant standard that may apply to an artifact. + + + + + hasDeclaredLicense + The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling. + + + + A map of Element identifiers that are used within an SpdxDocument but defined +external to that SpdxDocument. + + + + + + + 1 + 1 + + + + + + + + + + + + + + + 1 + + + + + + + + 1 + + + + + + hasEvidence + Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`). + + + Captures a standard that is being complied with. + + + + This property is used to denote the root Element(s) of a tree of elements contained in a BOM. + + + + Provides a map of a property names to a values. + + + + + componentNotPresent + The software is not affected because the vulnerable component is not in the product. + + + + attend + The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines. + + + + numeric + data consists only of numeric entries. + + + + altDownloadLocation + A reference to an alternative download location. + + + Specifies whether an additional text identifier has been marked as deprecated. + + + + + video + data is video based, such as a collection of movie clips featuring Tom Hanks. + + + + hasSpecification + Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period. + + + + hasTestCase + Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`). + + + Identifies when the Element was originally created. + + + + Provides a reference number that can be used to understand how to parse and +interpret an Element. + + + + + image + data is a collection of images such as pictures of animals. + + + + development + A relationship has specific context implications during development phase of an element. + + + Defines the end of a range. + + + + + documentation + The Element is documentation. + + + Specifies until when the artifact can be used before its usage needs to be +reassessed. + + + + + copiedTo + The `from` Element has been copied to each `to` Element. + + + + high + When a CVSS score is between 7.0 - 8.9 + + + + swid + Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3. + + + + hasMetadata + Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`). + + + + vulnerableCodeNotPresent + The product is not affected because the code underlying the vulnerability is not present in the product. + + + Specifies the amount of energy consumed when finetuning the AI model that is +being used in the AI system. + + + + + urlScheme + [Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource. + + + + fixedBy + Designates a `from` Vulnerability has been fixed by the `to` Agent(s). + + + + md5 + MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/). + + + + vulnerabilityExploitabilityAssessment + A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf). + + + + deployed + SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment. + + + Identifies the name of an Element as designated by the creator. + + + + + limitedSupport + the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support. + + + Describes methods that can be used to explain the results from the AI model. + + + + + evidence + The Element is the evidence that a specification or requirement has been fulfilled. + + + + source + SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact. + + + + security + the element follows the Security profile specification + + + + bower + A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the "install" section of [Bower API documentation](https://bower.io/docs/api/#install). + + + Identifies who or what supplied the artifact or VulnAssessmentRelationship +referenced by the Element. + + + + Describes the type of annotation. + + + + Records the biases that the dataset is known to encompass. + + + + Indicates the type of support that is associated with an artifact. + + + + hasStaticLink + The `from` Element statically links in each `to` Element, during a LifecycleScopeType period. + + + + hasDataFile + The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency. + + + Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog. + + + + A substitute for a URI. + + + + + hasOptionalComponent + Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`). + + + Property describing the session in which a build is invoked. + + + + Provides a numerical (0-10) representation of the severity of a vulnerability. + + + + Enumeration of dataset types. + + + + expandsTo + The `from` archive expands out as an artifact described by each `to` Element. + + + Property that describes the URI of the build configuration source file. + + + + Information about the relationship between two Elements. + + + Availability of dataset. + + + + describes + The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used. + + + References an Element on the right-hand side of a relationship. + + + + Provides additional purpose information of the software artifact. + + + + + module + The Element is a module of a piece of software. + + + + low + Low/no risk is posed by an AI system. + + + + other + any hashing algorithm that does not exist in this list of entries + + + Describes all the preprocessing steps applied to the training data before the +model training. + + + + Uniquely identifies an external element. + + + + + componentAnalysisReport + A reference to a Software Composition Analysis (SCA) report. + + + + securityPenTestReport + A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package. + + + + design + SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact. + + + + hasOptionalDependency + The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period. + + + + amendedBy + The `from` Element is amended by each `to` Element. + + + Property describing the start time of a build. + + + + + sha384 + SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). + + + Information about the relationship between two Elements. + + + + A container for a grouping of SPDX-3.0 content characterizing details +(provenence, composition, licensing, etc.) about a product. + + + + + Specifies the CVSS base, temporal, threat, or environmental severity type. + + + + gitoid + [Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg). + + + A mathematical algorithm that maps data of arbitrary size to a bit string. + + + + noAssertion + data type is not known. + + + + hasDocumentation + The `from` Element is documented by each `to` Element. + + + Defines the line range in the original host file that the snippet information +applies to. + + + + A value used in a generic key-value pair. + + + + + test + A relationship has specific context implications during an element's testing phase, during development. + + + Identifies the tooling that was used during the creation of the Element. + + + + A buildType is a hint that is used to indicate the toolchain, platform, or +infrastructure that the build was invoked on. + + + + + altWebPage + A reference to an alternative web page. + + + + reportedBy + Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent. + + + + license + A reference to additional license information related to an artifact. + + + + descendantOf + The `from` Element is a descendant of each `to` Element. + + + + medium + When a CVSS score is between 4.0 - 6.9 + + + Describes the type of the given dataset. + + + + Conveys information about how VEX status was determined. + + + + + noAssertion + No assertion can be made about the completeness of the relationship. + + + + other + data is of a type not included in this list. + + + Describes how the dataset was collected. + + + + + ancestorOf + The `from` Element is an ancestor of each `to` Element. + + + Specifies whether a license or additional text identifier has been marked as +deprecated. + + + + Property that describes the time at which a build stops. + + + + Specifies the unit in which energy is measured. + + + + + invokedBy + The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step). + + + A LicenseAddition participating in a 'with addition' model. + + + + Specified the time and date when a vulnerability was withdrawn. + + + + + noAssertion + no assertion about the type of support is made. This is considered the default if no other support type is used. + + + Abstract class representing a license combination consisting of one or more licenses. + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + kilowattHour + Kilowatt-hour. + + + Describes what the given dataset should be used for. + + + + Specifies the SPDX License List version in which this license or exception +identifier was deprecated. + + + + Identify the version of a package. + + + + + A distinct article or unit within the digital domain. + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + + + + + + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Commentary on an assertion that an annotator has made. + + + + Identifies the full text of a LicenseAddition, in SPDX templating format. + + + + Specifies the SPDX License List version in which this ListedLicense or +ListedLicenseException identifier was first added. + + + + + deviceDriver + The Element represents software that controls hardware devices. + + + + productMetadata + A reference to additional product metadata such as reference within organization's product catalog. + + + Specifies the type of the content identifier. + + + + + categorical + data that is classified into a discrete number of categories, such as the eye color of a population of people. + + + Identifies the full text of a License, in SPDX templating format. + + + + Records the measurement of prediction quality of the AI model. + + + + Records if sensitive personal information is used during model training or +could be used during the inference. + + + + Specifies the type of an external identifier. + + + A canonical, unique, immutable identifier of the artifact content, that may be +used for verifying its identity and/or integrity. + + + + + securityOther + A reference to related security information of unspecified type. + + + + scrapingScript + the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data. + + + + sha1 + SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/). + + + Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness. + + + + configures + The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period. + + + + kev + CISA's Known Exploited Vulnerability (KEV) Catalog + + + + cpe23 + [Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final) + + + + other + A relationship has other specific context information necessary to capture that the above set of enumerations does not handle. + + + + other + Other exploit catalogs + + + + md6 + [MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf) + + + + critical + When a CVSS score is between 9.0 - 10.0 + + + + hasInput + The `from` Build has each `to` Element as an input, during a LifecycleScopeType period. + + + + generates + The `from` Element generates each `to` Element. + + + + secureSoftwareAttestation + A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form). + + + Records a hyperparameter used to build the AI model contained in the AI +package. + + + + A key used in a generic key-value pair. + + + + Provides advise on how to mitigate or remediate a vulnerability when a VEX product +is affected by it. + + + + Provides the license under which the SPDX documentation of the Element can be +used. + + + + Specifies the type of the external reference. + + + + + model + The Element is a machine learning or artificial intelligence model. + + + + device + The Element refers to a chipset, processor, or electronic board. + + + Records the type of the model used in the AI software. + + + + + securityAdvisory + A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries. + + + + purchaseOrder + A reference to a purchase order for a package. + + + + sha3_512 + SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + + low + When a CVSS score is between 0.1 - 3.9 + + + + sha3_384 + SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + The field describes the availability of a dataset. + + + + A buildId is a locally unique identifier used by a builder to identify a unique +instance of a build produced by it. + + + + Specifies the exploit catalog type. + + + + A short description of an Element. + + + + + analyzed + SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a "3rd party" SBOM. + + + + timestamp + data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends. + + + Provides a set of values to be used to describe the common types of SBOMs that +tools may create. + + + + vcs + A reference to a version control system related to a software artifact. + + + A string in the license expression format. + + + + A group of people who work together in an organized way for a shared purpose. + + + + + Specifies the time an artifact was built. + + + + + file + The file represents a single file (default). + + + A value used in a CdxPropertyEntry name-value pair. + + + + Provide the enumeration of possible decisions in the +[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc). + + + + + qualityAssessmentReport + A reference to a quality assessment for a package. + + + + gitoid + [Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg). + + + A License participating in an 'or later' model. + + + + A license expression participating in a license set. + + + + + other + Used when the type does not match any of the other options. + + + + mailingList + A reference to the mailing list used by the maintainer for a package. + + + Provides information about the completeness of relationships. + + + + + no + Indicates absence of the field. + + + Specifies the time when a vulnerability was published. + + + + Enumeration of the valid profiles. + + + + executable + The Element is an Artifact that can be run on a computer. + + + + container + The Element is a container image which can be used by a container runtime application. + + + The percentile of the current probability score. + + + + + dataset + the element follows the Dataset profile specification + + + + cpe22 + [Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf) + + + + privacyAssessment + A reference to a privacy assessment for a package. + + + + swhid + SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. + + + + application + The Element is a software application. + + + + hasProvidedDependency + The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period. + + + Indicates the amount of energy consumption incurred by an AI model. + + + + Provides an indication of where to retrieve an external Element. + + + + + test + The Element is a test used to verify functionality on an software element. + + + + hasTest + Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period. + + + Specifies the safety risk level. + + + + documentation + A reference to the documentation for a package. + + + Provides information about the content type of an Element or a Property. + + + + + platform + The Element represents a runtime environment. + + + Describes if a given file is a directory or non-directory kind of file. + + + + + other + The Element doesn't fit into any of the other categories. + + + + high + The second-highest level of risk posed by an AI system. + + + Represents the energy quantity. + + + + Categories of confidentiality level. + + + Specifies whether the License is listed as approved by the +Open Source Initiative (OSI). + + + + Specifies the type of an external reference. + + + Specifies the time from which an element is no longer applicable / valid. + + + + Specifies the amount of energy consumed when training the AI model that is +being used in the AI system. + + + + Provides information about the type of an SBOM. + + + + + testedOn + The `from` Element has been tested on the `to` Element(s). + + + Provides the location of an exploit catalog. + + + + + build + the element follows the Build profile specification + + + Impact justification label to be used when linking a vulnerability to an element +representing a VEX product with a VexNotAffectedVulnAssessmentRelationship +relationship. + + + + Explains why a VEX product is not affected by a vulnerability. It is an +alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable +justification label. + + + + Records any relevant background information or additional comments +about the origin of the package. + + + + The version of the SPDX License List used in the license expression. + + + + Property describes the invocation entrypoint of a build. + + + + + cve + Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id). + + + + vulnerableCodeNotInExecutePath + The affected code is not reachable through the execution of the code, including non-anticipated states of the product. + + + Indicates whether the system can perform a decision or action without human +involvement or guidance. + + + + Records the results of general safety risk assessment of the AI system. + + + + Captures the domain in which the AI package can be used. + + + + Categories of presence or absence. + + + Captures a limitation of the AI software. + + + + Enumeration of the different kinds of SPDX file. + + diff --git a/rdf/spdx-model.trig b/rdf/spdx-model.trig new file mode 100644 index 0000000000..f2ca733c90 --- /dev/null +++ b/rdf/spdx-model.trig @@ -0,0 +1,4697 @@ +@prefix dcterms: . +@prefix ns1: . +@prefix ns2: . +@prefix ns3: . +@prefix ns4: . +@prefix ns5: . +@prefix ns6: . +@prefix omg-ann: . +@prefix owl: . +@prefix rdf: . +@prefix rdfs: . +@prefix sh: . +@prefix spdx: . +@prefix xsd: . + +_:N8bd24aea1c3f4a56b46cba0367b4452e { + ns2:AIPackage a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies an AI package and its associated information."@en ; + rdfs:subClassOf ns3:Package ; + sh:nodeKind sh:IRI ; + sh:property _:N024478cff6eb4ef48dc45dabdb7b0a35, + _:N13acbf7806c648f19f147c9073a04385, + _:N329ecc1447f349cc968623ddffe6a2f7, + _:N576b7fbe3ba74572a6eb065c67761847, + _:N626b5ad29167479dabae9a9177315404, + _:N786a3eaa8fbe4cf0bb67c4e086fa8b5b, + _:N80dc66a1ccec469392596c5291fa2864, + _:N8bdb3da6da754d98843024e1dcbe3e43, + _:N9bd771ac02cc41519919a01d4deca105, + _:Nad909dcc4fad4339a9eb809fabd6a871, + _:Nc63741a7112e471ba97ce37e05f2dac1, + _:Ncae19f1586924a439b37e75eb5b57ed4, + _:Nccde3ac271484f91b83ed5fb2e1d70c9, + _:Nd385c846dfa14371a0a3697f7168b4c1, + _:Nf41c7f62f52f4c10b14344ec13dfe1e5 . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Class that describes a build instance of software/artifacts."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:N3ba51db196c04386ae47cb64aab6c95c, + _:N4f6d0abf94b14a189b945346f00ba9dc, + _:N7d2dbee05b72455c995a675186de5fd1, + _:N82be0a238ea44c658a60ca20e0c8c6fa, + _:N85ad449141be453592e9e80c2bc379f4, + _:Nbdc672a90df4480da8648bd31507d48e, + _:Nc8b9ea4213214eccb17ccccf3790161d, + _:Nce9a69dc19af4e1394f03174c67c5857, + _:Ne20cfbefa1424ba79abfc89287f1eef3 . + + ns1:Annotation a owl:Class, + sh:NodeShape ; + rdfs:comment "An assertion made in relation to one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:N07cb32d0626a45cfbea37a7dd2a8b854, + _:N3bf9008e5422473bb689602da04ccca1, + _:N8f24e4128c124ec08b9e80f45a43dd1e, + _:N91adaf3024344ddcbcbf3f943faaad6b . + + ns1:LifecycleScopedRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provide context for a relationship that occurs in the lifecycle."@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property _:N7676f1bbd99e47659502f87b9936453e . + + ns1:NoAssertionElement a owl:NamedIndividual, + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements of unknown +identify or cardinality (number)."""@en ; + ns1:creationInfo . + + ns1:NoneElement a owl:NamedIndividual, + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements with +cardinality (number/count) of zero."""@en ; + ns1:creationInfo . + + ns1:PackageVerificationCode a owl:Class, + sh:NodeShape ; + rdfs:comment "An SPDX version 2.X compatible verification method for software packages."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N5a2b8b0073a54a3db4d6092f1c5043ed, + _:N88e97455b377466daa24bff58cde8f0d, + _:Na3925605d49b4db382603ae946c37f51 . + + ns1:Person a owl:Class ; + rdfs:comment "An individual human being."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + + ns1:SoftwareAgent a owl:Class ; + rdfs:comment "A software agent."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + + ns1:SpdxDocument a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements that could potentially be serialized."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property _:N4aa1ea2c440f4aecb7a6656a599fbf22, + _:Nc22ee04d695b4582bd604f6206900620, + _:Ndc4f18efad334d78a498ea9df84fbd02 . + + ns4:DatasetPackage a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies a data package and its associated information."@en ; + rdfs:subClassOf ns3:Package ; + sh:nodeKind sh:IRI ; + sh:property _:N00d83dee7aa44a7991821a46e83e5164, + _:N034bf868068348fb92f2f33976cad5ae, + _:N2a72f2e0c3d44dd5ac4c0633f336d556, + _:N66b43817d95d4468bf805207af159230, + _:N6eb9ec15081f404a99935ff4e2aaa14b, + _:N78c7513398064da1a55c5df1b3c96444, + _:N8adbab8e05cf4258a0b7e9eedbd03e5f, + _:N95b6da49b56e4298924cd2f153f00905, + _:Na267e7b88a344e4fbd0c59a6dc760e65, + _:Na42e3794f624483e818646ed683c5ba2, + _:Nb4381a5cee3143a482af28cf9a364f3c, + _:Ndb06ff981cef4e94bfdbec22badacd4d, + _:Nf0752cee7bef48efaa39267516a6b21a . + + ns6:ConjunctiveLicenseSet a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information +where all elements apply."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property _:N963f7603cd844b03bd4631e0713b1635 . + + ns6:CustomLicense a owl:Class ; + rdfs:comment "A license that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ns6:License ; + sh:nodeKind sh:IRI . + + ns6:CustomLicenseAddition a owl:Class ; + rdfs:comment "A license addition that is not listed on the SPDX Exceptions List."@en ; + rdfs:subClassOf ns6:LicenseAddition ; + sh:nodeKind sh:IRI . + + ns6:DisjunctiveLicenseSet a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information where +only one of the elements applies."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property _:Ne81afbff18a74c75ac853da24ab327a0 . + + ns6:ListedLicense a owl:Class, + sh:NodeShape ; + rdfs:comment "A license that is listed on the SPDX License List."@en ; + rdfs:subClassOf ns6:License ; + sh:nodeKind sh:IRI ; + sh:property _:Nadd5d6fa295c47ee82d49e5fde059110, + _:Ndaeba75fb43b4db7b777e9b00ecd7064 . + + ns6:ListedLicenseException a owl:Class, + sh:NodeShape ; + rdfs:comment "A license exception that is listed on the SPDX Exceptions list."@en ; + rdfs:subClassOf ns6:LicenseAddition ; + sh:nodeKind sh:IRI ; + sh:property _:N5011f0cdb4544a70b796520ecd436a25, + _:N7c7a260c778e4d4491ba75a0fe083ebe . + + ns6:NoAssertionLicense a owl:NamedIndividual, + ns6:IndividualLicensingInfo ; + rdfs:comment """An Individual Value for License when no assertion can be made about its actual +value."""@en ; + owl:sameAs ; + ns1:creationInfo . + + ns6:NoneLicense a owl:NamedIndividual, + ns6:IndividualLicensingInfo ; + rdfs:comment """An Individual Value for License where the SPDX data creator determines that no +license is present."""@en ; + owl:sameAs ; + ns1:creationInfo . + + ns6:OrLaterOperator a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing this version, or any later version, +of the indicated License."""@en ; + rdfs:subClassOf ns6:ExtendableLicense ; + sh:nodeKind sh:IRI ; + sh:property _:N47d32bc3b4e04c9ab083ec76d4f22585 . + + ns6:WithAdditionOperator a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a License which has additional +text applied to it."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property _:N163fe4499b2a454a9641b23118bf53ae, + _:Nc51fb19223644705a84f646344b7e9d3 . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A type of extension consisting of a list of name value pairs."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N516b1b46dbb04f1c953906f0388bf8b4 . + + ns5:CvssV2VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 2.0 assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:Na2b089e6c69d4697ae4de61d18f020f7, + _:Nb850dda843534d3ab3ffbadf70766fef . + + ns5:CvssV3VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 3 assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:N328adb4bb1ec422084a2169890188a03, + _:Na449b0b56e3540618b2a2698204edde9, + _:Nfcc30e48020d4dd2b3493a0cd55ea457 . + + ns5:CvssV4VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 4 assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:N4278c3d777ea4ebd81cd23af80459c2d, + _:N4382805b6a5947d38ffcfd8b182bddbf, + _:N58c62d134f5e41d78440946685ecf0cc . + + ns5:EpssVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an EPSS assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:Nc9ddcdf86e874968aa8f5ba821975eb4, + _:Nf284f365ba5c4e4da40d7d7900d82744 . + + ns5:ExploitCatalogVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an exploit assessment of a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:N8e672d95ff7d48e68c1ed7ecf019b269, + _:N91d11db27b28462b8545b78734a27503, + _:Ne820a8ec67114d53b03a71f5f7be31f5 . + + ns5:SsvcVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an SSVC assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:N30d5cdb21c144005b1d74c81aa0e129e . + + ns5:VexAffectedVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment """Connects a vulnerability and an element designating the element as a product +affected by the vulnerability."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:N105628f6c8b040edb9db617f35f30bec, + _:N8692a82c280845c3a6fa37c02ddae229 . + + ns5:VexFixedVulnAssessmentRelationship a owl:Class ; + rdfs:comment """Links a vulnerability and elements representing products (in the VEX sense) where +a fix has been applied and are no longer affected."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI . + + ns5:VexNotAffectedVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment """Links a vulnerability and one or more elements designating the latter as products +not affected by the vulnerability."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:N377b547285074591a904911ef1fc1977, + _:N6f8ca85700744b0e9f7a8672675d1dca, + _:Nb916f2dfc1c640bd8e0dac9bb5956172 . + + ns5:VexUnderInvestigationVulnAssessmentRelationship a owl:Class ; + rdfs:comment """Designates elements as products where the impact of a vulnerability is being +investigated."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI . + + ns5:Vulnerability a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies a vulnerability and its associated information."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property _:N942417ca6d844df0914d75b099a457f8, + _:Ne11c75cafdb0438299216847b06716cf, + _:Ne68051bb209048da9a57bc5dbaf28bf0 . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "An SPDX Element containing an SPDX license expression string."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property _:N1647e706f6764e7d9ec4e0aa8979d0c6, + _:Ne70b85feb564419597741ca637d61d03, + _:Nf5531d9c16ff4f589dff19f480634c29 . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A license or addition that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:Nda71586c3c6541b4a6a907d316dca405 . + + ns3:Sbom a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements describing a single package."@en ; + rdfs:subClassOf ns1:Bom ; + sh:nodeKind sh:IRI ; + sh:property _:N954579de61d84bef909737ad4568a536 . + + ns3:Snippet a owl:Class, + sh:NodeShape ; + rdfs:comment "Describes a certain part of a file."@en ; + rdfs:subClassOf ns3:SoftwareArtifact ; + sh:nodeKind sh:IRI ; + sh:property _:N825f749765e348a0abfef75f63c1588a, + _:Nc6d18260ddfa478b84c2dc19c2059aa2, + _:Nf9bf03371d92462f91a54baa946fd625 . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + spdx: a owl:Ontology ; + rdfs:label "System Package Data Exchange (SPDX) Ontology"@en ; + dcterms:abstract "This ontology defines the terms and relationships used in the SPDX specification to describe system packages"@en ; + dcterms:created "2024-04-05"^^xsd:date ; + dcterms:creator "SPDX Project"@en ; + dcterms:license ; + dcterms:references ; + dcterms:title "System Package Data Exchange (SPDX) Ontology"@en ; + owl:versionIRI spdx: ; + omg-ann:copyright "Copyright (C) 2024 SPDX Project"@en . + + a owl:NamedIndividual, + ns2:EnergyUnitType ; + rdfs:label "kilowattHour" ; + rdfs:comment "Kilowatt-hour."@en . + + a owl:NamedIndividual, + ns2:EnergyUnitType ; + rdfs:label "megajoule" ; + rdfs:comment "Megajoule."@en . + + a owl:NamedIndividual, + ns2:EnergyUnitType ; + rdfs:label "other" ; + rdfs:comment "Any other units of energy measurement."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "high" ; + rdfs:comment "The second-highest level of risk posed by an AI system."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "low" ; + rdfs:comment "Low/no risk is posed by an AI system."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "medium" ; + rdfs:comment "The third-highest level of risk posed by an AI system."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "serious" ; + rdfs:comment "The highest level of risk posed by an AI system."@en . + + ns2:autonomyType a owl:ObjectProperty ; + rdfs:comment """Indicates whether the system can perform a decision or action without human +involvement or guidance."""@en ; + rdfs:range ns1:PresenceType . + + ns2:domain a owl:DatatypeProperty ; + rdfs:comment "Captures the domain in which the AI package can be used."@en ; + rdfs:range xsd:string . + + ns2:energyConsumption a owl:ObjectProperty ; + rdfs:comment "Indicates the amount of energy consumption incurred by an AI model."@en ; + rdfs:range ns2:EnergyConsumption . + + ns2:energyQuantity a owl:DatatypeProperty ; + rdfs:comment "Represents the energy quantity."@en ; + rdfs:range xsd:decimal . + + ns2:energyUnit a owl:ObjectProperty ; + rdfs:comment "Specifies the unit in which energy is measured."@en ; + rdfs:range ns2:EnergyUnitType . + + ns2:finetuningEnergyConsumption a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when finetuning the AI model that is +being used in the AI system."""@en ; + rdfs:range ns2:EnergyConsumptionDescription . + + ns2:hyperparameter a owl:ObjectProperty ; + rdfs:comment """Records a hyperparameter used to build the AI model contained in the AI +package."""@en ; + rdfs:range ns1:DictionaryEntry . + + ns2:inferenceEnergyConsumption a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed during inference time by an AI model +that is being used in the AI system."""@en ; + rdfs:range ns2:EnergyConsumptionDescription . + + ns2:informationAboutApplication a owl:DatatypeProperty ; + rdfs:comment """Provides relevant information about the AI software, not including the model +description."""@en ; + rdfs:range xsd:string . + + ns2:informationAboutTraining a owl:DatatypeProperty ; + rdfs:comment "Describes relevant information about different steps of the training process."@en ; + rdfs:range xsd:string . + + ns2:limitation a owl:DatatypeProperty ; + rdfs:comment "Captures a limitation of the AI software."@en ; + rdfs:range xsd:string . + + ns2:metric a owl:ObjectProperty ; + rdfs:comment "Records the measurement of prediction quality of the AI model."@en ; + rdfs:range ns1:DictionaryEntry . + + ns2:metricDecisionThreshold a owl:ObjectProperty ; + rdfs:comment """Captures the threshold that was used for computation of a metric described in +the metric field."""@en ; + rdfs:range ns1:DictionaryEntry . + + ns2:modelDataPreprocessing a owl:DatatypeProperty ; + rdfs:comment """Describes all the preprocessing steps applied to the training data before the +model training."""@en ; + rdfs:range xsd:string . + + ns2:modelExplainability a owl:DatatypeProperty ; + rdfs:comment "Describes methods that can be used to explain the results from the AI model."@en ; + rdfs:range xsd:string . + + ns2:safetyRiskAssessment a owl:ObjectProperty ; + rdfs:comment "Records the results of general safety risk assessment of the AI system."@en ; + rdfs:range ns2:SafetyRiskAssessmentType . + + ns2:standardCompliance a owl:DatatypeProperty ; + rdfs:comment "Captures a standard that is being complied with."@en ; + rdfs:range xsd:string . + + ns2:trainingEnergyConsumption a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when training the AI model that is +being used in the AI system."""@en ; + rdfs:range ns2:EnergyConsumptionDescription . + + ns2:typeOfModel a owl:DatatypeProperty ; + rdfs:comment "Records the type of the model used in the AI software."@en ; + rdfs:range xsd:string . + + ns2:useSensitivePersonalInformation a owl:ObjectProperty ; + rdfs:comment """Records if sensitive personal information is used during model training or +could be used during the inference."""@en ; + rdfs:range ns1:PresenceType . + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the time at which a build stops."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment """A buildId is a locally unique identifier used by a builder to identify a unique +instance of a build produced by it."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Property describing the start time of a build."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment """A buildType is a hint that is used to indicate the toolchain, platform, or +infrastructure that the build was invoked on."""@en ; + rdfs:range xsd:anyURI . + + a owl:ObjectProperty ; + rdfs:comment """Property that describes the digest of the build configuration file used to +invoke a build."""@en ; + rdfs:range ns1:Hash . + + a owl:DatatypeProperty ; + rdfs:comment "Property describes the invocation entrypoint of a build."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the URI of the build configuration source file."@en ; + rdfs:range xsd:anyURI . + + a owl:ObjectProperty ; + rdfs:comment "Property describing the session in which a build is invoked."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:ObjectProperty ; + rdfs:comment "Property describing a parameter used in an instance of a build."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:NamedIndividual, + ns1:AnnotationType ; + rdfs:label "other" ; + rdfs:comment "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element)."@en . + + a owl:NamedIndividual, + ns1:AnnotationType ; + rdfs:label "review" ; + rdfs:comment "Used when someone reviews the Element."@en . + + ns1:Bom a owl:Class ; + rdfs:comment """A container for a grouping of SPDX-3.0 content characterizing details +(provenence, composition, licensing, etc.) about a product."""@en ; + rdfs:subClassOf ns1:Bundle ; + sh:nodeKind sh:IRI . + + ns1:Bundle a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of Elements that have a shared context."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property _:N63f963c2c8a4467bb803f9af7eaafd3d . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cpe22" ; + rdfs:comment "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)"@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cpe23" ; + rdfs:comment "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)"@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cve" ; + rdfs:comment "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "email" ; + rdfs:comment "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "packageUrl" ; + rdfs:comment "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "securityOther" ; + rdfs:comment "Used when there is a security related identifier of unspecified type."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "swid" ; + rdfs:comment "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "urlScheme" ; + rdfs:comment "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "altDownloadLocation" ; + rdfs:comment "A reference to an alternative download location."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "altWebPage" ; + rdfs:comment "A reference to an alternative web page."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "binaryArtifact" ; + rdfs:comment "A reference to binary artifacts related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "bower" ; + rdfs:comment "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "buildMeta" ; + rdfs:comment "A reference build metadata related to a published package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "buildSystem" ; + rdfs:comment "A reference build system used to create or publish the package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "certificationReport" ; + rdfs:comment "A reference to a certification report for a package from an accredited/independent body."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "chat" ; + rdfs:comment "A reference to the instant messaging system used by the maintainer for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "componentAnalysisReport" ; + rdfs:comment "A reference to a Software Composition Analysis (SCA) report."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "cwe" ; + rdfs:comment "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "documentation" ; + rdfs:comment "A reference to the documentation for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "dynamicAnalysisReport" ; + rdfs:comment "A reference to a dynamic analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "eolNotice" ; + rdfs:comment "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "exportControlAssessment" ; + rdfs:comment "A reference to a export control assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "funding" ; + rdfs:comment "A reference to funding information related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "issueTracker" ; + rdfs:comment "A reference to the issue tracker for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "license" ; + rdfs:comment "A reference to additional license information related to an artifact."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "mailingList" ; + rdfs:comment "A reference to the mailing list used by the maintainer for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "mavenCentral" ; + rdfs:comment "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "metrics" ; + rdfs:comment "A reference to metrics related to package such as OpenSSF scorecards."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "npm" ; + rdfs:comment "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "nuget" ; + rdfs:comment "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "privacyAssessment" ; + rdfs:comment "A reference to a privacy assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "productMetadata" ; + rdfs:comment "A reference to additional product metadata such as reference within organization's product catalog."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "purchaseOrder" ; + rdfs:comment "A reference to a purchase order for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "qualityAssessmentReport" ; + rdfs:comment "A reference to a quality assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "releaseHistory" ; + rdfs:comment "A reference to a published list of releases for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "releaseNotes" ; + rdfs:comment "A reference to the release notes for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "riskAssessment" ; + rdfs:comment "A reference to a risk assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "runtimeAnalysisReport" ; + rdfs:comment "A reference to a runtime analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "secureSoftwareAttestation" ; + rdfs:comment "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityAdversaryModel" ; + rdfs:comment "A reference to the security adversary model for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityAdvisory" ; + rdfs:comment "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityFix" ; + rdfs:comment "A reference to the patch or source code that fixes a vulnerability."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityOther" ; + rdfs:comment "A reference to related security information of unspecified type."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityPenTestReport" ; + rdfs:comment "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityPolicy" ; + rdfs:comment "A reference to instructions for reporting newly discovered security vulnerabilities for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityThreatModel" ; + rdfs:comment "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "socialMedia" ; + rdfs:comment "A reference to a social media channel for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "sourceArtifact" ; + rdfs:comment "A reference to an artifact containing the sources for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "staticAnalysisReport" ; + rdfs:comment "A reference to a static analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "support" ; + rdfs:comment "A reference to the software support channel or other support information for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vcs" ; + rdfs:comment "A reference to a version control system related to a software artifact."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vulnerabilityDisclosureReport" ; + rdfs:comment "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vulnerabilityExploitabilityAssessment" ; + rdfs:comment "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "build" ; + rdfs:comment "A relationship has specific context implications during an element's build phase, during development."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "design" ; + rdfs:comment "A relationship has specific context implications during an element's design."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "development" ; + rdfs:comment "A relationship has specific context implications during development phase of an element."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "other" ; + rdfs:comment "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "runtime" ; + rdfs:comment "A relationship has specific context implications during the execution phase of an element."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "test" ; + rdfs:comment "A relationship has specific context implications during an element's testing phase, during development."@en . + + ns1:Organization a owl:Class ; + rdfs:comment "A group of people who work together in an organized way for a shared purpose."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "ai" ; + rdfs:comment "the element follows the AI profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "build" ; + rdfs:comment "the element follows the Build profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "core" ; + rdfs:comment "the element follows the Core profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "dataset" ; + rdfs:comment "the element follows the Dataset profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "expandedLicensing" ; + rdfs:comment "the element follows the ExpandedLicensing profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "extension" ; + rdfs:comment "the element follows the Extension profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "lite" ; + rdfs:comment "the element follows the Lite profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "security" ; + rdfs:comment "the element follows the Security profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "simpleLicensing" ; + rdfs:comment "the element follows the SimpleLicensing profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "software" ; + rdfs:comment "the element follows the Software profile specification"@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "complete" ; + rdfs:comment "The relationship is known to be exhaustive."@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "incomplete" ; + rdfs:comment "The relationship is known not to be exhaustive."@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "noAssertion" ; + rdfs:comment "No assertion can be made about the completeness of the relationship."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "affects" ; + rdfs:comment "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "amendedBy" ; + rdfs:comment "The `from` Element is amended by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "ancestorOf" ; + rdfs:comment "The `from` Element is an ancestor of each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "availableFrom" ; + rdfs:comment "The `from` Element is available from the additional supplier described by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "configures" ; + rdfs:comment "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "contains" ; + rdfs:comment "The `from` Element contains each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "coordinatedBy" ; + rdfs:comment "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "copiedTo" ; + rdfs:comment "The `from` Element has been copied to each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "delegatedTo" ; + rdfs:comment "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "dependsOn" ; + rdfs:comment "The `from` Element depends on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "descendantOf" ; + rdfs:comment "The `from` Element is a descendant of each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "describes" ; + rdfs:comment "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "doesNotAffect" ; + rdfs:comment "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "expandsTo" ; + rdfs:comment "The `from` archive expands out as an artifact described by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "exploitCreatedBy" ; + rdfs:comment "The `from` Vulnerability has had an exploit created against it by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "fixedBy" ; + rdfs:comment "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "fixedIn" ; + rdfs:comment "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "foundBy" ; + rdfs:comment "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "generates" ; + rdfs:comment "The `from` Element generates each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAddedFile" ; + rdfs:comment "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAssessmentFor" ; + rdfs:comment "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAssociatedVulnerability" ; + rdfs:comment "Used to associate a `from` Artifact with each `to` Vulnerability."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasConcludedLicense" ; + rdfs:comment "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDataFile" ; + rdfs:comment "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDeclaredLicense" ; + rdfs:comment "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDeletedFile" ; + rdfs:comment "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDependencyManifest" ; + rdfs:comment "The `from` Element has manifest files that contain dependency information in each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDistributionArtifact" ; + rdfs:comment "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDocumentation" ; + rdfs:comment "The `from` Element is documented by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDynamicLink" ; + rdfs:comment "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasEvidence" ; + rdfs:comment "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasExample" ; + rdfs:comment "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasHost" ; + rdfs:comment "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasInput" ; + rdfs:comment "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasMetadata" ; + rdfs:comment "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOptionalComponent" ; + rdfs:comment "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOptionalDependency" ; + rdfs:comment "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOutput" ; + rdfs:comment "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasPrerequisite" ; + rdfs:comment "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasProvidedDependency" ; + rdfs:comment "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasRequirement" ; + rdfs:comment "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasSpecification" ; + rdfs:comment "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasStaticLink" ; + rdfs:comment "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasTest" ; + rdfs:comment "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasTestCase" ; + rdfs:comment "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasVariant" ; + rdfs:comment "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "invokedBy" ; + rdfs:comment "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "modifiedBy" ; + rdfs:comment "The `from` Element is modified by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "other" ; + rdfs:comment "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "packagedBy" ; + rdfs:comment "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "patchedBy" ; + rdfs:comment "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "publishedBy" ; + rdfs:comment "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "reportedBy" ; + rdfs:comment "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "republishedBy" ; + rdfs:comment "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "serializedInArtifact" ; + rdfs:comment "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "testedOn" ; + rdfs:comment "The `from` Element has been tested on the `to` Element(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "trainedOn" ; + rdfs:comment "The `from` Element has been trained on the `to` Element(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "underInvestigationFor" ; + rdfs:comment "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "usesTool" ; + rdfs:comment "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "deployed" ; + rdfs:comment "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "development" ; + rdfs:comment "the artifact is in active development and is not considered ready for formal support from the supplier."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "endOfSupport" ; + rdfs:comment "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "limitedSupport" ; + rdfs:comment "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "noAssertion" ; + rdfs:comment "no assertion about the type of support is made. This is considered the default if no other support type is used."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "noSupport" ; + rdfs:comment "there is no support for the artifact from the supplier, consumer assumes any support obligations."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "support" ; + rdfs:comment "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . + + ns1:annotationType a owl:ObjectProperty ; + rdfs:comment "Describes the type of annotation."@en ; + rdfs:range ns1:AnnotationType . + + ns1:beginIntegerRange a owl:DatatypeProperty ; + rdfs:comment "Defines the beginning of a range."@en ; + rdfs:range xsd:positiveInteger . + + ns1:builtTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was built."@en ; + rdfs:range xsd:dateTimeStamp . + + ns1:completeness a owl:ObjectProperty ; + rdfs:comment "Provides information about the completeness of relationships."@en ; + rdfs:range ns1:RelationshipCompleteness . + + ns1:context a owl:DatatypeProperty ; + rdfs:comment """Gives information about the circumstances or unifying properties +that Elements of the bundle have been assembled under."""@en ; + rdfs:range xsd:string . + + ns1:created a owl:DatatypeProperty ; + rdfs:comment "Identifies when the Element was originally created."@en ; + rdfs:range xsd:dateTimeStamp . + + ns1:createdBy a owl:ObjectProperty ; + rdfs:comment "Identifies who or what created the Element."@en ; + rdfs:range ns1:Agent . + + ns1:createdUsing a owl:ObjectProperty ; + rdfs:comment "Identifies the tooling that was used during the creation of the Element."@en ; + rdfs:range ns1:Tool . + + ns1:creationInfo a owl:ObjectProperty ; + rdfs:comment "Provides information about the creation of the Element."@en ; + rdfs:range ns1:CreationInfo . + + ns1:dataLicense a owl:ObjectProperty ; + rdfs:comment """Provides the license under which the SPDX documentation of the Element can be +used."""@en ; + rdfs:range . + + ns1:definingArtifact a owl:ObjectProperty ; + rdfs:comment """Artifact representing a serialization instance of SPDX data containing the +definition of a particular Element."""@en ; + rdfs:range ns1:Artifact . + + ns1:description a owl:DatatypeProperty ; + rdfs:comment "Provides a detailed description of the Element."@en ; + rdfs:range xsd:string . + + ns1:element a owl:ObjectProperty ; + rdfs:comment "Refers to one or more Elements that are part of an ElementCollection."@en ; + rdfs:range ns1:Element . + + ns1:endIntegerRange a owl:DatatypeProperty ; + rdfs:comment "Defines the end of a range."@en ; + rdfs:range xsd:positiveInteger . + + ns1:endTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is no longer applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp . + + ns1:extension a owl:ObjectProperty ; + rdfs:comment "Specifies an Extension characterization of some aspect of an Element."@en ; + rdfs:range . + + ns1:externalIdentifier a owl:ObjectProperty ; + rdfs:comment """Provides a reference to a resource outside the scope of SPDX-3.0 content +that uniquely identifies an Element."""@en ; + rdfs:range ns1:ExternalIdentifier . + + ns1:externalIdentifierType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external identifier."@en ; + rdfs:range ns1:ExternalIdentifierType . + + ns1:externalRef a owl:ObjectProperty ; + rdfs:comment """Points to a resource outside the scope of the SPDX-3.0 content +that provides additional characteristics of an Element."""@en ; + rdfs:range ns1:ExternalRef . + + ns1:externalRefType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external reference."@en ; + rdfs:range ns1:ExternalRefType . + + ns1:externalSpdxId a owl:DatatypeProperty ; + rdfs:comment """Identifies an external Element used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + rdfs:range xsd:anyURI . + + ns1:from a owl:ObjectProperty ; + rdfs:comment "References the Element on the left-hand side of a relationship."@en ; + rdfs:range ns1:Element . + + ns1:identifier a owl:DatatypeProperty ; + rdfs:comment "Uniquely identifies an external element."@en ; + rdfs:range xsd:string . + + ns1:identifierLocator a owl:DatatypeProperty ; + rdfs:comment "Provides the location for more information regarding an external identifier."@en ; + rdfs:range xsd:anyURI . + + ns1:import a owl:ObjectProperty ; + rdfs:comment "Provides an ExternalMap of Element identifiers."@en ; + rdfs:range ns1:ExternalMap . + + ns1:issuingAuthority a owl:DatatypeProperty ; + rdfs:comment "An entity that is authorized to issue identification credentials."@en ; + rdfs:range xsd:string . + + ns1:key a owl:DatatypeProperty ; + rdfs:comment "A key used in a generic key-value pair."@en ; + rdfs:range xsd:string . + + ns1:locationHint a owl:DatatypeProperty ; + rdfs:comment "Provides an indication of where to retrieve an external Element."@en ; + rdfs:range xsd:anyURI . + + ns1:locator a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an external reference."@en ; + rdfs:range xsd:string . + + ns1:name a owl:DatatypeProperty ; + rdfs:comment "Identifies the name of an Element as designated by the creator."@en ; + rdfs:range xsd:string . + + ns1:namespace a owl:DatatypeProperty ; + rdfs:comment """Provides an unambiguous mechanism for conveying a URI fragment portion of an +Element ID."""@en ; + rdfs:range xsd:anyURI . + + ns1:namespaceMap a owl:ObjectProperty ; + rdfs:comment "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance."@en ; + rdfs:range ns1:NamespaceMap . + + ns1:originatedBy a owl:ObjectProperty ; + rdfs:comment "Identifies from where or whom the Element originally came."@en ; + rdfs:range ns1:Agent . + + ns1:packageVerificationCodeExcludedFile a owl:DatatypeProperty ; + rdfs:comment """The relative file name of a file to be excluded from the +`PackageVerificationCode`."""@en ; + rdfs:range xsd:string . + + ns1:prefix a owl:DatatypeProperty ; + rdfs:comment "A substitute for a URI."@en ; + rdfs:range xsd:string . + + ns1:profileConformance a owl:ObjectProperty ; + rdfs:comment """Describes one a profile which the creator of this ElementCollection intends to +conform to."""@en ; + rdfs:range ns1:ProfileIdentifierType . + + ns1:relationshipType a owl:ObjectProperty ; + rdfs:comment "Information about the relationship between two Elements."@en ; + rdfs:range ns1:RelationshipType . + + ns1:releaseTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was released."@en ; + rdfs:range xsd:dateTimeStamp . + + ns1:rootElement a owl:ObjectProperty ; + rdfs:comment "This property is used to denote the root Element(s) of a tree of elements contained in a BOM."@en ; + rdfs:range ns1:Element . + + ns1:scope a owl:ObjectProperty ; + rdfs:comment "Capture the scope of information about a specific relationship between elements."@en ; + rdfs:range ns1:LifecycleScopeType . + + ns1:specVersion a owl:DatatypeProperty ; + rdfs:comment """Provides a reference number that can be used to understand how to parse and +interpret an Element."""@en ; + rdfs:range xsd:string . + + ns1:standardName a owl:DatatypeProperty ; + rdfs:comment "The name of a relevant standard that may apply to an artifact."@en ; + rdfs:range xsd:string . + + ns1:startTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp . + + ns1:statement a owl:DatatypeProperty ; + rdfs:comment "Commentary on an assertion that an annotator has made."@en ; + rdfs:range xsd:string . + + ns1:subject a owl:ObjectProperty ; + rdfs:comment "An Element an annotator has made an assertion about."@en ; + rdfs:range ns1:Element . + + ns1:summary a owl:DatatypeProperty ; + rdfs:comment "A short description of an Element."@en ; + rdfs:range xsd:string . + + ns1:supportLevel a owl:ObjectProperty ; + rdfs:comment "Specifies the level of support associated with an artifact."@en ; + rdfs:range ns1:SupportType . + + ns1:to a owl:ObjectProperty ; + rdfs:comment "References an Element on the right-hand side of a relationship."@en ; + rdfs:range ns1:Element . + + ns1:validUntilTime a owl:DatatypeProperty ; + rdfs:comment """Specifies until when the artifact can be used before its usage needs to be +reassessed."""@en ; + rdfs:range xsd:dateTimeStamp . + + ns1:value a owl:DatatypeProperty ; + rdfs:comment "A value used in a generic key-value pair."@en ; + rdfs:range xsd:string . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "amber" ; + rdfs:comment "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis."@en . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "clear" ; + rdfs:comment "Dataset may be distributed freely, without restriction."@en . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "green" ; + rdfs:comment "Dataset can be shared within a community of peers and partners."@en . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "red" ; + rdfs:comment "Data points in the dataset are highly confidential and can only be shared with named recipients."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "clickthrough" ; + rdfs:comment "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "directDownload" ; + rdfs:comment "the dataset is publicly available and can be downloaded directly."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "query" ; + rdfs:comment "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "registration" ; + rdfs:comment "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "scrapingScript" ; + rdfs:comment "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "audio" ; + rdfs:comment "data is audio based, such as a collection of music from the 80s."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "categorical" ; + rdfs:comment "data that is classified into a discrete number of categories, such as the eye color of a population of people."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "graph" ; + rdfs:comment "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "image" ; + rdfs:comment "data is a collection of images such as pictures of animals."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "noAssertion" ; + rdfs:comment "data type is not known."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "numeric" ; + rdfs:comment "data consists only of numeric entries."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "other" ; + rdfs:comment "data is of a type not included in this list."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "sensor" ; + rdfs:comment "data is recorded from a physical sensor, such as a thermometer reading or biometric device."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "structured" ; + rdfs:comment "data is stored in tabular format or retrieved from a relational database."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "syntactic" ; + rdfs:comment "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "text" ; + rdfs:comment "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "timeseries" ; + rdfs:comment "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "timestamp" ; + rdfs:comment "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "video" ; + rdfs:comment "data is video based, such as a collection of movie clips featuring Tom Hanks."@en . + + ns4:anonymizationMethodUsed a owl:DatatypeProperty ; + rdfs:comment "Describes the anonymization methods used."@en ; + rdfs:range xsd:string . + + ns4:confidentialityLevel a owl:ObjectProperty ; + rdfs:comment "Describes the confidentiality level of the data points contained in the dataset."@en ; + rdfs:range ns4:ConfidentialityLevelType . + + ns4:dataCollectionProcess a owl:DatatypeProperty ; + rdfs:comment "Describes how the dataset was collected."@en ; + rdfs:range xsd:string . + + ns4:dataPreprocessing a owl:DatatypeProperty ; + rdfs:comment "Describes the preprocessing steps that were applied to the raw data to create the given dataset."@en ; + rdfs:range xsd:string . + + ns4:datasetAvailability a owl:ObjectProperty ; + rdfs:comment "The field describes the availability of a dataset."@en ; + rdfs:range ns4:DatasetAvailabilityType . + + ns4:datasetNoise a owl:DatatypeProperty ; + rdfs:comment "Describes potentially noisy elements of the dataset."@en ; + rdfs:range xsd:string . + + ns4:datasetSize a owl:DatatypeProperty ; + rdfs:comment "Captures the size of the dataset."@en ; + rdfs:range xsd:nonNegativeInteger . + + ns4:datasetType a owl:ObjectProperty ; + rdfs:comment "Describes the type of the given dataset."@en ; + rdfs:range ns4:DatasetType . + + ns4:datasetUpdateMechanism a owl:DatatypeProperty ; + rdfs:comment "Describes a mechanism to update the dataset."@en ; + rdfs:range xsd:string . + + ns4:hasSensitivePersonalInformation a owl:ObjectProperty ; + rdfs:comment "Describes if any sensitive personal information is present in the dataset."@en ; + rdfs:range ns1:PresenceType . + + ns4:intendedUse a owl:DatatypeProperty ; + rdfs:comment "Describes what the given dataset should be used for."@en ; + rdfs:range xsd:string . + + ns4:knownBias a owl:DatatypeProperty ; + rdfs:comment "Records the biases that the dataset is known to encompass."@en ; + rdfs:range xsd:string . + + ns4:sensor a owl:ObjectProperty ; + rdfs:comment "Describes a sensor used for collecting the data."@en ; + rdfs:range ns1:DictionaryEntry . + + ns6:additionText a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition."@en ; + rdfs:range xsd:string . + + ns6:isDeprecatedAdditionId a owl:DatatypeProperty ; + rdfs:comment "Specifies whether an additional text identifier has been marked as deprecated."@en ; + rdfs:range xsd:boolean . + + ns6:isDeprecatedLicenseId a owl:DatatypeProperty ; + rdfs:comment """Specifies whether a license or additional text identifier has been marked as +deprecated."""@en ; + rdfs:range xsd:boolean . + + ns6:isFsfLibre a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as free by the +Free Software Foundation (FSF)."""@en ; + rdfs:range xsd:boolean . + + ns6:isOsiApproved a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as approved by the +Open Source Initiative (OSI)."""@en ; + rdfs:range xsd:boolean . + + ns6:standardAdditionTemplate a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition, in SPDX templating format."@en ; + rdfs:range xsd:string . + + ns6:standardLicenseHeader a owl:DatatypeProperty ; + rdfs:comment """Provides a License author's preferred text to indicate that a file is covered +by the License."""@en ; + rdfs:range xsd:string . + + ns6:standardLicenseTemplate a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License, in SPDX templating format."@en ; + rdfs:range xsd:string . + + ns6:subjectAddition a owl:ObjectProperty ; + rdfs:comment "A LicenseAddition participating in a 'with addition' model."@en ; + rdfs:range ns6:LicenseAddition . + + ns6:subjectExtendableLicense a owl:ObjectProperty ; + rdfs:comment "A License participating in a 'with addition' model."@en ; + rdfs:range ns6:ExtendableLicense . + + ns6:subjectLicense a owl:ObjectProperty ; + rdfs:comment "A License participating in an 'or later' model."@en ; + rdfs:range ns6:License . + + a owl:DatatypeProperty ; + rdfs:comment "A name used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "A value used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Provides a map of a property names to a values."@en ; + rdfs:range . + + a owl:NamedIndividual, + ns5:ExploitCatalogType ; + rdfs:label "kev" ; + rdfs:comment "CISA's Known Exploited Vulnerability (KEV) Catalog"@en . + + a owl:NamedIndividual, + ns5:ExploitCatalogType ; + rdfs:label "other" ; + rdfs:comment "Other exploit catalogs"@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "act" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "attend" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "track" ; + rdfs:comment "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "trackStar" ; + rdfs:comment "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "componentNotPresent" ; + rdfs:comment "The software is not affected because the vulnerable component is not in the product."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "inlineMitigationsAlreadyExist" ; + rdfs:comment "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "vulnerableCodeCannotBeControlledByAdversary" ; + rdfs:comment "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "vulnerableCodeNotInExecutePath" ; + rdfs:comment "The affected code is not reachable through the execution of the code, including non-anticipated states of the product."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "vulnerableCodeNotPresent" ; + rdfs:comment "The product is not affected because the code underlying the vulnerability is not present in the product."@en . + + ns5:actionStatement a owl:DatatypeProperty ; + rdfs:comment """Provides advise on how to mitigate or remediate a vulnerability when a VEX product +is affected by it."""@en ; + rdfs:range xsd:string . + + ns5:actionStatementTime a owl:DatatypeProperty ; + rdfs:comment """Records the time when a recommended action was communicated in a VEX statement +to mitigate a vulnerability."""@en ; + rdfs:range xsd:dateTimeStamp . + + ns5:assessedElement a owl:ObjectProperty ; + rdfs:comment """Specifies an Element contained in a piece of software where a vulnerability was +found."""@en ; + rdfs:range ns3:SoftwareArtifact . + + ns5:catalogType a owl:ObjectProperty ; + rdfs:comment "Specifies the exploit catalog type."@en ; + rdfs:range ns5:ExploitCatalogType . + + ns5:decisionType a owl:ObjectProperty ; + rdfs:comment """Provide the enumeration of possible decisions in the +[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)."""@en ; + rdfs:range ns5:SsvcDecisionType . + + ns5:exploited a owl:DatatypeProperty ; + rdfs:comment "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog."@en ; + rdfs:range xsd:boolean . + + ns5:impactStatement a owl:DatatypeProperty ; + rdfs:comment """Explains why a VEX product is not affected by a vulnerability. It is an +alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable +justification label."""@en ; + rdfs:range xsd:string . + + ns5:impactStatementTime a owl:DatatypeProperty ; + rdfs:comment "Timestamp of impact statement."@en ; + rdfs:range xsd:dateTimeStamp . + + ns5:justificationType a owl:ObjectProperty ; + rdfs:comment """Impact justification label to be used when linking a vulnerability to an element +representing a VEX product with a VexNotAffectedVulnAssessmentRelationship +relationship."""@en ; + rdfs:range ns5:VexJustificationType . + + ns5:locator a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an exploit catalog."@en ; + rdfs:range xsd:anyURI . + + ns5:percentile a owl:DatatypeProperty ; + rdfs:comment "The percentile of the current probability score."@en ; + rdfs:range xsd:decimal . + + ns5:probability a owl:DatatypeProperty ; + rdfs:comment "A probability score between 0 and 1 of a vulnerability being exploited."@en ; + rdfs:range xsd:decimal . + + ns5:statusNotes a owl:DatatypeProperty ; + rdfs:comment "Conveys information about how VEX status was determined."@en ; + rdfs:range xsd:string . + + ns5:vexVersion a owl:DatatypeProperty ; + rdfs:comment "Specifies the version of a VEX statement."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment """Maps a LicenseRef or AdditionRef string for a Custom License or a Custom +License Addition to its URI ID."""@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:DatatypeProperty ; + rdfs:comment "A string in the license expression format."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "The version of the SPDX License List used in the license expression."@en ; + rdfs:range xsd:string . + + a owl:NamedIndividual, + ns3:ContentIdentifierType ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . + + a owl:NamedIndividual, + ns3:ContentIdentifierType ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + + a owl:NamedIndividual, + ns3:FileKindType ; + rdfs:label "directory" ; + rdfs:comment "The file represents a directory and all content stored in that directory."@en . + + a owl:NamedIndividual, + ns3:FileKindType ; + rdfs:label "file" ; + rdfs:comment "The file represents a single file (default)."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "analyzed" ; + rdfs:comment "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "build" ; + rdfs:comment "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "deployed" ; + rdfs:comment "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "design" ; + rdfs:comment "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "runtime" ; + rdfs:comment "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "source" ; + rdfs:comment "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact."@en . + + ns3:additionalPurpose a owl:ObjectProperty ; + rdfs:comment "Provides additional purpose information of the software artifact."@en ; + rdfs:range ns3:SoftwarePurpose . + + ns3:attributionText a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record acknowledgement text for +a software Package, File or Snippet."""@en ; + rdfs:range xsd:string . + + ns3:byteRange a owl:DatatypeProperty ; + rdfs:comment """Defines the byte range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange . + + ns3:contentIdentifier a owl:DatatypeProperty ; + rdfs:comment """A canonical, unique, immutable identifier of the artifact content, that may be +used for verifying its identity and/or integrity."""@en ; + rdfs:range ns3:ContentIdentifier . + + ns3:contentIdentifierType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the content identifier."@en ; + rdfs:range ns3:ContentIdentifierType . + + ns3:contentIdentifierValue a owl:DatatypeProperty ; + rdfs:comment "Specifies the value of the content identifier."@en ; + rdfs:range xsd:anyURI . + + ns3:copyrightText a owl:DatatypeProperty ; + rdfs:comment """Identifies the text of one or more copyright notices for a software Package, +File or Snippet, if any."""@en ; + rdfs:range xsd:string . + + ns3:downloadLocation a owl:DatatypeProperty ; + rdfs:comment """Identifies the download Uniform Resource Identifier for the package at the time +that the document was created."""@en ; + rdfs:range xsd:anyURI . + + ns3:fileKind a owl:ObjectProperty ; + rdfs:comment "Describes if a given file is a directory or non-directory kind of file."@en ; + rdfs:range ns3:FileKindType . + + ns3:homePage a owl:DatatypeProperty ; + rdfs:comment """A place for the SPDX document creator to record a website that serves as the +package's home page."""@en ; + rdfs:range xsd:anyURI . + + ns3:lineRange a owl:DatatypeProperty ; + rdfs:comment """Defines the line range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange . + + ns3:packageUrl a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record the package URL string +(in accordance with the Package URL specification) for a software Package."""@en ; + rdfs:range xsd:anyURI . + + ns3:packageVersion a owl:DatatypeProperty ; + rdfs:comment "Identify the version of a package."@en ; + rdfs:range xsd:string . + + ns3:primaryPurpose a owl:ObjectProperty ; + rdfs:comment "Provides information about the primary purpose of the software artifact."@en ; + rdfs:range ns3:SoftwarePurpose . + + ns3:sbomType a owl:ObjectProperty ; + rdfs:comment "Provides information about the type of an SBOM."@en ; + rdfs:range ns3:SbomType . + + ns3:snippetFromFile a owl:ObjectProperty ; + rdfs:comment "Defines the original host file that the snippet information applies to."@en ; + rdfs:range ns3:File . + + ns3:sourceInfo a owl:DatatypeProperty ; + rdfs:comment """Records any relevant background information or additional comments +about the origin of the package."""@en ; + rdfs:range xsd:string . + + ns2:EnergyConsumption a owl:Class, + sh:NodeShape ; + rdfs:comment """A class for describing the energy consumption incurred by an AI model in +different stages of its lifecycle."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N250a4372ab014e66ba3eec07accb85dc, + _:N50c6944cf3544d0ab17d40d70d7715c3, + _:Nd05558aa816f416f8c26895bb8d1d9bb . + + ns1:ExternalIdentifier a owl:Class, + sh:NodeShape ; + rdfs:comment "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N0d09683a42354debacdd0b0625119609, + _:N13396ee366a94de388e2aff47754e81f, + _:Nbd14f0a1267744e89f6930e710689414, + _:Ne883dfda4a7445ceb1e70f39ddd03fea, + _:Nf71f6300b14a4726a20ffad899bed919 . + + ns1:ExternalMap a owl:Class, + sh:NodeShape ; + rdfs:comment """A map of Element identifiers that are used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N894cee407d8747ec8adc2f05ce722a86, + _:Nb345ac20ec3244e480ec30eee26dc06e, + _:Nd2a11bb8a1a14a82994d02e9dd610275, + _:Nebecc80c7e4045d1b3ad15ab0c1d04ec . + + ns1:ExternalRef a owl:Class, + sh:NodeShape ; + rdfs:comment "A reference to a resource outside the scope of SPDX-3.0 content related to an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N0b728d22a9674ecc87af12fde5aae61c, + _:N5ab248e680454bbcb3ed254de24ac49f, + _:N72a328f4b7e14cb194d99b35236c3430, + _:Nddcc9ac569c4442b894f208d7722b4f8 . + + ns1:Hash a owl:Class, + sh:NodeShape ; + rdfs:comment "A mathematically calculated representation of a grouping of data."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N4e4b35788e1b4064b856bcd8d2cc6670, + _:Naf01116eff7c4759be95f8f97c257d9c . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "adler32" ; + rdfs:comment "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b256" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b384" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b512" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake3" ; + rdfs:comment "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "crystalsDilithium" ; + rdfs:comment "[Dilithium](https://pq-crystals.org/dilithium/)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "crystalsKyber" ; + rdfs:comment "[Kyber](https://pq-crystals.org/kyber/)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "falcon" ; + rdfs:comment "[FALCON](https://falcon-sign.info/falcon.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md2" ; + rdfs:comment "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md4" ; + rdfs:comment "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md5" ; + rdfs:comment "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md6" ; + rdfs:comment "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "other" ; + rdfs:comment "any hashing algorithm that does not exist in this list of entries"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha1" ; + rdfs:comment "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha224" ; + rdfs:comment "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha256" ; + rdfs:comment "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha384" ; + rdfs:comment "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_224" ; + rdfs:comment "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_256" ; + rdfs:comment "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_384" ; + rdfs:comment "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_512" ; + rdfs:comment "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha512" ; + rdfs:comment "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + + ns1:IndividualElement a owl:Class ; + rdfs:comment """A concrete subclass of Element used by Individuals in the +Core profile."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + + ns1:NamespaceMap a owl:Class, + sh:NodeShape ; + rdfs:comment "A mapping between prefixes and namespace partial URIs."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N763c69315ee040a88ca27b5205984626, + _:Na96bc2776ef4488595f136d0fbac26a6 . + + ns1:Relationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Describes a relationship between one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:N3c163fcab8684aa09c61e78b4cbb9b38, + _:N53970517ea09401691d51549f8e0fd90, + _:N73e74213eec84d8daaa36a51dab963d6, + _:Nae8e63939c7c4cf4aa4ba555362d775c, + _:Nb3e77cdb9a14442eafb0659c7081c110, + _:Nd11df36dd5014f759eab790e847b9857 . + + ns1:Tool a owl:Class ; + rdfs:comment "An element of hardware and/or software utilized to carry out a particular function."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + + ns1:algorithm a owl:ObjectProperty ; + rdfs:comment "Specifies the algorithm used for calculating the hash value."@en ; + rdfs:range ns1:HashAlgorithm . + + ns1:hashValue a owl:DatatypeProperty ; + rdfs:comment "The result of applying a hash algorithm to an Element."@en ; + rdfs:range xsd:string . + + ns1:suppliedBy a owl:ObjectProperty ; + rdfs:comment """Identifies who or what supplied the artifact or VulnAssessmentRelationship +referenced by the Element."""@en ; + rdfs:range ns1:Agent . + + ns1:verifiedUsing a owl:ObjectProperty ; + rdfs:comment """Provides an IntegrityMethod with which the integrity of an Element can be +asserted."""@en ; + rdfs:range ns1:IntegrityMethod . + + ns6:IndividualLicensingInfo a owl:Class ; + rdfs:comment """A concrete subclass of AnyLicenseInfo used by Individuals in the +ExpandedLicensing profile."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI . + + ns6:deprecatedVersion a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this license or exception +identifier was deprecated."""@en ; + rdfs:range xsd:string . + + ns6:licenseXml a owl:DatatypeProperty ; + rdfs:comment """Identifies all the text and metadata associated with a license in the license +XML format."""@en ; + rdfs:range xsd:string . + + ns6:listVersionAdded a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this ListedLicense or +ListedLicenseException identifier was first added."""@en ; + rdfs:range xsd:string . + + ns6:member a owl:ObjectProperty ; + rdfs:comment "A license expression participating in a license set."@en ; + rdfs:range . + + ns6:obsoletedBy a owl:DatatypeProperty ; + rdfs:comment """Specifies the licenseId that is preferred to be used in place of a deprecated +License or LicenseAddition."""@en ; + rdfs:range xsd:string . + + ns6:seeAlso a owl:DatatypeProperty ; + rdfs:comment "Contains a URL where the License or LicenseAddition can be found in use."@en ; + rdfs:range xsd:anyURI . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A property name with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N2056bd91659a4260a6eb99a0cbdd9f14, + _:Na92e8ceda7e548bb9a144c2e9c857639 . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "critical" ; + rdfs:comment "When a CVSS score is between 9.0 - 10.0"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "high" ; + rdfs:comment "When a CVSS score is between 7.0 - 8.9"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "low" ; + rdfs:comment "When a CVSS score is between 0.1 - 3.9"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "medium" ; + rdfs:comment "When a CVSS score is between 4.0 - 6.9"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "none" ; + rdfs:comment "When a CVSS score is 0.0"@en . + + ns5:modifiedTime a owl:DatatypeProperty ; + rdfs:comment "Specifies a time when a vulnerability assessment was modified"@en ; + rdfs:range xsd:dateTimeStamp . + + ns5:publishedTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time when a vulnerability was published."@en ; + rdfs:range xsd:dateTimeStamp . + + ns5:severity a owl:ObjectProperty ; + rdfs:comment "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software."@en ; + rdfs:range ns5:CvssSeverityType . + + ns5:withdrawnTime a owl:DatatypeProperty ; + rdfs:comment "Specified the time and date when a vulnerability was withdrawn."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License or Addition."@en ; + rdfs:range xsd:string . + + ns3:ContentIdentifier a owl:Class, + sh:NodeShape ; + rdfs:comment "A canonical, unique, immutable identifier"@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N453a2981f56c4d3a943752e7740f87fd, + _:N45b62edbd5f3406dba20232288ec19fd . + + ns3:File a owl:Class, + sh:NodeShape ; + rdfs:comment "Refers to any object that stores content on a computer."@en ; + rdfs:subClassOf ns3:SoftwareArtifact ; + sh:nodeKind sh:IRI ; + sh:property _:N2b7fa052bf664f2a9e1923831d282602, + _:N87131d5acc2b478ba16230f714aa0bb0 . + + ns3:Package a owl:Class, + sh:NodeShape ; + rdfs:comment """Refers to any unit of content that can be associated with a distribution of +software."""@en ; + rdfs:subClassOf ns3:SoftwareArtifact ; + sh:nodeKind sh:IRI ; + sh:property _:N65301d1be04341678842dfc049e2a33c, + _:N7091d1b764924e4db3551e0b422e61ba, + _:N9eda1b52fa264730ab0b383d300e1726, + _:Nbc1332652da345c49ad3c948238f404b, + _:Nc38c872821b548ee8f430a027b2d711f . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "application" ; + rdfs:comment "The Element is a software application."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "archive" ; + rdfs:comment "The Element is an archived collection of one or more files (.tar, .zip, etc.)."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "bom" ; + rdfs:comment "The Element is a bill of materials."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "configuration" ; + rdfs:comment "The Element is configuration data."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "container" ; + rdfs:comment "The Element is a container image which can be used by a container runtime application."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "data" ; + rdfs:comment "The Element is data."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "device" ; + rdfs:comment "The Element refers to a chipset, processor, or electronic board."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "deviceDriver" ; + rdfs:comment "The Element represents software that controls hardware devices."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "diskImage" ; + rdfs:comment "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "documentation" ; + rdfs:comment "The Element is documentation."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "evidence" ; + rdfs:comment "The Element is the evidence that a specification or requirement has been fulfilled."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "executable" ; + rdfs:comment "The Element is an Artifact that can be run on a computer."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "file" ; + rdfs:comment "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.)."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "filesystemImage" ; + rdfs:comment "The Element is a file system image that can be written to a disk (or virtual) partition."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "firmware" ; + rdfs:comment "The Element provides low level control over a device's hardware."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "framework" ; + rdfs:comment "The Element is a software framework."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "install" ; + rdfs:comment "The Element is used to install software on disk."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "library" ; + rdfs:comment "The Element is a software library."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "manifest" ; + rdfs:comment "The Element is a software manifest."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "model" ; + rdfs:comment "The Element is a machine learning or artificial intelligence model."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "module" ; + rdfs:comment "The Element is a module of a piece of software."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "operatingSystem" ; + rdfs:comment "The Element is an operating system."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "other" ; + rdfs:comment "The Element doesn't fit into any of the other categories."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "patch" ; + rdfs:comment "The Element contains a set of changes to update, fix, or improve another Element."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "platform" ; + rdfs:comment "The Element represents a runtime environment."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "requirement" ; + rdfs:comment "The Element provides a requirement needed as input for another Element."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "source" ; + rdfs:comment "The Element is a single or a collection of source files."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "specification" ; + rdfs:comment "The Element is a plan, guideline or strategy how to create, perform or analyze an application."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "test" ; + rdfs:comment "The Element is a test used to verify functionality on an software element."@en . + + ns1:ElementCollection a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of Elements, not necessarily with unifying context."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:N0bf807da343b4645904db560abf69583, + _:Nc4156282a9c34b6190b0869cdc1793db, + _:Nc9ccffdec66347509395f75c9845128f, + _:Ne3b40c9739164b2eb0ae163374d9c4ac . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "no" ; + rdfs:comment "Indicates absence of the field."@en . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "noAssertion" ; + rdfs:comment "Makes no assertion about the field."@en . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "yes" ; + rdfs:comment "Indicates presence of the field."@en . + + ns1:contentType a owl:DatatypeProperty ; + rdfs:comment "Provides information about the content type of an Element or a Property."@en ; + rdfs:range xsd:string . + + ns5:score a owl:DatatypeProperty ; + rdfs:comment "Provides a numerical (0-10) representation of the severity of a vulnerability."@en ; + rdfs:range xsd:decimal . + + ns5:vectorString a owl:DatatypeProperty ; + rdfs:comment "Specifies the CVSS vector string for a vulnerability."@en ; + rdfs:range xsd:string . + + ns1:AnnotationType a owl:Class ; + rdfs:comment "Specifies the type of an annotation."@en . + + ns1:PositiveIntegerRange a owl:Class, + sh:NodeShape ; + rdfs:comment "A tuple of two positive integers that define a range."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N80dac4ea19f44488ae2dc09ba1429116, + _:Nf44042158d4d4c85a5bd6a0fcb538498 . + + a owl:Class ; + rdfs:comment "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N3b695bebf32746039b555b8460ffe552 . + + ns5:ExploitCatalogType a owl:Class ; + rdfs:comment "Specifies the exploit catalog type."@en . + + ns3:ContentIdentifierType a owl:Class ; + rdfs:comment "Specifies the type of a content identifier."@en . + + ns3:FileKindType a owl:Class ; + rdfs:comment "Enumeration of the different kinds of SPDX file."@en . + + ns2:EnergyUnitType a owl:Class ; + rdfs:comment "Specifies the unit of energy consumption."@en . + + ns1:Artifact a owl:Class, + sh:NodeShape ; + rdfs:comment "A distinct article or unit within the digital domain."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:N06465237afe4406eb4803558f7a57c08, + _:N5d195bb929fc404584503e9c9b17a526, + _:N737b3d5b3c8f4cb7b5fb665b52f1dd96, + _:Nba03adbea09d477299a596cac9fd8319, + _:Nc704d39d408f41caa9805e140ff0016a, + _:Nd8679c5e3311467ca097a4151ac8fa54, + _:Nda791debefe5491aa84d61433873c630, + _:Ndb31c53559be41e0b28e79b74da0b557 . + + ns1:RelationshipCompleteness a owl:Class ; + rdfs:comment "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness."@en . + + ns1:SpdxOrganization a owl:NamedIndividual, + ns1:Organization ; + rdfs:comment "An Organization representing the SPDX Project."@en ; + owl:sameAs ; + ns1:creationInfo . + + ns1:comment a owl:DatatypeProperty ; + rdfs:comment """Provide consumers with comments by the creator of the Element about the +Element."""@en ; + rdfs:range xsd:string . + + ns6:ExtendableLicense a owl:Class ; + rdfs:comment "Abstract class representing a License or an OrLaterOperator."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property _:Nbb0a3a63cdba4f078c6de6eef7ff6579 . + + ns6:License a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract class for the portion of an AnyLicenseInfo representing a license."@en ; + rdfs:subClassOf ns6:ExtendableLicense ; + sh:nodeKind sh:IRI ; + sh:property _:N4b7945a329d940d7a4167237a4e60e53, + _:N5e678b3ba38745b58c0103b8e085d5c8, + _:N72dd028519c2443b94229cfc4a2639bc, + _:N79e0fdc8a753446e8e1931aab90b02ae, + _:Na3b27046864941989a486e5a70e0edb4, + _:Nc37985fef6884679b49d387a2ef08d3f, + _:Nc7f12b88e8f5489dacbbfeb81192696a, + _:Nd3d538fe1cb544b5808c51dffd844c81, + _:Ndde9f898797c42b989ef522557debf64, + _:Ne778a773be4f408192f2ed37c6143a5d . + + ns6:LicenseAddition a owl:Class, + sh:NodeShape ; + rdfs:comment """Abstract class for additional text intended to be added to a License, but +which is not itself a standalone License."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:N4881d1614aa0403894d16c3ca276d790, + _:N73f9586a8a7d4b978afcb9cfe998050b, + _:N7c9974a53d5443c5831f3e7dc56073d0, + _:Nbbbec88245754e9d9390b9a11f0b67c2, + _:Nd33af007bad14a4594f7039df1c5df75, + _:Nd77657e0b19d459c931f64f48ed7e1a6, + _:Nfe1814d375d7456e843deb8cde1cf341 . + + ns5:VexVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all VEX relationships"@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property _:N0781395df11e44a6a3186f0fa8908958, + _:N1d4668e7f12244a7a9407b898c9b0534, + _:Na5a538a0052340c0ba01747cca3d3da8 . + + ns2:EnergyConsumptionDescription a owl:Class, + sh:NodeShape ; + rdfs:comment """The class that helps note down the quantity of energy consumption and the unit +used for measurement."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N904326509fc04cc4be66ea123ed9fdc4, + _:Na1cdda0a73e94e598b769cac4a5a5cb8 . + + ns2:SafetyRiskAssessmentType a owl:Class ; + rdfs:comment "Specifies the safety risk level."@en . + + ns4:ConfidentialityLevelType a owl:Class ; + rdfs:comment "Categories of confidentiality level."@en . + + ns5:SsvcDecisionType a owl:Class ; + rdfs:comment "Specifies the SSVC decision type."@en . + + ns3:SoftwareArtifact a owl:Class, + sh:NodeShape ; + rdfs:comment "A distinct article or unit related to Software."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property _:N2b94274553ab4bc2bbc78307f39b3327, + _:N58b8de667bb54771976a5e86a8a8139a, + _:N5912892962274966938ef83f3f23c015, + _:Na1ce1658c3be4bc0b082944caae9ddea, + _:Ne03121e956234709bc0f8f288597ff50, + _:Nfbb5f5e996be44989d31d47d46540443 . + + ns1:CreationInfo a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides information about the creation of the Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N61753ca6fa484199b143356d20b0476e, + _:N68e2aefd82ab40c59cc6c2bfeab0adc4, + _:N98018fef19484e2fae944af82b21920e, + _:Nca9532c3dd0b421e95d0800b68e3442a, + _:Nf7fd042770064703a84cd9039273e4f7 . + + ns1:IntegrityMethod a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an independently reproducible mechanism that permits verification of a specific Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N10f5cc15b506459db381c02764d60e76, + _:N7a48123f699948b5867af1fec0d7b88e . + + ns4:DatasetAvailabilityType a owl:Class ; + rdfs:comment "Availability of dataset."@en . + + ns5:VexJustificationType a owl:Class ; + rdfs:comment "Specifies the VEX justification type."@en . + + ns1:LifecycleScopeType a owl:Class ; + rdfs:comment "Provide an enumerated set of lifecycle phases that can provide context to relationships."@en . + + ns5:CvssSeverityType a owl:Class ; + rdfs:comment "Specifies the CVSS base, temporal, threat, or environmental severity type."@en . + + ns5:VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all vulnerability assessments"@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property _:N1a0a0b40de254f55a8372bba19b60496, + _:N74551d5c49b94ece99a5fdec0d58d233, + _:N90cb783276d74a2881e21a08abf01e2f, + _:Naa7e95f812804669b3e89daed8d27b21, + _:Nce6e2333750a40619f2e93e40be35d7e, + _:Nf507b9bee5ae4254bafe4ce3c72a9f18 . + + ns3:SbomType a owl:Class ; + rdfs:comment """Provides a set of values to be used to describe the common types of SBOMs that +tools may create."""@en . + + ns1:PresenceType a owl:Class ; + rdfs:comment "Categories of presence or absence."@en . + + ns1:SupportType a owl:Class ; + rdfs:comment "Indicates the type of support that is associated with an artifact."@en . + + ns1:Agent a owl:Class ; + rdfs:comment "Agent represents anything with the potential to act on a system."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + + ns1:ProfileIdentifierType a owl:Class ; + rdfs:comment "Enumeration of the valid profiles."@en . + + a owl:Class ; + rdfs:comment "Abstract class representing a license combination consisting of one or more licenses."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property _:Nd6f4245b3ebe44e6b100782b191deb97 . + + ns1:ExternalIdentifierType a owl:Class ; + rdfs:comment "Specifies the type of an external identifier."@en . + + ns1:DictionaryEntry a owl:Class, + sh:NodeShape ; + rdfs:comment "A key with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property _:N187a93895c7b43bea96131212a0ba3f5, + _:Nbd47cac50394462f9015e00ec4b449a6 . + + ns4:DatasetType a owl:Class ; + rdfs:comment "Enumeration of dataset types."@en . + + ns1:Element a owl:Class, + sh:NodeShape ; + rdfs:comment "Base domain class from which all other SPDX-3.0 domain classes derive."@en ; + sh:nodeKind sh:IRI ; + sh:property _:N00fcf1f501a749fc9cbbdbdf23a7aaa8, + _:N269b628c85f04f5d8a10fa3c500745a4, + _:N61b9a25cae674e199ce6572456d8e72f, + _:N675847984777421d9fb9b171cdf0bb53, + _:N7a66c734ced842b4913ff95c5f5cf452, + _:N951ec4cbce414b3bab847840bf18d59f, + _:Nbac401e4be1249dd86dd149952baf59b, + _:Nc3c21678fc9a459784f054a6954a9aa8, + _:Nf26016059c3e414da185e30155b543f5, + _:Nff33e8337dc8421d9e74b338e35a75d5 . + + ns1:HashAlgorithm a owl:Class ; + rdfs:comment "A mathematical algorithm that maps data of arbitrary size to a bit string."@en . + + ns3:SoftwarePurpose a owl:Class ; + rdfs:comment "Provides information about the primary purpose of an Element."@en . + + ns1:ExternalRefType a owl:Class ; + rdfs:comment "Specifies the type of an external reference."@en . + + ns1:RelationshipType a owl:Class ; + rdfs:comment "Information about the relationship between two Elements."@en . + + _:N00d83dee7aa44a7991821a46e83e5164 sh:class ns4:ConfidentialityLevelType ; + sh:in _:N2456bf573caa4efeab27607dfed5a451 ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:confidentialityLevel . + + _:N00fcf1f501a749fc9cbbdbdf23a7aaa8 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:description . + + _:N024478cff6eb4ef48dc45dabdb7b0a35 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:informationAboutTraining . + + _:N0274510beacf46b0b7cd7048ff3cbb4d rdf:first ; + rdf:rest _:N3b50e4323e8b4d388d8d522e18a49070 . + + _:N02daaf1ea3874989948c16e26274de9f rdf:first ; + rdf:rest _:N06a4b77ca26e4742a10723dc3349c395 . + + _:N02fadd3757064be6a0b797d8675b611e rdf:first ; + rdf:rest _:Nef3e82bf7eac41aa8dc101eabd0f1815 . + + _:N03140b327b9d4620b37b847528c7140b rdf:first ; + rdf:rest _:N4d2df683a0ea4c39be288b78f9e61ca4 . + + _:N034bf868068348fb92f2f33976cad5ae sh:datatype xsd:nonNegativeInteger ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:datasetSize . + + _:N036299b1f2af44eeb966da8a1217ac9e rdf:first ; + rdf:rest _:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3 . + + _:N037a9f94d4da4593a56a6804fca57483 rdf:first ; + rdf:rest _:N163b018b3d984833a5523252ed920c58 . + + _:N05edbc4959e844438800e546abaebaea rdf:first ; + rdf:rest () . + + _:N06465237afe4406eb4803558f7a57c08 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:builtTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:N06a4b77ca26e4742a10723dc3349c395 rdf:first ; + rdf:rest _:N03140b327b9d4620b37b847528c7140b . + + _:N0713bbcf2b1f4e23b912a81e12b5d270 rdf:first ; + rdf:rest _:Nbd013d07f45a42d99931fe619ee4ca95 . + + _:N072d6f5c7eee40859e3a93d05034536f rdf:first ; + rdf:rest _:N4a3178783c58491bb646a056a8dbb37a . + + _:N0753f471dae945e885cde15702c705bb rdf:first ; + rdf:rest _:N619e2a32fb994ed69f916340e12ed7f3 . + + _:N0781395df11e44a6a3186f0fa8908958 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:statusNotes . + + _:N07868b0098174c478ac47f3fbc946ff0 rdf:first ; + rdf:rest _:N2061c93cd5774c61823bf76c952d5242 . + + _:N07cb32d0626a45cfbea37a7dd2a8b854 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" . + + _:N0a961d271f304c8cbb2e0a1307a9d8ad sh:hasValue ns6:License . + + _:N0b3155ddb4cc46678a8dadb3eb9e5e43 rdf:first ; + rdf:rest _:N1dd7c94072d1478ca91bee2c7af967a8 . + + _:N0b353053b3cd41e89351acf39abb719c rdf:first ; + rdf:rest () . + + _:N0b728d22a9674ecc87af12fde5aae61c sh:class ns1:ExternalRefType ; + sh:in _:N3899f43be1b142148dc7af5c1cd6a1b9 ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalRefType . + + _:N0bf807da343b4645904db560abf69583 sh:class ns1:ProfileIdentifierType ; + sh:in _:N1bd597d8851e43b79e3bde3fb6388627 ; + sh:nodeKind sh:IRI ; + sh:path ns1:profileConformance . + + _:N0c3b30ca2bdf4cb1839bdc608bc41186 rdf:first ; + rdf:rest _:N0713bbcf2b1f4e23b912a81e12b5d270 . + + _:N0c49370c41124d50ac6081418cb2432d rdf:first ; + rdf:rest _:N511c01e1b6a146c3bf99fe3e88272f2e . + + _:N0cac787ed3f3421fa6687df4da790a0c rdf:first ; + rdf:rest _:N44928392b4d8458f847c7fd69533d2ee . + + _:N0d09683a42354debacdd0b0625119609 sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifierLocator . + + _:N0d2bee57931544d786ff3bc0afb223b0 rdf:first ; + rdf:rest _:N8f1dd8dbe42e46fb934adf94515048b1 . + + _:N0dc54ccc3f8d4afe897d7be97f9f6928 rdf:first ; + rdf:rest _:N6946aaeee89545da9d91b8527c54139a . + + _:N0e31c4b45c4b442e9f1d32ab917a76ae rdf:first ; + rdf:rest _:N0e471571470240e5872be57bfd58fed9 . + + _:N0e471571470240e5872be57bfd58fed9 rdf:first ; + rdf:rest _:Ndbf7c5384f2242b98dd62b6a8d6a503f . + + _:N0e4d30a5dd60459dbbb5efc7333deb37 rdf:first ; + rdf:rest _:N10ab85203a394bd3ba6ef86074d64233 . + + _:N0eb0fa7732fb4a2db7455731d6a1ce53 rdf:first ; + rdf:rest _:Nd73c69088f734dffb4cc9539c637aecf . + + _:N0f4d0a9a8e7d46a0b9cf255274bcce6b rdf:first ; + rdf:rest _:N70cf024bfa9e40a08de101b510631f60 . + + _:N0f568f8825144082a14a0e000b8ff13f rdf:first ; + rdf:rest _:N89d641eef49d4a5f9ef42bfe5c4221bd . + + _:N10002d3538094764a9c6d3893234cd04 rdf:first ; + rdf:rest _:N037a9f94d4da4593a56a6804fca57483 . + + _:N105628f6c8b040edb9db617f35f30bec sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:actionStatementTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:N10ab85203a394bd3ba6ef86074d64233 rdf:first ; + rdf:rest _:N0b353053b3cd41e89351acf39abb719c . + + _:N10f5cc15b506459db381c02764d60e76 sh:message "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:Ne41f054fce23460dba46863153e67567 ; + sh:path rdf:type . + + _:N1256cfafa26e453a9d5f8b08cc5920d7 rdf:first ; + rdf:rest _:N4182e8c878544ebb842682b1ece2bd3a . + + _:N1314ef461724483f9bd5c56d939b17c4 rdf:first ; + rdf:rest _:N4dcad64fd9cf4af2b8d6ea98d6c5450a . + + _:N132cde65c9b14a1694d400388aecf0cc rdf:first ; + rdf:rest _:N23a349d7f4a14351adf4c70293152926 . + + _:N13396ee366a94de388e2aff47754e81f sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:issuingAuthority . + + _:N1358bfc70dc14db6aa3a799228bc2fdd rdf:first ; + rdf:rest _:N4091b2fb3d5c417fad7305927740d1d5 . + + _:N13acbf7806c648f19f147c9073a04385 sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:metric . + + _:N13f4d81403034faaa93ea1abc3bd3d91 rdf:first ; + rdf:rest _:Ncff880d9e9c24887adcf512cbce2a444 . + + _:N14d2ccc3ee7749088945c0ba96e7a88a rdf:first ; + rdf:rest _:N2dbc8b0a30da433a94050a3ab1190bb8 . + + _:N14d7232930234cad917631e1993d7ccd rdf:first ; + rdf:rest () . + + _:N163b018b3d984833a5523252ed920c58 rdf:first ; + rdf:rest () . + + _:N163fe4499b2a454a9641b23118bf53ae sh:class ns6:ExtendableLicense ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns6:subjectExtendableLicense . + + _:N1647e706f6764e7d9ec4e0aa8979d0c6 sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path . + + _:N168bcfc831bd4f85b6a82742eb7ad4f5 rdf:first ; + rdf:rest _:Ned1f0afb78d3460c9478383abf3da36b . + + _:N16cb468a2dcd423bb3654b71a6f00062 rdf:first ; + rdf:rest _:N7b5b4ad7f9a54d91a292ac0738539050 . + + _:N17c879855daa4fd7b7d7ef9da34e7ea6 rdf:first ; + rdf:rest _:N8ff2b7ece321489a9ff262a2c697c89c . + + _:N184c02d9c66a4e9d988d681d20c5ddc6 rdf:first ; + rdf:rest _:N32f50a51e84f4a2499a5d17f54bbed6b . + + _:N186b972a57284ae1946b3f7d8e762830 rdf:first ; + rdf:rest _:N66595c518c6248f69bdca82dccebf454 . + + _:N187a93895c7b43bea96131212a0ba3f5 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:value . + + _:N1a0279389d714631b1d12935e9f2b014 rdf:first ; + rdf:rest _:N70cbc4a60eda4e648df0df882fab278d . + + _:N1a0a0b40de254f55a8372bba19b60496 sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy . + + _:N1a8882804ac24104946e7afa0b36905a rdf:first ; + rdf:rest _:Nc7b49cc0a08745e08e5ba42ee492184f . + + _:N1aac3c1c2ffb45d79910e133d9ec02f9 rdf:first ; + rdf:rest _:N3c34004e669a4f809790739b55299420 . + + _:N1bd597d8851e43b79e3bde3fb6388627 rdf:first ; + rdf:rest _:Neff5f08fa9fd4aaeb51026e2484443c7 . + + _:N1d4668e7f12244a7a9407b898c9b0534 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vexVersion . + + _:N1dd7c94072d1478ca91bee2c7af967a8 rdf:first ; + rdf:rest _:N34cf4751490f48f9852ff2fa143a6321 . + + _:N2056bd91659a4260a6eb99a0cbdd9f14 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path . + + _:N2061c93cd5774c61823bf76c952d5242 rdf:first ; + rdf:rest _:N6369a0cffc0445e888c1e30a54a5be5d . + + _:N210fbcf85b384009a2cee68e4a7e6b78 rdf:first ; + rdf:rest _:N02daaf1ea3874989948c16e26274de9f . + + _:N220b4463e39147e99e8eeeb9974c5370 rdf:first ; + rdf:rest _:N75f6c4472b7b45349200afcce0dbacef . + + _:N230a41f8c8d549b8844a37595ce56867 rdf:first ; + rdf:rest () . + + _:N236307149ca247fcad8df1b0dd41fcfc rdf:first ; + rdf:rest _:N88ce0438020d4326924db53dec9bd6b5 . + + _:N23a349d7f4a14351adf4c70293152926 rdf:first ; + rdf:rest _:N6e913b09266e498887238fae6898e289 . + + _:N243ef6907efb40d38e00f4430d63fc19 rdf:first ; + rdf:rest _:N9ed65925a89e40e8b7faaa925d739c72 . + + _:N2456bf573caa4efeab27607dfed5a451 rdf:first ; + rdf:rest _:Nb40076de31ba4cc08826656559e10385 . + + _:N250a4372ab014e66ba3eec07accb85dc sh:class ns2:EnergyConsumptionDescription ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:trainingEnergyConsumption . + + _:N25b71b41baf8408a91b66336f376a5b6 rdf:first ; + rdf:rest _:N29e8eb1e03be45ae92093e6937585f14 . + + _:N261545ecf40d4f65bf47dc050598e90f rdf:first ; + rdf:rest _:N451bba51c46a4c9d9a2343aef3356453 . + + _:N261c61aa119e4f4e9ce3c9387fb29c9f rdf:first ; + rdf:rest _:Nb9165bd1d4e8406eb56e237a892cfba4 . + + _:N264b55b33a4549a6a131d79763879896 rdf:first ; + rdf:rest _:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0 . + + _:N269b628c85f04f5d8a10fa3c500745a4 sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing . + + _:N27a8c8f61e944083abcc670fe4586df8 rdf:first ; + rdf:rest () . + + _:N2847f93323fd468eab2b926c5715c994 rdf:first ; + rdf:rest _:N4a56b875349e44729e9aca40972c86cd . + + _:N288949a61054447689377b531414e0b7 rdf:first ; + rdf:rest _:N41fda4edc0294fce84cdb5688d8ef9ef . + + _:N28c7097edd884a9b92697ec6b6729dc9 rdf:first ; + rdf:rest _:N02fadd3757064be6a0b797d8675b611e . + + _:N29cadfcf5dfa4e73b1b0f56fa6e4352f rdf:first ; + rdf:rest _:Nb2747510507b404f9243bfd7225f629d . + + _:N29e8eb1e03be45ae92093e6937585f14 rdf:first ; + rdf:rest () . + + _:N2a72f2e0c3d44dd5ac4c0633f336d556 sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns4:sensor . + + _:N2aa14aff363e4fc1ab2ed86f71eb8873 rdf:first ; + rdf:rest _:N6ac0694afb0c40c1bb0988b0569f0cb4 . + + _:N2aa73eafba6f4d55938fb60c96ff2379 rdf:first ; + rdf:rest _:N8b5253826157456ba3297cf9f4f8db15 . + + _:N2b7fa052bf664f2a9e1923831d282602 sh:class ns3:FileKindType ; + sh:in _:Na5ef7f1675b84ce99e4f4ca36d200a91 ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:fileKind . + + _:N2b94274553ab4bc2bbc78307f39b3327 sh:class ns3:SoftwarePurpose ; + sh:in _:Nadd6173eaf8b4550a3ec8c90524cc599 ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:primaryPurpose . + + _:N2c7697a923534e9988689746f1d03e41 rdf:first ; + rdf:rest _:Nf4e0c03b381d4fb584571d8fdd2ca0a7 . + + _:N2dbc8b0a30da433a94050a3ab1190bb8 rdf:first ; + rdf:rest _:Nf10e65ca64f84003827c23ef339743e5 . + + _:N2f8145031850475ba01bc466221debed rdf:first ; + rdf:rest _:Nfb655ff9dcc6442baa6046d411f0624c . + + _:N30a10bdc909f4c4bb84f02821147b416 rdf:first ; + rdf:rest _:Nf6a05248229d4fe292d04534a4c4573d . + + _:N30d1dbbf97fb456eb18d38b76c8004d3 rdf:first ; + rdf:rest _:Nece0b4f721a847f98727202b50f4a753 . + + _:N30d5cdb21c144005b1d74c81aa0e129e sh:class ns5:SsvcDecisionType ; + sh:in _:Nbffaba2351c747ef8e380b89888a5f14 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:decisionType . + + _:N315dc3dd043c41a49ffaaba74d10eeb0 rdf:first ; + rdf:rest _:N4e6142c3e2dd4f3f9e2aed1df9452bc7 . + + _:N328adb4bb1ec422084a2169890188a03 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vectorString . + + _:N329ecc1447f349cc968623ddffe6a2f7 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:domain . + + _:N32f50a51e84f4a2499a5d17f54bbed6b rdf:first ; + rdf:rest _:N694be39aecbe44d49f3850275de952ec . + + _:N33da303c78e142a2acc0db12f3ee6686 rdf:first ; + rdf:rest _:Nedaa28cbd856413e95e7805cf2d255dd . + + _:N348ad67a2abe4f9d929b1e20acc594b5 rdf:first ; + rdf:rest _:N52399fdf517c416ebb2e470463b71b5d . + + _:N34cf4751490f48f9852ff2fa143a6321 rdf:first ; + rdf:rest _:Nd1b797da281643468add752e036349fd . + + _:N36b7d391e5cf402199bf454d82f5735c rdf:first ; + rdf:rest _:Nfbd5a9c0923c423a84d0bb8fef89f4a3 . + + _:N377b547285074591a904911ef1fc1977 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:impactStatement . + + _:N37829b662873490d9964f7bbbc300fce rdf:first ; + rdf:rest _:N3c8c7c06f10e44fea576f974877ed15b . + + _:N3899f43be1b142148dc7af5c1cd6a1b9 rdf:first ; + rdf:rest _:N0274510beacf46b0b7cd7048ff3cbb4d . + + _:N38aeb59117654398b393a546eaaa5fd9 rdf:first ; + rdf:rest _:N17c879855daa4fd7b7d7ef9da34e7ea6 . + + _:N38e1279dca3f4e53be4eb3245a0e4ec2 rdf:first ; + rdf:rest () . + + _:N39638ea4b52f4236b7a808cb979d2f4b rdf:first ; + rdf:rest () . + + _:N3b50e4323e8b4d388d8d522e18a49070 rdf:first ; + rdf:rest _:Nac0a6f045e7e4efd9dbaf01201286a14 . + + _:N3b695bebf32746039b555b8460ffe552 sh:message "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:Nb8a14d0c45314542aa2d6a98232399be ; + sh:path rdf:type . + + _:N3ba51db196c04386ae47cb64aab6c95c sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path . + + _:N3bf9008e5422473bb689602da04ccca1 sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:subject . + + _:N3c163fcab8684aa09c61e78b4cbb9b38 sh:class ns1:Element ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:to . + + _:N3c34004e669a4f809790739b55299420 rdf:first ; + rdf:rest _:N5a0ed5449f124c1e9ea7b05f0826cabd . + + _:N3c8c7c06f10e44fea576f974877ed15b rdf:first ; + rdf:rest _:N79b4dcdd054d4ca8a87fc86377c9366b . + + _:N3d9237b249544033acbf7d94cac2b424 rdf:first ; + rdf:rest () . + + _:N3de741ac343042e6ac53564501076e44 rdf:first ; + rdf:rest _:Ne0ff4ba19d0a41c18c6ccfc733f2193d . + + _:N4091b2fb3d5c417fad7305927740d1d5 rdf:first ; + rdf:rest _:N683c5b7b252949bda929dd4befe8bb50 . + + _:N40bcef929ef64825a68929a36aefa27c rdf:first ; + rdf:rest _:N4d92ede494e34e51ba6eca91292dc0dc . + + _:N40f9e58aac214052a173ad93b4ed57e9 rdf:first ; + rdf:rest _:Nf81435c80dee4c1db825f1917f62e947 . + + _:N4182e8c878544ebb842682b1ece2bd3a rdf:first ; + rdf:rest _:Nae7b37ebeef141519b9f1102ae1b30c5 . + + _:N41fda4edc0294fce84cdb5688d8ef9ef rdf:first ; + rdf:rest _:Ne06f01bddfb24f69a9e1c0ba9694b11d . + + _:N425d570f86674f7facee623f8d84a311 rdf:first ; + rdf:rest _:Nbd45f3e248c84b27b2e1a0da67d47a71 . + + _:N4278c3d777ea4ebd81cd23af80459c2d sh:class ns5:CvssSeverityType ; + sh:in _:N82b5fa65536b400a809bd5f3104f6ec0 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:severity . + + _:N4382805b6a5947d38ffcfd8b182bddbf sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:score . + + _:N4466be96ec5a4942b916c3f1fad2d3ee rdf:first ; + rdf:rest _:N14d2ccc3ee7749088945c0ba96e7a88a . + + _:N44928392b4d8458f847c7fd69533d2ee rdf:first ; + rdf:rest _:N0b3155ddb4cc46678a8dadb3eb9e5e43 . + + _:N451bba51c46a4c9d9a2343aef3356453 rdf:first ; + rdf:rest _:N731241b6024d4e109893eb1354404ec5 . + + _:N4538304380bf48b895869aa8dbea3275 rdf:first ; + rdf:rest _:Ne223bb746dc9463bbbe16ca844619e98 . + + _:N453a2981f56c4d3a943752e7740f87fd sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:contentIdentifierValue . + + _:N45481eab750645b4929b7b63c8ca7916 rdf:first ; + rdf:rest _:Nf94717c65e4f4b86b4df261ecf26650d . + + _:N4571ded3acc34f068931feecaa278a44 rdf:first ; + rdf:rest _:N1aac3c1c2ffb45d79910e133d9ec02f9 . + + _:N45b62edbd5f3406dba20232288ec19fd sh:class ns3:ContentIdentifierType ; + sh:in _:N0eb0fa7732fb4a2db7455731d6a1ce53 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:contentIdentifierType . + + _:N461fe7f9c28b4d81a4fb17726fc9adf6 rdf:first ; + rdf:rest () . + + _:N47d32bc3b4e04c9ab083ec76d4f22585 sh:class ns6:License ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns6:subjectLicense . + + _:N4881d1614aa0403894d16c3ca276d790 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:additionText . + + _:N48b3e9d109d34fdeaa6cbef58c05c171 rdf:first ; + rdf:rest _:N220b4463e39147e99e8eeeb9974c5370 . + + _:N4a3178783c58491bb646a056a8dbb37a rdf:first ; + rdf:rest _:N615be2b8b7174608b24884d12a2039ad . + + _:N4a56b875349e44729e9aca40972c86cd rdf:first ; + rdf:rest _:N3de741ac343042e6ac53564501076e44 . + + _:N4aa1ea2c440f4aecb7a6656a599fbf22 sh:class ns1:ExternalMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:import . + + _:N4ac93d52ef544d5cb73aeaeb279b7567 rdf:first ; + rdf:rest _:N07868b0098174c478ac47f3fbc946ff0 . + + _:N4ad4011b5f8c44cbb3e76f5da0885cfd rdf:first ; + rdf:rest _:N9e3f2c4f96904bddb1aa46c01701b0f6 . + + _:N4b7945a329d940d7a4167237a4e60e53 sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isOsiApproved . + + _:N4c8c5257e6c144099de859c3f43b1961 rdf:first ; + rdf:rest _:N97120636b11b4b158892706019486fb5 . + + _:N4d2df683a0ea4c39be288b78f9e61ca4 rdf:first ; + rdf:rest _:N184c02d9c66a4e9d988d681d20c5ddc6 . + + _:N4d86b5ad122d431bbf443326643a51df rdf:first ; + rdf:rest _:Nfbd3df443088485abe551fc6374a3c4c . + + _:N4d92ede494e34e51ba6eca91292dc0dc rdf:first ; + rdf:rest _:Nfc8b91023a9e4e08ae989e08b6c0b9ec . + + _:N4dcad64fd9cf4af2b8d6ea98d6c5450a rdf:first ; + rdf:rest _:N264b55b33a4549a6a131d79763879896 . + + _:N4dda90621fe746a2972ace6f1e26f9c9 rdf:first ; + rdf:rest _:Na00b6f47e860415881f7e8a524a04316 . + + _:N4e1bd25f594a483ab492b4c24a5748eb rdf:first ; + rdf:rest _:N1314ef461724483f9bd5c56d939b17c4 . + + _:N4e4b35788e1b4064b856bcd8d2cc6670 sh:class ns1:HashAlgorithm ; + sh:in _:Nce436d556d4e4606ba37d9ad32d22967 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm . + + _:N4e6142c3e2dd4f3f9e2aed1df9452bc7 rdf:first ; + rdf:rest _:N716ee87802fd4b6f98bfcff38ca5ff8a . + + _:N4f6d0abf94b14a189b945346f00ba9dc sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path . + + _:N4f7ca95fbfad4d20810e92ab09220394 rdf:first ; + rdf:rest _:N95c7a63c89e94f8d9ceb0dd0c34ac9e3 . + + _:N4f925ef656b840928e22aa51252c2976 rdf:first ; + rdf:rest _:Ndb50eefe33ac4feda6cfb13073b5324e . + + _:N4f9424fdcb0643a6b8dbd2c83de164a1 rdf:first ; + rdf:rest _:Ne21f363965114243b81ce67f76575de3 . + + _:N5011f0cdb4544a70b796520ecd436a25 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:listVersionAdded . + + _:N507c6135f8424e8db67fe59ae93eb464 rdf:first ; + rdf:rest _:Nc6d7eec7a63445c8a64113d0e59ce02c . + + _:N50c6944cf3544d0ab17d40d70d7715c3 sh:class ns2:EnergyConsumptionDescription ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:finetuningEnergyConsumption . + + _:N510a0fe04f844da5bb96208d9e6a563c rdf:first ; + rdf:rest _:N9dbe04a2eaac4271aafe4a7650ec4e15 . + + _:N511c01e1b6a146c3bf99fe3e88272f2e rdf:first ; + rdf:rest _:Nd0ec388aab40469ab0a4297c30e0c906 . + + _:N516b1b46dbb04f1c953906f0388bf8b4 sh:class ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path . + + _:N52399fdf517c416ebb2e470463b71b5d rdf:first ; + rdf:rest _:N40f9e58aac214052a173ad93b4ed57e9 . + + _:N53970517ea09401691d51549f8e0fd90 sh:class ns1:RelationshipCompleteness ; + sh:in _:N77f1a43a35e5447c83116261ae574acc ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:completeness . + + _:N542022ab56194a2184bd872572ca204b rdf:first ; + rdf:rest _:N036299b1f2af44eeb966da8a1217ac9e . + + _:N54d1f829ecc441b9b7d9248324cbea6b rdf:first ; + rdf:rest _:N96120491adc84204822952240ddadf13 . + + _:N565a78360e28494ea80897aadf944c0c rdf:first ; + rdf:rest _:N3d9237b249544033acbf7d94cac2b424 . + + _:N576b7fbe3ba74572a6eb065c67761847 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:standardCompliance . + + _:N57e86c05425144f4a08e64395a0d5e1d rdf:first ; + rdf:rest _:N833dac5833c24d35a16d11f2e318aeef . + + _:N58021835a49a4b959f9428f8df7f7198 rdf:first ; + rdf:rest _:Nd77e569c4d2d4d2c9bb29ea462bc94cc . + + _:N58b8de667bb54771976a5e86a8a8139a sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns3:attributionText . + + _:N58c3f747313349d396ead702e2de2953 rdf:first ; + rdf:rest _:N5ddf9ddcd2bc446f8729bd7a23566faf . + + _:N58c62d134f5e41d78440946685ecf0cc sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vectorString . + + _:N5912892962274966938ef83f3f23c015 sh:class ns3:ContentIdentifier ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns3:contentIdentifier . + + _:N59f692071bb64860ab9f02cfb4670088 rdf:first ; + rdf:rest _:N27a8c8f61e944083abcc670fe4586df8 . + + _:N5a0ed5449f124c1e9ea7b05f0826cabd rdf:first ; + rdf:rest _:Ne64dea82135241279d97934d928f2d35 . + + _:N5a2b8b0073a54a3db4d6092f1c5043ed sh:class ns1:HashAlgorithm ; + sh:in _:Nc1bb7a1b7d034342906511e27e066abc ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm . + + _:N5ab248e680454bbcb3ed254de24ac49f sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" . + + _:N5b2278fb3a8e4e239193a033f8b4bf04 rdf:first ; + rdf:rest _:Nf3c62ca118b94d17a1ef6b04e407421c . + + _:N5b2e4dda703849e4933338ff0970e968 rdf:first ; + rdf:rest () . + + _:N5bda6a3731444310990a06326743f6aa sh:hasValue ns1:Element . + + _:N5d195bb929fc404584503e9c9b17a526 sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy . + + _:N5ddf9ddcd2bc446f8729bd7a23566faf rdf:first ; + rdf:rest _:N0cac787ed3f3421fa6687df4da790a0c . + + _:N5e678b3ba38745b58c0103b8e085d5c8 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:standardLicenseHeader . + + _:N5eab3a0a527f4705bdb2f04b7c39e36c rdf:first ; + rdf:rest _:Nb6e99584403541df96486fcac6d79017 . + + _:N5f694c64068844ca80652791ca7749d9 rdf:first ; + rdf:rest _:N4dda90621fe746a2972ace6f1e26f9c9 . + + _:N615be2b8b7174608b24884d12a2039ad rdf:first ; + rdf:rest _:N37829b662873490d9964f7bbbc300fce . + + _:N61753ca6fa484199b143356d20b0476e sh:class ns1:Tool ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdUsing . + + _:N618f8c59ed9345ca8692a68f777a0fb0 rdf:first ; + rdf:rest _:N36b7d391e5cf402199bf454d82f5735c . + + _:N619e2a32fb994ed69f916340e12ed7f3 rdf:first ; + rdf:rest _:N315dc3dd043c41a49ffaaba74d10eeb0 . + + _:N61b9a25cae674e199ce6572456d8e72f sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:summary . + + _:N626b5ad29167479dabae9a9177315404 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:modelDataPreprocessing . + + _:N62b8677868664944abc9f19745aed957 rdf:first ; + rdf:rest _:Ne4baf3becb8740a79f8bceb49f40679f . + + _:N6369a0cffc0445e888c1e30a54a5be5d rdf:first ; + rdf:rest _:Ncc35596b6f164968b0bd35143cbc52ea . + + _:N63f963c2c8a4467bb803f9af7eaafd3d sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:context . + + _:N64a80dfe5e954cf59753ab8a96e4eff3 rdf:first ; + rdf:rest () . + + _:N64ae0543871444f6b7d2a497fcf55186 rdf:first ; + rdf:rest _:Na0242fde5c314aa599a3a00cfb01634c . + + _:N65301d1be04341678842dfc049e2a33c sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:packageVersion . + + _:N66595c518c6248f69bdca82dccebf454 rdf:first ; + rdf:rest _:Na82fb3a822a04f6180f1ca7808276d8f . + + _:N66b43817d95d4468bf805207af159230 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:datasetNoise . + + _:N675847984777421d9fb9b171cdf0bb53 sh:class ns1:ExternalRef ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalRef . + + _:N682abb8a6bbc40e9947aa2d9d66eec4d rdf:first ; + rdf:rest _:N4571ded3acc34f068931feecaa278a44 . + + _:N683c5b7b252949bda929dd4befe8bb50 rdf:first ; + rdf:rest _:N991d42b910e64656b45d7c4ce9e7f5e3 . + + _:N68767751c5f64fc1afe82f2dcbae6636 rdf:first ; + rdf:rest _:N1358bfc70dc14db6aa3a799228bc2fdd . + + _:N687efc23ea2c4c0b9a09c9ca45dc49b3 rdf:first ; + rdf:rest _:Nc91762ec925048e0a85d224bd2bd6d32 . + + _:N68e2aefd82ab40c59cc6c2bfeab0adc4 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:created ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:N6946aaeee89545da9d91b8527c54139a rdf:first ; + rdf:rest () . + + _:N694be39aecbe44d49f3850275de952ec rdf:first ; + rdf:rest _:N29cadfcf5dfa4e73b1b0f56fa6e4352f . + + _:N694e3d4238ff4006b46b450b91f4179a rdf:first ; + rdf:rest _:N9a582f09d0b7426d81ae74b09a5ed252 . + + _:N6aa0e623203745d7b1fb18b485918354 rdf:first ; + rdf:rest _:Nc4286224070a4248ad8590c45a7c8bc6 . + + _:N6ac0694afb0c40c1bb0988b0569f0cb4 rdf:first ; + rdf:rest () . + + _:N6bd3d2cfd9cd4f248e354deb40a851ff rdf:first ; + rdf:rest _:N618f8c59ed9345ca8692a68f777a0fb0 . + + _:N6be5db9035a14b779b13bfa0a5a51c3e rdf:first ; + rdf:rest _:Nd83655f2100e4025b2eefd465fc154ab . + + _:N6e913b09266e498887238fae6898e289 rdf:first ; + rdf:rest _:N6bd3d2cfd9cd4f248e354deb40a851ff . + + _:N6eb9ec15081f404a99935ff4e2aaa14b sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:intendedUse . + + _:N6f8ca85700744b0e9f7a8672675d1dca sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:impactStatementTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:N7091d1b764924e4db3551e0b422e61ba sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:downloadLocation . + + _:N70cbc4a60eda4e648df0df882fab278d rdf:first ; + rdf:rest _:N4c8c5257e6c144099de859c3f43b1961 . + + _:N70cf024bfa9e40a08de101b510631f60 rdf:first ; + rdf:rest _:N4f925ef656b840928e22aa51252c2976 . + + _:N716ee87802fd4b6f98bfcff38ca5ff8a rdf:first ; + rdf:rest _:Nd951591fca6c47c2985dd159db6ad52c . + + _:N722c45f262084ffa9b063b852952397b rdf:first ; + rdf:rest _:Nf4609fa7f53e4898a47341b507b5e03e . + + _:N72a328f4b7e14cb194d99b35236c3430 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment . + + _:N72dd028519c2443b94229cfc4a2639bc sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:N0a961d271f304c8cbb2e0a1307a9d8ad ; + sh:path rdf:type . + + _:N731241b6024d4e109893eb1354404ec5 rdf:first ; + rdf:rest _:N897df0f6e23b488988a2d2db8aad5bc4 . + + _:N734a831b529349fb969fd328dc6dcb1c rdf:first ; + rdf:rest _:N25b71b41baf8408a91b66336f376a5b6 . + + _:N7368659f06844e79815bdbdeac2b73f3 rdf:first ; + rdf:rest _:N2847f93323fd468eab2b926c5715c994 . + + _:N737b3d5b3c8f4cb7b5fb665b52f1dd96 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:standardName . + + _:N73833299f42a4f78b3a3379f9d2302d7 rdf:first ; + rdf:rest _:N38e1279dca3f4e53be4eb3245a0e4ec2 . + + _:N73e74213eec84d8daaa36a51dab963d6 sh:class ns1:RelationshipType ; + sh:in _:Ne93ae5d0cb664d7ab2554eaa72a23f25 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:relationshipType . + + _:N73f9586a8a7d4b978afcb9cfe998050b sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:standardAdditionTemplate . + + _:N74551d5c49b94ece99a5fdec0d58d233 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:modifiedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:N7583808b54c947658126a7846ad7cc76 rdf:first ; + rdf:rest _:N4466be96ec5a4942b916c3f1fad2d3ee . + + _:N75f6c4472b7b45349200afcce0dbacef rdf:first ; + rdf:rest _:N91fee785616543dd9952683d70d387bf . + + _:N763c69315ee040a88ca27b5205984626 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:prefix . + + _:N7676f1bbd99e47659502f87b9936453e sh:class ns1:LifecycleScopeType ; + sh:in _:N5b2278fb3a8e4e239193a033f8b4bf04 ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:scope . + + _:N77f1a43a35e5447c83116261ae574acc rdf:first ; + rdf:rest _:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0 . + + _:N786a3eaa8fbe4cf0bb67c4e086fa8b5b sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:hyperparameter . + + _:N78c7513398064da1a55c5df1b3c96444 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns4:anonymizationMethodUsed . + + _:N79b4dcdd054d4ca8a87fc86377c9366b rdf:first ; + rdf:rest _:N30d1dbbf97fb456eb18d38b76c8004d3 . + + _:N79e0fdc8a753446e8e1931aab90b02ae sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:licenseXml . + + _:N7a48123f699948b5867af1fec0d7b88e sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment . + + _:N7a66c734ced842b4913ff95c5f5cf452 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment . + + _:N7b50bf552c054e5baab961ecc882b722 rdf:first ; + rdf:rest _:Nf593d6da70614e2581430bd37d9cd4ef . + + _:N7b5b4ad7f9a54d91a292ac0738539050 rdf:first ; + rdf:rest _:Nb28702ad1ccc478ba7b8aa42bc12985d . + + _:N7c7a260c778e4d4491ba75a0fe083ebe sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:deprecatedVersion . + + _:N7c9974a53d5443c5831f3e7dc56073d0 sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:N8358def5fd2b4668b759d786315e799f ; + sh:path rdf:type . + + _:N7d2dbee05b72455c995a675186de5fd1 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path . + + _:N7eb015d497fc4c09bb8530f59c65624d rdf:first ; + rdf:rest _:Nbd0d551be201428eb241c70d0e315cfa . + + _:N7f095ac56c3e4bccbcd4348b29980439 rdf:first ; + rdf:rest _:Na461e12485ec495f9d16f08504499025 . + + _:N7f2c8d25f5df4c27b35c70d38090eab3 rdf:first ; + rdf:rest _:N8186b6d9dc534ac1b7a906d040a88d6a . + + _:N80dac4ea19f44488ae2dc09ba1429116 sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:beginIntegerRange . + + _:N80dc66a1ccec469392596c5291fa2864 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:typeOfModel . + + _:N8115c0678af046f9bb8fe56f1541b92b sh:hasValue ns5:VexVulnAssessmentRelationship . + + _:N8186b6d9dc534ac1b7a906d040a88d6a rdf:first ; + rdf:rest _:N9b79adf6684a4d328dc28ae0ee98d95d . + + _:N81c1c3e2bbc4470ab2eaf9e5c6c4d1f0 rdf:first ; + rdf:rest _:N461fe7f9c28b4d81a4fb17726fc9adf6 . + + _:N825f749765e348a0abfef75f63c1588a sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns3:byteRange . + + _:N82b5fa65536b400a809bd5f3104f6ec0 rdf:first ; + rdf:rest _:Ndfe4dc1d7d574b10a92ee8955837ad9d . + + _:N82be0a238ea44c658a60ca20e0c8c6fa sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path . + + _:N833dac5833c24d35a16d11f2e318aeef rdf:first ; + rdf:rest _:Nd90adf23ae66491daa68ac6dd4501bdf . + + _:N8358def5fd2b4668b759d786315e799f sh:hasValue ns6:LicenseAddition . + + _:N83935261300041758021c5a3fbdae6c0 rdf:first ; + rdf:rest _:N7368659f06844e79815bdbdeac2b73f3 . + + _:N85ad449141be453592e9e80c2bc379f4 sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path . + + _:N8692a82c280845c3a6fa37c02ddae229 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:actionStatement . + + _:N8711a8ae5ca942d1bbd795a0144ca9a7 rdf:first ; + rdf:rest _:N13f4d81403034faaa93ea1abc3bd3d91 . + + _:N87131d5acc2b478ba16230f714aa0bb0 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" . + + _:N88ce0438020d4326924db53dec9bd6b5 rdf:first ; + rdf:rest _:N722c45f262084ffa9b063b852952397b . + + _:N88e97455b377466daa24bff58cde8f0d sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:packageVerificationCodeExcludedFile . + + _:N894cee407d8747ec8adc2f05ce722a86 sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:locationHint . + + _:N897df0f6e23b488988a2d2db8aad5bc4 rdf:first ; + rdf:rest _:Nfa72871f5924444491d18910ec431abb . + + _:N89d361d3f1d94de5b28ee82b1d3da3de rdf:first ; + rdf:rest _:N93d2d1d1dc3e4b7ea516ee004f674bfb . + + _:N89d38dc48bd64f1d894f7f8c5494c264 rdf:first ; + rdf:rest _:N0d2bee57931544d786ff3bc0afb223b0 . + + _:N89d641eef49d4a5f9ef42bfe5c4221bd rdf:first ; + rdf:rest _:N230a41f8c8d549b8844a37595ce56867 . + + _:N8a37deb026864cdca312209746e2caaa rdf:first ; + rdf:rest _:Nf3dfbb7f98e84c61b58f5b17e3ae9f19 . + + _:N8ad3af20ea5248df91865def0b7a98de rdf:first ; + rdf:rest _:Nd0d48abef81b4c44a952c0925a6e30a9 . + + _:N8adbab8e05cf4258a0b7e9eedbd03e5f sh:class ns4:DatasetType ; + sh:in _:N7eb015d497fc4c09bb8530f59c65624d ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:datasetType . + + _:N8b5253826157456ba3297cf9f4f8db15 rdf:first ; + rdf:rest _:Nff9c0c2a18f24f76bfa32806ec48ce59 . + + _:N8b86dbc23a22407a9380fbd9376d3b83 rdf:first ; + rdf:rest _:N4f9424fdcb0643a6b8dbd2c83de164a1 . + + _:N8bdb3da6da754d98843024e1dcbe3e43 sh:class ns1:PresenceType ; + sh:in _:Ndc659c8552d54ab684aadbdacdbd7a8d ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:autonomyType . + + _:N8e672d95ff7d48e68c1ed7ecf019b269 sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:exploited . + + _:N8eab6125211e4549a03d744617823ad5 sh:hasValue ns1:ElementCollection . + + _:N8ec4229c1a674693bde766506ca93e87 rdf:first ; + rdf:rest _:N5f694c64068844ca80652791ca7749d9 . + + _:N8f1dd8dbe42e46fb934adf94515048b1 rdf:first ; + rdf:rest () . + + _:N8f24e4128c124ec08b9e80f45a43dd1e sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:statement . + + _:N8ff2b7ece321489a9ff262a2c697c89c rdf:first ; + rdf:rest _:N542022ab56194a2184bd872572ca204b . + + _:N904326509fc04cc4be66ea123ed9fdc4 sh:class ns2:EnergyUnitType ; + sh:in _:N10002d3538094764a9c6d3893234cd04 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:energyUnit . + + _:N90cb783276d74a2881e21a08abf01e2f sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:N986501d57648498ea8ed156092baf32c ; + sh:path rdf:type . + + _:N916e8c3c85774fcd96b700a20240ca75 rdf:first ; + rdf:rest _:Ne976bc717eb6446291a939038610ee2c . + + _:N91adaf3024344ddcbcbf3f943faaad6b sh:class ns1:AnnotationType ; + sh:in _:N2aa14aff363e4fc1ab2ed86f71eb8873 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:annotationType . + + _:N91d11db27b28462b8545b78734a27503 sh:class ns5:ExploitCatalogType ; + sh:in _:N1a8882804ac24104946e7afa0b36905a ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:catalogType . + + _:N91fee785616543dd9952683d70d387bf rdf:first ; + rdf:rest _:N94e6bbd4fb004035a4cbdb3e969a1fbb . + + _:N931294357284457f9a6f643757b29e72 rdf:first ; + rdf:rest _:N687efc23ea2c4c0b9a09c9ca45dc49b3 . + + _:N93d2d1d1dc3e4b7ea516ee004f674bfb rdf:first ; + rdf:rest _:Nc71de92f1cc649fcab4d77d974dac329 . + + _:N942417ca6d844df0914d75b099a457f8 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:modifiedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:N94e6bbd4fb004035a4cbdb3e969a1fbb rdf:first ; + rdf:rest _:Ncf68ed04ac534a92808a38217fa55530 . + + _:N951ec4cbce414b3bab847840bf18d59f sh:class ns1:ExternalIdentifier ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalIdentifier . + + _:N954579de61d84bef909737ad4568a536 sh:class ns3:SbomType ; + sh:in _:N48b3e9d109d34fdeaa6cbef58c05c171 ; + sh:nodeKind sh:IRI ; + sh:path ns3:sbomType . + + _:N95b6da49b56e4298924cd2f153f00905 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:datasetUpdateMechanism . + + _:N95c7a63c89e94f8d9ceb0dd0c34ac9e3 rdf:first ; + rdf:rest _:N348ad67a2abe4f9d929b1e20acc594b5 . + + _:N96120491adc84204822952240ddadf13 rdf:first ; + rdf:rest _:Nb0ab9a298e9845b1b1b770398def929d . + + _:N963f7603cd844b03bd4631e0713b1635 sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ns6:member . + + _:N96c753d614db4e7b844bcb3b5f9ff291 rdf:first ; + rdf:rest _:N168bcfc831bd4f85b6a82742eb7ad4f5 . + + _:N97120636b11b4b158892706019486fb5 rdf:first ; + rdf:rest _:N89d38dc48bd64f1d894f7f8c5494c264 . + + _:N98018fef19484e2fae944af82b21920e sh:class ns1:Agent ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdBy . + + _:N986501d57648498ea8ed156092baf32c sh:hasValue ns5:VulnAssessmentRelationship . + + _:N991d42b910e64656b45d7c4ce9e7f5e3 rdf:first ; + rdf:rest _:N734a831b529349fb969fd328dc6dcb1c . + + _:N9a582f09d0b7426d81ae74b09a5ed252 rdf:first ; + rdf:rest _:N7f095ac56c3e4bccbcd4348b29980439 . + + _:N9b79adf6684a4d328dc28ae0ee98d95d rdf:first ; + rdf:rest _:N5eab3a0a527f4705bdb2f04b7c39e36c . + + _:N9b9dc778bc5c415fad7f82cf4f6047d2 rdf:first ; + rdf:rest _:N68767751c5f64fc1afe82f2dcbae6636 . + + _:N9bb1cced9aa14e08b36ebf9f952b1d01 rdf:first ; + rdf:rest _:Na3743aad0c334d06a729f81988609c9f . + + _:N9bd771ac02cc41519919a01d4deca105 sh:class ns2:SafetyRiskAssessmentType ; + sh:in _:N96c753d614db4e7b844bcb3b5f9ff291 ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:safetyRiskAssessment . + + _:N9c1ccbc2b86f454395a450f736b67eec rdf:first ; + rdf:rest _:N0f4d0a9a8e7d46a0b9cf255274bcce6b . + + _:N9dbe04a2eaac4271aafe4a7650ec4e15 rdf:first ; + rdf:rest _:N261545ecf40d4f65bf47dc050598e90f . + + _:N9e3f2c4f96904bddb1aa46c01701b0f6 rdf:first ; + rdf:rest _:N8ad3af20ea5248df91865def0b7a98de . + + _:N9ed65925a89e40e8b7faaa925d739c72 rdf:first ; + rdf:rest () . + + _:N9eda1b52fa264730ab0b383d300e1726 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:sourceInfo . + + _:Na00b6f47e860415881f7e8a524a04316 rdf:first ; + rdf:rest _:Nf6f1751e3ea84341bdeec66f7c44a8ce . + + _:Na0242fde5c314aa599a3a00cfb01634c rdf:first ; + rdf:rest _:N694e3d4238ff4006b46b450b91f4179a . + + _:Na1cdda0a73e94e598b769cac4a5a5cb8 sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:energyQuantity . + + _:Na1ce1658c3be4bc0b082944caae9ddea sh:message "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:Nff8e6ed55f604249b913b2bbc6d8411d ; + sh:path rdf:type . + + _:Na267e7b88a344e4fbd0c59a6dc760e65 sh:class ns4:DatasetAvailabilityType ; + sh:in _:N89d361d3f1d94de5b28ee82b1d3da3de ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:datasetAvailability . + + _:Na2b089e6c69d4697ae4de61d18f020f7 sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:score . + + _:Na3743aad0c334d06a729f81988609c9f rdf:first ; + rdf:rest _:N7f2c8d25f5df4c27b35c70d38090eab3 . + + _:Na3925605d49b4db382603ae946c37f51 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue . + + _:Na3b27046864941989a486e5a70e0edb4 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:obsoletedBy . + + _:Na3d930b22d4f462cb8bcb86adb108e16 rdf:first ; + rdf:rest _:N236307149ca247fcad8df1b0dd41fcfc . + + _:Na42e3794f624483e818646ed683c5ba2 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns4:dataPreprocessing . + + _:Na44640dae5c34e6ab6f3759a75426eb0 rdf:first ; + rdf:rest _:Nbbe9948554644fd8b49899d278739242 . + + _:Na449b0b56e3540618b2a2698204edde9 sh:class ns5:CvssSeverityType ; + sh:in _:Ndc4add4edebe43f4821fb10dd712e481 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:severity . + + _:Na461e12485ec495f9d16f08504499025 rdf:first ; + rdf:rest _:N73833299f42a4f78b3a3379f9d2302d7 . + + _:Na5a538a0052340c0ba01747cca3d3da8 sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:N8115c0678af046f9bb8fe56f1541b92b ; + sh:path rdf:type . + + _:Na5ef7f1675b84ce99e4f4ca36d200a91 rdf:first ; + rdf:rest _:N14d7232930234cad917631e1993d7ccd . + + _:Na79e142094fb464da3de3ceb4108e4ff rdf:first ; + rdf:rest _:N28c7097edd884a9b92697ec6b6729dc9 . + + _:Na82fb3a822a04f6180f1ca7808276d8f rdf:first ; + rdf:rest _:Nc6bdb22311b243119db2aee3b54fabe4 . + + _:Na8cf54eee3ac40cca0ed6cfdaef6a576 rdf:first ; + rdf:rest () . + + _:Na92e8ceda7e548bb9a144c2e9c857639 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path . + + _:Na96bc2776ef4488595f136d0fbac26a6 sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:namespace . + + _:Naa7e95f812804669b3e89daed8d27b21 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:publishedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Nabd40767fbd84edea7e048b911a681e4 rdf:first ; + rdf:rest _:Ncba4137ebcf84a728acd12bde91130e9 . + + _:Nac0a6f045e7e4efd9dbaf01201286a14 rdf:first ; + rdf:rest _:N2c7697a923534e9988689746f1d03e41 . + + _:Nad909dcc4fad4339a9eb809fabd6a871 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:limitation . + + _:Nadc18a90b6ca4cc3af0fb2aa7418dda8 rdf:first ; + rdf:rest _:Nc2ac7680f26b40408ebfc2b4bb40def7 . + + _:Nadd5d6fa295c47ee82d49e5fde059110 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:listVersionAdded . + + _:Nadd6173eaf8b4550a3ec8c90524cc599 rdf:first ; + rdf:rest _:N4d86b5ad122d431bbf443326643a51df . + + _:Nae7b37ebeef141519b9f1102ae1b30c5 rdf:first ; + rdf:rest _:N682abb8a6bbc40e9947aa2d9d66eec4d . + + _:Nae8e63939c7c4cf4aa4ba555362d775c sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:startTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Naf01116eff7c4759be95f8f97c257d9c sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue . + + _:Nb07efffce0ba43a2bcac0e3a90a48609 rdf:first ; + rdf:rest _:Nb245e59ae52342bea2f1feb05bb80e79 . + + _:Nb0ab9a298e9845b1b1b770398def929d rdf:first ; + rdf:rest _:Nabd40767fbd84edea7e048b911a681e4 . + + _:Nb245e59ae52342bea2f1feb05bb80e79 rdf:first ; + rdf:rest _:N6aa0e623203745d7b1fb18b485918354 . + + _:Nb2747510507b404f9243bfd7225f629d rdf:first ; + rdf:rest _:Nc9235a4485e64fff9b1298095061a58e . + + _:Nb28702ad1ccc478ba7b8aa42bc12985d rdf:first ; + rdf:rest _:Na3d930b22d4f462cb8bcb86adb108e16 . + + _:Nb2f2a5ddadbe4718954d50737f92e201 rdf:first ; + rdf:rest _:Na44640dae5c34e6ab6f3759a75426eb0 . + + _:Nb345ac20ec3244e480ec30eee26dc06e sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing . + + _:Nb3e77cdb9a14442eafb0659c7081c110 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Nb40076de31ba4cc08826656559e10385 rdf:first ; + rdf:rest _:N59f692071bb64860ab9f02cfb4670088 . + + _:Nb4381a5cee3143a482af28cf9a364f3c sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:dataCollectionProcess . + + _:Nb6e99584403541df96486fcac6d79017 rdf:first ; + rdf:rest _:N4538304380bf48b895869aa8dbea3275 . + + _:Nb81407b76fc94f228f1f5ad011d931a5 rdf:first ; + rdf:rest _:Nc82d9b6d9a4a40d6b95e4cd04612ac98 . + + _:Nb850dda843534d3ab3ffbadf70766fef sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vectorString . + + _:Nb8a14d0c45314542aa2d6a98232399be sh:hasValue . + + _:Nb9165bd1d4e8406eb56e237a892cfba4 rdf:first ; + rdf:rest _:N0753f471dae945e885cde15702c705bb . + + _:Nb916f2dfc1c640bd8e0dac9bb5956172 sh:class ns5:VexJustificationType ; + sh:in _:N57e86c05425144f4a08e64395a0d5e1d ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:justificationType . + + _:Nba03adbea09d477299a596cac9fd8319 sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:Ndbfe3b48ba714fb990a0e903863ea1ed ; + sh:path rdf:type . + + _:Nbac401e4be1249dd86dd149952baf59b sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:N5bda6a3731444310990a06326743f6aa ; + sh:path rdf:type . + + _:Nbb0a3a63cdba4f078c6de6eef7ff6579 sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:Ncedd59bf4f1a4436ac8325d34d020df5 ; + sh:path rdf:type . + + _:Nbbbec88245754e9d9390b9a11f0b67c2 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:obsoletedBy . + + _:Nbbe9948554644fd8b49899d278739242 rdf:first ; + rdf:rest _:N7b50bf552c054e5baab961ecc882b722 . + + _:Nbc1332652da345c49ad3c948238f404b sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:packageUrl . + + _:Nbc8ae53aacf942ca88840a6c1d655d6c rdf:first ; + rdf:rest _:N58021835a49a4b959f9428f8df7f7198 . + + _:Nbd013d07f45a42d99931fe619ee4ca95 rdf:first ; + rdf:rest _:N7583808b54c947658126a7846ad7cc76 . + + _:Nbd0d551be201428eb241c70d0e315cfa rdf:first ; + rdf:rest _:Nd0cfba2a98544626a8566f29105598e9 . + + _:Nbd14f0a1267744e89f6930e710689414 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifier . + + _:Nbd45f3e248c84b27b2e1a0da67d47a71 rdf:first ; + rdf:rest _:N54d1f829ecc441b9b7d9248324cbea6b . + + _:Nbd47cac50394462f9015e00ec4b449a6 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:key . + + _:Nbdc672a90df4480da8648bd31507d48e sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path . + + _:Nbf6c9a626dad41fa8a0422cb3ddab7a3 rdf:first ; + rdf:rest _:Ndcdb30d7deca45a8bc3e563144933f0e . + + _:Nbffaba2351c747ef8e380b89888a5f14 rdf:first ; + rdf:rest _:N288949a61054447689377b531414e0b7 . + + _:Nc0c94fed0eb041ef8c4fe70f4b1fd7c0 rdf:first ; + rdf:rest () . + + _:Nc15495aea74e4883afce40f042a057d5 rdf:first ; + rdf:rest _:N58c3f747313349d396ead702e2de2953 . + + _:Nc1bb7a1b7d034342906511e27e066abc rdf:first ; + rdf:rest _:Nf21725c3245f4286b67bd679d3351c59 . + + _:Nc22ee04d695b4582bd604f6206900620 sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:dataLicense . + + _:Nc2ac7680f26b40408ebfc2b4bb40def7 rdf:first ; + rdf:rest _:Nfd592b5830bc43009e433a4172fb036b . + + _:Nc37985fef6884679b49d387a2ef08d3f sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isFsfLibre . + + _:Nc38c872821b548ee8f430a027b2d711f sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:homePage . + + _:Nc3c21678fc9a459784f054a6954a9aa8 sh:class ns1:CreationInfo ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:creationInfo . + + _:Nc4156282a9c34b6190b0869cdc1793db sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:element . + + _:Nc4286224070a4248ad8590c45a7c8bc6 rdf:first ; + rdf:rest _:N425d570f86674f7facee623f8d84a311 . + + _:Nc51fb19223644705a84f646344b7e9d3 sh:class ns6:LicenseAddition ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns6:subjectAddition . + + _:Nc5485992ed4e4cbea07fa6d87ee716ac rdf:first ; + rdf:rest _:Nc85a3a5deac54465a32d993ba5434b00 . + + _:Nc63741a7112e471ba97ce37e05f2dac1 sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:metricDecisionThreshold . + + _:Nc6bdb22311b243119db2aee3b54fabe4 rdf:first ; + rdf:rest () . + + _:Nc6d18260ddfa478b84c2dc19c2059aa2 sh:class ns3:File ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:snippetFromFile . + + _:Nc6d7eec7a63445c8a64113d0e59ce02c rdf:first ; + rdf:rest _:N30a10bdc909f4c4bb84f02821147b416 . + + _:Nc704d39d408f41caa9805e140ff0016a sh:class ns1:Agent ; + sh:nodeKind sh:IRI ; + sh:path ns1:originatedBy . + + _:Nc71de92f1cc649fcab4d77d974dac329 rdf:first ; + rdf:rest _:Nfc3f4dc279d7471b83aa1a9df09f8d3f . + + _:Nc7b49cc0a08745e08e5ba42ee492184f rdf:first ; + rdf:rest () . + + _:Nc7f12b88e8f5489dacbbfeb81192696a sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isDeprecatedLicenseId . + + _:Nc82d9b6d9a4a40d6b95e4cd04612ac98 rdf:first ; + rdf:rest _:N4ad4011b5f8c44cbb3e76f5da0885cfd . + + _:Nc85a3a5deac54465a32d993ba5434b00 rdf:first ; + rdf:rest _:Ne7777394524c4639973161dd3aff2db3 . + + _:Nc8b9ea4213214eccb17ccccf3790161d sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Nc91762ec925048e0a85d224bd2bd6d32 rdf:first ; + rdf:rest _:Nf028d12b2d0f4f6cb20747b6b39a8b5b . + + _:Nc9235a4485e64fff9b1298095061a58e rdf:first ; + rdf:rest _:N05edbc4959e844438800e546abaebaea . + + _:Nc9ccffdec66347509395f75c9845128f sh:message "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:N8eab6125211e4549a03d744617823ad5 ; + sh:path rdf:type . + + _:Nc9ddcdf86e874968aa8f5ba821975eb4 sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:percentile . + + _:Nca9532c3dd0b421e95d0800b68e3442a sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment . + + _:Ncae19f1586924a439b37e75eb5b57ed4 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:modelExplainability . + + _:Ncb6c9deb0ba44382a0b957b7ea80228c rdf:first ; + rdf:rest _:Ne7cb91f8739a4acdb1e220785f261efb . + + _:Ncba4137ebcf84a728acd12bde91130e9 rdf:first ; + rdf:rest _:N8ec4229c1a674693bde766506ca93e87 . + + _:Ncc35596b6f164968b0bd35143cbc52ea rdf:first ; + rdf:rest _:N0dc54ccc3f8d4afe897d7be97f9f6928 . + + _:Nccde3ac271484f91b83ed5fb2e1d70c9 sh:class ns1:PresenceType ; + sh:in _:N0f568f8825144082a14a0e000b8ff13f ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:useSensitivePersonalInformation . + + _:Nce436d556d4e4606ba37d9ad32d22967 rdf:first ; + rdf:rest _:Ne5e123ab8f7d4aa4b35a7442690fe19d . + + _:Nce6e2333750a40619f2e93e40be35d7e sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:withdrawnTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Nce9a69dc19af4e1394f03174c67c5857 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Ncedd59bf4f1a4436ac8325d34d020df5 sh:hasValue ns6:ExtendableLicense . + + _:Ncf68ed04ac534a92808a38217fa55530 rdf:first ; + rdf:rest () . + + _:Ncff880d9e9c24887adcf512cbce2a444 rdf:first ; + rdf:rest _:Ne3e1ac11e78640fab50085207414679f . + + _:Nd05558aa816f416f8c26895bb8d1d9bb sh:class ns2:EnergyConsumptionDescription ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:inferenceEnergyConsumption . + + _:Nd0cfba2a98544626a8566f29105598e9 rdf:first ; + rdf:rest _:Na79e142094fb464da3de3ceb4108e4ff . + + _:Nd0d48abef81b4c44a952c0925a6e30a9 rdf:first ; + rdf:rest _:N9bb1cced9aa14e08b36ebf9f952b1d01 . + + _:Nd0ec388aab40469ab0a4297c30e0c906 rdf:first ; + rdf:rest _:N9c1ccbc2b86f454395a450f736b67eec . + + _:Nd11df36dd5014f759eab790e847b9857 sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:from . + + _:Nd1b797da281643468add752e036349fd rdf:first ; + rdf:rest _:N40bcef929ef64825a68929a36aefa27c . + + _:Nd2a11bb8a1a14a82994d02e9dd610275 sh:class ns1:Artifact ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:definingArtifact . + + _:Nd33af007bad14a4594f7039df1c5df75 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:licenseXml . + + _:Nd385c846dfa14371a0a3697f7168b4c1 sh:class ns2:EnergyConsumption ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:energyConsumption . + + _:Nd3d538fe1cb544b5808c51dffd844c81 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:standardLicenseTemplate . + + _:Nd6ca1bcbdc494e39a9c1a4da0c52a0b3 rdf:first ; + rdf:rest _:Nb81407b76fc94f228f1f5ad011d931a5 . + + _:Nd6f4245b3ebe44e6b100782b191deb97 sh:message "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not _:Nf58f6bed32c5414ca98526a5d6a7b6dc ; + sh:path rdf:type . + + _:Nd73c69088f734dffb4cc9539c637aecf rdf:first ; + rdf:rest () . + + _:Nd77657e0b19d459c931f64f48ed7e1a6 sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns6:seeAlso . + + _:Nd77e569c4d2d4d2c9bb29ea462bc94cc rdf:first ; + rdf:rest _:N39638ea4b52f4236b7a808cb979d2f4b . + + _:Nd83655f2100e4025b2eefd465fc154ab rdf:first ; + rdf:rest _:N0c3b30ca2bdf4cb1839bdc608bc41186 . + + _:Nd8679c5e3311467ca097a4151ac8fa54 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:validUntilTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Nd90adf23ae66491daa68ac6dd4501bdf rdf:first ; + rdf:rest _:N243ef6907efb40d38e00f4430d63fc19 . + + _:Nd91122440e7149a28656eb9394e082b2 rdf:first ; + rdf:rest _:Nb2f2a5ddadbe4718954d50737f92e201 . + + _:Nd951591fca6c47c2985dd159db6ad52c rdf:first ; + rdf:rest _:N4f7ca95fbfad4d20810e92ab09220394 . + + _:Nda71586c3c6541b4a6a907d316dca405 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path . + + _:Nda791debefe5491aa84d61433873c630 sh:class ns1:SupportType ; + sh:in _:N1a0279389d714631b1d12935e9f2b014 ; + sh:nodeKind sh:IRI ; + sh:path ns1:supportLevel . + + _:Ndaeba75fb43b4db7b777e9b00ecd7064 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:deprecatedVersion . + + _:Ndb06ff981cef4e94bfdbec22badacd4d sh:class ns1:PresenceType ; + sh:in _:N0e4d30a5dd60459dbbb5efc7333deb37 ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:hasSensitivePersonalInformation . + + _:Ndb31c53559be41e0b28e79b74da0b557 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:releaseTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Ndb50eefe33ac4feda6cfb13073b5324e rdf:first ; + rdf:rest _:N8b86dbc23a22407a9380fbd9376d3b83 . + + _:Ndbf7c5384f2242b98dd62b6a8d6a503f rdf:first ; + rdf:rest () . + + _:Ndbfe3b48ba714fb990a0e903863ea1ed sh:hasValue ns1:Artifact . + + _:Ndc4add4edebe43f4821fb10dd712e481 rdf:first ; + rdf:rest _:N8a37deb026864cdca312209746e2caaa . + + _:Ndc4f18efad334d78a498ea9df84fbd02 sh:class ns1:NamespaceMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:namespaceMap . + + _:Ndc659c8552d54ab684aadbdacdbd7a8d rdf:first ; + rdf:rest _:Nf142b126cd744b69be8d6c35ee1361e4 . + + _:Ndcdb30d7deca45a8bc3e563144933f0e rdf:first ; + rdf:rest _:N6be5db9035a14b779b13bfa0a5a51c3e . + + _:Nddcc9ac569c4442b894f208d7722b4f8 sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:locator . + + _:Ndde9f898797c42b989ef522557debf64 sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns6:seeAlso . + + _:Ndfe4dc1d7d574b10a92ee8955837ad9d rdf:first ; + rdf:rest _:N0e31c4b45c4b442e9f1d32ab917a76ae . + + _:Ne03121e956234709bc0f8f288597ff50 sh:class ns3:SoftwarePurpose ; + sh:in _:N261c61aa119e4f4e9ce3c9387fb29c9f ; + sh:nodeKind sh:IRI ; + sh:path ns3:additionalPurpose . + + _:Ne06f01bddfb24f69a9e1c0ba9694b11d rdf:first ; + rdf:rest () . + + _:Ne0ff4ba19d0a41c18c6ccfc733f2193d rdf:first ; + rdf:rest _:N4e1bd25f594a483ab492b4c24a5748eb . + + _:Ne11c75cafdb0438299216847b06716cf sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:publishedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Ne1917fc7b2894ab7a09e78e8e8b21989 rdf:first ; + rdf:rest _:Nbc8ae53aacf942ca88840a6c1d655d6c . + + _:Ne20cfbefa1424ba79abfc89287f1eef3 sh:class ns1:Hash ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path . + + _:Ne21f363965114243b81ce67f76575de3 rdf:first ; + rdf:rest _:Nf6541e98d99947d9a7ccb49088b43ea0 . + + _:Ne223bb746dc9463bbbe16ca844619e98 rdf:first ; + rdf:rest _:N45481eab750645b4929b7b63c8ca7916 . + + _:Ne3b40c9739164b2eb0ae163374d9c4ac sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:rootElement . + + _:Ne3e1ac11e78640fab50085207414679f rdf:first ; + rdf:rest _:N510a0fe04f844da5bb96208d9e6a563c . + + _:Ne41f054fce23460dba46863153e67567 sh:hasValue ns1:IntegrityMethod . + + _:Ne4baf3becb8740a79f8bceb49f40679f rdf:first ; + rdf:rest _:Nd91122440e7149a28656eb9394e082b2 . + + _:Ne5e123ab8f7d4aa4b35a7442690fe19d rdf:first ; + rdf:rest _:N072d6f5c7eee40859e3a93d05034536f . + + _:Ne64dea82135241279d97934d928f2d35 rdf:first ; + rdf:rest _:Nbf6c9a626dad41fa8a0422cb3ddab7a3 . + + _:Ne68051bb209048da9a57bc5dbaf28bf0 sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:withdrawnTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" . + + _:Ne70b85feb564419597741ca637d61d03 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path . + + _:Ne7777394524c4639973161dd3aff2db3 rdf:first ; + rdf:rest _:N33da303c78e142a2acc0db12f3ee6686 . + + _:Ne778a773be4f408192f2ed37c6143a5d sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path . + + _:Ne7cb91f8739a4acdb1e220785f261efb rdf:first ; + rdf:rest _:N38aeb59117654398b393a546eaaa5fd9 . + + _:Ne81afbff18a74c75ac853da24ab327a0 sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ns6:member . + + _:Ne820a8ec67114d53b03a71f5f7be31f5 sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:locator . + + _:Ne883dfda4a7445ceb1e70f39ddd03fea sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment . + + _:Ne93ae5d0cb664d7ab2554eaa72a23f25 rdf:first ; + rdf:rest _:Ne94d7f462c66468a8c52086b6b54de89 . + + _:Ne94d7f462c66468a8c52086b6b54de89 rdf:first ; + rdf:rest _:Nb07efffce0ba43a2bcac0e3a90a48609 . + + _:Ne976bc717eb6446291a939038610ee2c rdf:first ; + rdf:rest _:Nc5485992ed4e4cbea07fa6d87ee716ac . + + _:Nebecc80c7e4045d1b3ad15ab0c1d04ec sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:externalSpdxId . + + _:Nece0b4f721a847f98727202b50f4a753 rdf:first ; + rdf:rest _:N210fbcf85b384009a2cee68e4a7e6b78 . + + _:Ned1f0afb78d3460c9478383abf3da36b rdf:first ; + rdf:rest _:Na8cf54eee3ac40cca0ed6cfdaef6a576 . + + _:Nedaa28cbd856413e95e7805cf2d255dd rdf:first ; + rdf:rest _:N2f8145031850475ba01bc466221debed . + + _:Nef3e82bf7eac41aa8dc101eabd0f1815 rdf:first ; + rdf:rest _:N4ac93d52ef544d5cb73aeaeb279b7567 . + + _:Neff5f08fa9fd4aaeb51026e2484443c7 rdf:first ; + rdf:rest _:N16cb468a2dcd423bb3654b71a6f00062 . + + _:Nf028d12b2d0f4f6cb20747b6b39a8b5b rdf:first ; + rdf:rest _:Ncb6c9deb0ba44382a0b957b7ea80228c . + + _:Nf0752cee7bef48efaa39267516a6b21a sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns4:knownBias . + + _:Nf10e65ca64f84003827c23ef339743e5 rdf:first ; + rdf:rest _:Ne1917fc7b2894ab7a09e78e8e8b21989 . + + _:Nf142b126cd744b69be8d6c35ee1361e4 rdf:first ; + rdf:rest _:N5b2e4dda703849e4933338ff0970e968 . + + _:Nf21725c3245f4286b67bd679d3351c59 rdf:first ; + rdf:rest _:N916e8c3c85774fcd96b700a20240ca75 . + + _:Nf26016059c3e414da185e30155b543f5 sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:extension . + + _:Nf284f365ba5c4e4da40d7d7900d82744 sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:probability . + + _:Nf3c62ca118b94d17a1ef6b04e407421c rdf:first ; + rdf:rest _:N186b972a57284ae1946b3f7d8e762830 . + + _:Nf3dfbb7f98e84c61b58f5b17e3ae9f19 rdf:first ; + rdf:rest _:N565a78360e28494ea80897aadf944c0c . + + _:Nf41c7f62f52f4c10b14344ec13dfe1e5 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:informationAboutApplication . + + _:Nf44042158d4d4c85a5bd6a0fcb538498 sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endIntegerRange . + + _:Nf4609fa7f53e4898a47341b507b5e03e rdf:first ; + rdf:rest () . + + _:Nf4e0c03b381d4fb584571d8fdd2ca0a7 rdf:first ; + rdf:rest _:Nc15495aea74e4883afce40f042a057d5 . + + _:Nf507b9bee5ae4254bafe4ce3c72a9f18 sh:class ns3:SoftwareArtifact ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:assessedElement . + + _:Nf5531d9c16ff4f589dff19f480634c29 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" . + + _:Nf58f6bed32c5414ca98526a5d6a7b6dc sh:hasValue . + + _:Nf593d6da70614e2581430bd37d9cd4ef rdf:first ; + rdf:rest _:N132cde65c9b14a1694d400388aecf0cc . + + _:Nf6541e98d99947d9a7ccb49088b43ea0 rdf:first ; + rdf:rest _:N931294357284457f9a6f643757b29e72 . + + _:Nf6a05248229d4fe292d04534a4c4573d rdf:first ; + rdf:rest _:N83935261300041758021c5a3fbdae6c0 . + + _:Nf6f1751e3ea84341bdeec66f7c44a8ce rdf:first ; + rdf:rest _:N0c49370c41124d50ac6081418cb2432d . + + _:Nf71f6300b14a4726a20ffad899bed919 sh:class ns1:ExternalIdentifierType ; + sh:in _:N2aa73eafba6f4d55938fb60c96ff2379 ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalIdentifierType . + + _:Nf7e1508801cf4398b830fad84fe53388 rdf:first ; + rdf:rest _:N62b8677868664944abc9f19745aed957 . + + _:Nf7fd042770064703a84cd9039273e4f7 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:specVersion ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" . + + _:Nf81435c80dee4c1db825f1917f62e947 rdf:first ; + rdf:rest _:N507c6135f8424e8db67fe59ae93eb464 . + + _:Nf94717c65e4f4b86b4df261ecf26650d rdf:first ; + rdf:rest () . + + _:Nf9bf03371d92462f91a54baa946fd625 sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns3:lineRange . + + _:Nfa72871f5924444491d18910ec431abb rdf:first ; + rdf:rest () . + + _:Nfb655ff9dcc6442baa6046d411f0624c rdf:first ; + rdf:rest _:N8711a8ae5ca942d1bbd795a0144ca9a7 . + + _:Nfbb5f5e996be44989d31d47d46540443 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:copyrightText . + + _:Nfbd3df443088485abe551fc6374a3c4c rdf:first ; + rdf:rest _:N1256cfafa26e453a9d5f8b08cc5920d7 . + + _:Nfbd5a9c0923c423a84d0bb8fef89f4a3 rdf:first ; + rdf:rest _:Nadc18a90b6ca4cc3af0fb2aa7418dda8 . + + _:Nfc3f4dc279d7471b83aa1a9df09f8d3f rdf:first ; + rdf:rest _:N64a80dfe5e954cf59753ab8a96e4eff3 . + + _:Nfc8b91023a9e4e08ae989e08b6c0b9ec rdf:first ; + rdf:rest _:Nf7e1508801cf4398b830fad84fe53388 . + + _:Nfcc30e48020d4dd2b3493a0cd55ea457 sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:score . + + _:Nfd592b5830bc43009e433a4172fb036b rdf:first ; + rdf:rest _:N9b9dc778bc5c415fad7f82cf4f6047d2 . + + _:Nfe1814d375d7456e843deb8cde1cf341 sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isDeprecatedAdditionId . + + _:Nff33e8337dc8421d9e74b338e35a75d5 sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:name . + + _:Nff8e6ed55f604249b913b2bbc6d8411d sh:hasValue ns3:SoftwareArtifact . + + _:Nff9c0c2a18f24f76bfa32806ec48ce59 rdf:first ; + rdf:rest _:N64ae0543871444f6b7d2a497fcf55186 . +} + diff --git a/rdf/spdx-model.ttl b/rdf/spdx-model.ttl new file mode 100644 index 0000000000..0af62b8cf1 --- /dev/null +++ b/rdf/spdx-model.ttl @@ -0,0 +1,3331 @@ +@prefix dcterms: . +@prefix ns1: . +@prefix ns2: . +@prefix ns3: . +@prefix ns4: . +@prefix ns5: . +@prefix ns6: . +@prefix omg-ann: . +@prefix owl: . +@prefix rdf: . +@prefix rdfs: . +@prefix sh: . +@prefix spdx: . +@prefix xsd: . + +ns2:AIPackage a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies an AI package and its associated information."@en ; + rdfs:subClassOf ns3:Package ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:informationAboutTraining ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:metric ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:domain ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:standardCompliance ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:modelDataPreprocessing ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:hyperparameter ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:typeOfModel ], + [ sh:class ns1:PresenceType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:autonomyType ], + [ sh:class ns2:SafetyRiskAssessmentType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:safetyRiskAssessment ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:limitation ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:metricDecisionThreshold ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns2:modelExplainability ], + [ sh:class ns1:PresenceType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:useSensitivePersonalInformation ], + [ sh:class ns2:EnergyConsumption ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:energyConsumption ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:informationAboutApplication ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "Class that describes a build instance of software/artifacts."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Hash ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ] . + +ns1:Annotation a owl:Class, + sh:NodeShape ; + rdfs:comment "An assertion made in relation to one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ], + [ sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:subject ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:statement ], + [ sh:class ns1:AnnotationType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:annotationType ] . + +ns1:LifecycleScopedRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provide context for a relationship that occurs in the lifecycle."@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:LifecycleScopeType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:scope ] . + +ns1:NoAssertionElement a owl:NamedIndividual, + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements of unknown +identify or cardinality (number)."""@en ; + ns1:creationInfo . + +ns1:NoneElement a owl:NamedIndividual, + ns1:IndividualElement ; + rdfs:comment """An Individual Value for Element representing a set of Elements with +cardinality (number/count) of zero."""@en ; + ns1:creationInfo . + +ns1:PackageVerificationCode a owl:Class, + sh:NodeShape ; + rdfs:comment "An SPDX version 2.X compatible verification method for software packages."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:HashAlgorithm ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:packageVerificationCodeExcludedFile ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue ] . + +ns1:Person a owl:Class ; + rdfs:comment "An individual human being."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + +ns1:SoftwareAgent a owl:Class ; + rdfs:comment "A software agent."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + +ns1:SpdxDocument a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements that could potentially be serialized."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:ExternalMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:import ], + [ sh:class ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:dataLicense ], + [ sh:class ns1:NamespaceMap ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:namespaceMap ] . + +ns4:DatasetPackage a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies a data package and its associated information."@en ; + rdfs:subClassOf ns3:Package ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns4:ConfidentialityLevelType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:confidentialityLevel ], + [ sh:datatype xsd:nonNegativeInteger ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:datasetSize ], + [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns4:sensor ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:datasetNoise ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:intendedUse ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns4:anonymizationMethodUsed ], + [ sh:class ns4:DatasetType ; + sh:in ( ) ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:datasetType ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:datasetUpdateMechanism ], + [ sh:class ns4:DatasetAvailabilityType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:datasetAvailability ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns4:dataPreprocessing ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns4:dataCollectionProcess ], + [ sh:class ns1:PresenceType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns4:hasSensitivePersonalInformation ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns4:knownBias ] . + +ns6:ConjunctiveLicenseSet a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information +where all elements apply."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ns6:member ] . + +ns6:CustomLicense a owl:Class ; + rdfs:comment "A license that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ns6:License ; + sh:nodeKind sh:IRI . + +ns6:CustomLicenseAddition a owl:Class ; + rdfs:comment "A license addition that is not listed on the SPDX Exceptions List."@en ; + rdfs:subClassOf ns6:LicenseAddition ; + sh:nodeKind sh:IRI . + +ns6:DisjunctiveLicenseSet a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information where +only one of the elements applies."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ; + sh:minCount 2 ; + sh:nodeKind sh:IRI ; + sh:path ns6:member ] . + +ns6:ListedLicense a owl:Class, + sh:NodeShape ; + rdfs:comment "A license that is listed on the SPDX License List."@en ; + rdfs:subClassOf ns6:License ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:listVersionAdded ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:deprecatedVersion ] . + +ns6:ListedLicenseException a owl:Class, + sh:NodeShape ; + rdfs:comment "A license exception that is listed on the SPDX Exceptions list."@en ; + rdfs:subClassOf ns6:LicenseAddition ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:listVersionAdded ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:deprecatedVersion ] . + +ns6:NoAssertionLicense a owl:NamedIndividual, + ns6:IndividualLicensingInfo ; + rdfs:comment """An Individual Value for License when no assertion can be made about its actual +value."""@en ; + owl:sameAs ; + ns1:creationInfo . + +ns6:NoneLicense a owl:NamedIndividual, + ns6:IndividualLicensingInfo ; + rdfs:comment """An Individual Value for License where the SPDX data creator determines that no +license is present."""@en ; + owl:sameAs ; + ns1:creationInfo . + +ns6:OrLaterOperator a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing this version, or any later version, +of the indicated License."""@en ; + rdfs:subClassOf ns6:ExtendableLicense ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns6:License ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns6:subjectLicense ] . + +ns6:WithAdditionOperator a owl:Class, + sh:NodeShape ; + rdfs:comment """Portion of an AnyLicenseInfo representing a License which has additional +text applied to it."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns6:ExtendableLicense ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns6:subjectExtendableLicense ], + [ sh:class ns6:LicenseAddition ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns6:subjectAddition ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A type of extension consisting of a list of name value pairs."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ] . + +ns5:CvssV2VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 2.0 assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:score ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vectorString ] . + +ns5:CvssV3VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 3 assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vectorString ], + [ sh:class ns5:CvssSeverityType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:severity ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:score ] . + +ns5:CvssV4VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides a CVSS version 4 assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns5:CvssSeverityType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:severity ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:score ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vectorString ] . + +ns5:EpssVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an EPSS assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:percentile ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:probability ] . + +ns5:ExploitCatalogVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an exploit assessment of a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:exploited ], + [ sh:class ns5:ExploitCatalogType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:catalogType ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:locator ] . + +ns5:SsvcVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an SSVC assessment for a vulnerability."@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns5:SsvcDecisionType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:decisionType ] . + +ns5:VexAffectedVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment """Connects a vulnerability and an element designating the element as a product +affected by the vulnerability."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:actionStatementTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:actionStatement ] . + +ns5:VexFixedVulnAssessmentRelationship a owl:Class ; + rdfs:comment """Links a vulnerability and elements representing products (in the VEX sense) where +a fix has been applied and are no longer affected."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI . + +ns5:VexNotAffectedVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment """Links a vulnerability and one or more elements designating the latter as products +not affected by the vulnerability."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:impactStatement ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:impactStatementTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns5:VexJustificationType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:justificationType ] . + +ns5:VexUnderInvestigationVulnAssessmentRelationship a owl:Class ; + rdfs:comment """Designates elements as products where the impact of a vulnerability is being +investigated."""@en ; + rdfs:subClassOf ns5:VexVulnAssessmentRelationship ; + sh:nodeKind sh:IRI . + +ns5:Vulnerability a owl:Class, + sh:NodeShape ; + rdfs:comment "Specifies a vulnerability and its associated information."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:modifiedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:publishedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:withdrawnTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "An SPDX Element containing an SPDX license expression string."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:DictionaryEntry ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" ] . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A license or addition that is not listed on the SPDX License List."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + +ns3:Sbom a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of SPDX Elements describing a single package."@en ; + rdfs:subClassOf ns1:Bom ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns3:SbomType ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ns3:sbomType ] . + +ns3:Snippet a owl:Class, + sh:NodeShape ; + rdfs:comment "Describes a certain part of a file."@en ; + rdfs:subClassOf ns3:SoftwareArtifact ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns3:byteRange ], + [ sh:class ns3:File ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:snippetFromFile ], + [ sh:class ns1:PositiveIntegerRange ; + sh:maxCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns3:lineRange ] . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + + a ns1:CreationInfo ; + rdfs:comment "This individual element was defined by the spec."@en ; + ns1:created "2024-11-22T03:00:01Z"^^xsd:dateTimeStamp ; + ns1:createdBy ns1:SpdxOrganization ; + ns1:specVersion "3.0.1" . + +spdx: a owl:Ontology ; + rdfs:label "System Package Data Exchange (SPDX) Ontology"@en ; + dcterms:abstract "This ontology defines the terms and relationships used in the SPDX specification to describe system packages"@en ; + dcterms:created "2024-04-05"^^xsd:date ; + dcterms:creator "SPDX Project"@en ; + dcterms:license ; + dcterms:references ; + dcterms:title "System Package Data Exchange (SPDX) Ontology"@en ; + owl:versionIRI spdx: ; + omg-ann:copyright "Copyright (C) 2024 SPDX Project"@en . + + a owl:NamedIndividual, + ns2:EnergyUnitType ; + rdfs:label "kilowattHour" ; + rdfs:comment "Kilowatt-hour."@en . + + a owl:NamedIndividual, + ns2:EnergyUnitType ; + rdfs:label "megajoule" ; + rdfs:comment "Megajoule."@en . + + a owl:NamedIndividual, + ns2:EnergyUnitType ; + rdfs:label "other" ; + rdfs:comment "Any other units of energy measurement."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "high" ; + rdfs:comment "The second-highest level of risk posed by an AI system."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "low" ; + rdfs:comment "Low/no risk is posed by an AI system."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "medium" ; + rdfs:comment "The third-highest level of risk posed by an AI system."@en . + + a owl:NamedIndividual, + ns2:SafetyRiskAssessmentType ; + rdfs:label "serious" ; + rdfs:comment "The highest level of risk posed by an AI system."@en . + +ns2:autonomyType a owl:ObjectProperty ; + rdfs:comment """Indicates whether the system can perform a decision or action without human +involvement or guidance."""@en ; + rdfs:range ns1:PresenceType . + +ns2:domain a owl:DatatypeProperty ; + rdfs:comment "Captures the domain in which the AI package can be used."@en ; + rdfs:range xsd:string . + +ns2:energyConsumption a owl:ObjectProperty ; + rdfs:comment "Indicates the amount of energy consumption incurred by an AI model."@en ; + rdfs:range ns2:EnergyConsumption . + +ns2:energyQuantity a owl:DatatypeProperty ; + rdfs:comment "Represents the energy quantity."@en ; + rdfs:range xsd:decimal . + +ns2:energyUnit a owl:ObjectProperty ; + rdfs:comment "Specifies the unit in which energy is measured."@en ; + rdfs:range ns2:EnergyUnitType . + +ns2:finetuningEnergyConsumption a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when finetuning the AI model that is +being used in the AI system."""@en ; + rdfs:range ns2:EnergyConsumptionDescription . + +ns2:hyperparameter a owl:ObjectProperty ; + rdfs:comment """Records a hyperparameter used to build the AI model contained in the AI +package."""@en ; + rdfs:range ns1:DictionaryEntry . + +ns2:inferenceEnergyConsumption a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed during inference time by an AI model +that is being used in the AI system."""@en ; + rdfs:range ns2:EnergyConsumptionDescription . + +ns2:informationAboutApplication a owl:DatatypeProperty ; + rdfs:comment """Provides relevant information about the AI software, not including the model +description."""@en ; + rdfs:range xsd:string . + +ns2:informationAboutTraining a owl:DatatypeProperty ; + rdfs:comment "Describes relevant information about different steps of the training process."@en ; + rdfs:range xsd:string . + +ns2:limitation a owl:DatatypeProperty ; + rdfs:comment "Captures a limitation of the AI software."@en ; + rdfs:range xsd:string . + +ns2:metric a owl:ObjectProperty ; + rdfs:comment "Records the measurement of prediction quality of the AI model."@en ; + rdfs:range ns1:DictionaryEntry . + +ns2:metricDecisionThreshold a owl:ObjectProperty ; + rdfs:comment """Captures the threshold that was used for computation of a metric described in +the metric field."""@en ; + rdfs:range ns1:DictionaryEntry . + +ns2:modelDataPreprocessing a owl:DatatypeProperty ; + rdfs:comment """Describes all the preprocessing steps applied to the training data before the +model training."""@en ; + rdfs:range xsd:string . + +ns2:modelExplainability a owl:DatatypeProperty ; + rdfs:comment "Describes methods that can be used to explain the results from the AI model."@en ; + rdfs:range xsd:string . + +ns2:safetyRiskAssessment a owl:ObjectProperty ; + rdfs:comment "Records the results of general safety risk assessment of the AI system."@en ; + rdfs:range ns2:SafetyRiskAssessmentType . + +ns2:standardCompliance a owl:DatatypeProperty ; + rdfs:comment "Captures a standard that is being complied with."@en ; + rdfs:range xsd:string . + +ns2:trainingEnergyConsumption a owl:ObjectProperty ; + rdfs:comment """Specifies the amount of energy consumed when training the AI model that is +being used in the AI system."""@en ; + rdfs:range ns2:EnergyConsumptionDescription . + +ns2:typeOfModel a owl:DatatypeProperty ; + rdfs:comment "Records the type of the model used in the AI software."@en ; + rdfs:range xsd:string . + +ns2:useSensitivePersonalInformation a owl:ObjectProperty ; + rdfs:comment """Records if sensitive personal information is used during model training or +could be used during the inference."""@en ; + rdfs:range ns1:PresenceType . + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the time at which a build stops."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment """A buildId is a locally unique identifier used by a builder to identify a unique +instance of a build produced by it."""@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Property describing the start time of a build."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment """A buildType is a hint that is used to indicate the toolchain, platform, or +infrastructure that the build was invoked on."""@en ; + rdfs:range xsd:anyURI . + + a owl:ObjectProperty ; + rdfs:comment """Property that describes the digest of the build configuration file used to +invoke a build."""@en ; + rdfs:range ns1:Hash . + + a owl:DatatypeProperty ; + rdfs:comment "Property describes the invocation entrypoint of a build."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "Property that describes the URI of the build configuration source file."@en ; + rdfs:range xsd:anyURI . + + a owl:ObjectProperty ; + rdfs:comment "Property describing the session in which a build is invoked."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:ObjectProperty ; + rdfs:comment "Property describing a parameter used in an instance of a build."@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:NamedIndividual, + ns1:AnnotationType ; + rdfs:label "other" ; + rdfs:comment "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element)."@en . + + a owl:NamedIndividual, + ns1:AnnotationType ; + rdfs:label "review" ; + rdfs:comment "Used when someone reviews the Element."@en . + +ns1:Bom a owl:Class ; + rdfs:comment """A container for a grouping of SPDX-3.0 content characterizing details +(provenence, composition, licensing, etc.) about a product."""@en ; + rdfs:subClassOf ns1:Bundle ; + sh:nodeKind sh:IRI . + +ns1:Bundle a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of Elements that have a shared context."@en ; + rdfs:subClassOf ns1:ElementCollection ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:context ] . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cpe22" ; + rdfs:comment "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)"@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cpe23" ; + rdfs:comment "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)"@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "cve" ; + rdfs:comment "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id)."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "email" ; + rdfs:comment "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "packageUrl" ; + rdfs:comment "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "securityOther" ; + rdfs:comment "Used when there is a security related identifier of unspecified type."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "swid" ; + rdfs:comment "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3."@en . + + a owl:NamedIndividual, + ns1:ExternalIdentifierType ; + rdfs:label "urlScheme" ; + rdfs:comment "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "altDownloadLocation" ; + rdfs:comment "A reference to an alternative download location."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "altWebPage" ; + rdfs:comment "A reference to an alternative web page."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "binaryArtifact" ; + rdfs:comment "A reference to binary artifacts related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "bower" ; + rdfs:comment "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "buildMeta" ; + rdfs:comment "A reference build metadata related to a published package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "buildSystem" ; + rdfs:comment "A reference build system used to create or publish the package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "certificationReport" ; + rdfs:comment "A reference to a certification report for a package from an accredited/independent body."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "chat" ; + rdfs:comment "A reference to the instant messaging system used by the maintainer for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "componentAnalysisReport" ; + rdfs:comment "A reference to a Software Composition Analysis (SCA) report."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "cwe" ; + rdfs:comment "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "documentation" ; + rdfs:comment "A reference to the documentation for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "dynamicAnalysisReport" ; + rdfs:comment "A reference to a dynamic analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "eolNotice" ; + rdfs:comment "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "exportControlAssessment" ; + rdfs:comment "A reference to a export control assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "funding" ; + rdfs:comment "A reference to funding information related to a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "issueTracker" ; + rdfs:comment "A reference to the issue tracker for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "license" ; + rdfs:comment "A reference to additional license information related to an artifact."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "mailingList" ; + rdfs:comment "A reference to the mailing list used by the maintainer for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "mavenCentral" ; + rdfs:comment "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "metrics" ; + rdfs:comment "A reference to metrics related to package such as OpenSSF scorecards."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "npm" ; + rdfs:comment "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "nuget" ; + rdfs:comment "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "other" ; + rdfs:comment "Used when the type does not match any of the other options."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "privacyAssessment" ; + rdfs:comment "A reference to a privacy assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "productMetadata" ; + rdfs:comment "A reference to additional product metadata such as reference within organization's product catalog."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "purchaseOrder" ; + rdfs:comment "A reference to a purchase order for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "qualityAssessmentReport" ; + rdfs:comment "A reference to a quality assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "releaseHistory" ; + rdfs:comment "A reference to a published list of releases for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "releaseNotes" ; + rdfs:comment "A reference to the release notes for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "riskAssessment" ; + rdfs:comment "A reference to a risk assessment for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "runtimeAnalysisReport" ; + rdfs:comment "A reference to a runtime analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "secureSoftwareAttestation" ; + rdfs:comment "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityAdversaryModel" ; + rdfs:comment "A reference to the security adversary model for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityAdvisory" ; + rdfs:comment "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityFix" ; + rdfs:comment "A reference to the patch or source code that fixes a vulnerability."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityOther" ; + rdfs:comment "A reference to related security information of unspecified type."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityPenTestReport" ; + rdfs:comment "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityPolicy" ; + rdfs:comment "A reference to instructions for reporting newly discovered security vulnerabilities for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "securityThreatModel" ; + rdfs:comment "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "socialMedia" ; + rdfs:comment "A reference to a social media channel for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "sourceArtifact" ; + rdfs:comment "A reference to an artifact containing the sources for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "staticAnalysisReport" ; + rdfs:comment "A reference to a static analysis report for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "support" ; + rdfs:comment "A reference to the software support channel or other support information for a package."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vcs" ; + rdfs:comment "A reference to a version control system related to a software artifact."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vulnerabilityDisclosureReport" ; + rdfs:comment "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final)."@en . + + a owl:NamedIndividual, + ns1:ExternalRefType ; + rdfs:label "vulnerabilityExploitabilityAssessment" ; + rdfs:comment "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf)."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "build" ; + rdfs:comment "A relationship has specific context implications during an element's build phase, during development."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "design" ; + rdfs:comment "A relationship has specific context implications during an element's design."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "development" ; + rdfs:comment "A relationship has specific context implications during development phase of an element."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "other" ; + rdfs:comment "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "runtime" ; + rdfs:comment "A relationship has specific context implications during the execution phase of an element."@en . + + a owl:NamedIndividual, + ns1:LifecycleScopeType ; + rdfs:label "test" ; + rdfs:comment "A relationship has specific context implications during an element's testing phase, during development."@en . + +ns1:Organization a owl:Class ; + rdfs:comment "A group of people who work together in an organized way for a shared purpose."@en ; + rdfs:subClassOf ns1:Agent ; + sh:nodeKind sh:IRI . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "ai" ; + rdfs:comment "the element follows the AI profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "build" ; + rdfs:comment "the element follows the Build profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "core" ; + rdfs:comment "the element follows the Core profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "dataset" ; + rdfs:comment "the element follows the Dataset profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "expandedLicensing" ; + rdfs:comment "the element follows the ExpandedLicensing profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "extension" ; + rdfs:comment "the element follows the Extension profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "lite" ; + rdfs:comment "the element follows the Lite profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "security" ; + rdfs:comment "the element follows the Security profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "simpleLicensing" ; + rdfs:comment "the element follows the SimpleLicensing profile specification"@en . + + a owl:NamedIndividual, + ns1:ProfileIdentifierType ; + rdfs:label "software" ; + rdfs:comment "the element follows the Software profile specification"@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "complete" ; + rdfs:comment "The relationship is known to be exhaustive."@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "incomplete" ; + rdfs:comment "The relationship is known not to be exhaustive."@en . + + a owl:NamedIndividual, + ns1:RelationshipCompleteness ; + rdfs:label "noAssertion" ; + rdfs:comment "No assertion can be made about the completeness of the relationship."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "affects" ; + rdfs:comment "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "amendedBy" ; + rdfs:comment "The `from` Element is amended by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "ancestorOf" ; + rdfs:comment "The `from` Element is an ancestor of each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "availableFrom" ; + rdfs:comment "The `from` Element is available from the additional supplier described by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "configures" ; + rdfs:comment "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "contains" ; + rdfs:comment "The `from` Element contains each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "coordinatedBy" ; + rdfs:comment "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "copiedTo" ; + rdfs:comment "The `from` Element has been copied to each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "delegatedTo" ; + rdfs:comment "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "dependsOn" ; + rdfs:comment "The `from` Element depends on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "descendantOf" ; + rdfs:comment "The `from` Element is a descendant of each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "describes" ; + rdfs:comment "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "doesNotAffect" ; + rdfs:comment "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "expandsTo" ; + rdfs:comment "The `from` archive expands out as an artifact described by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "exploitCreatedBy" ; + rdfs:comment "The `from` Vulnerability has had an exploit created against it by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "fixedBy" ; + rdfs:comment "Designates a `from` Vulnerability has been fixed by the `to` Agent(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "fixedIn" ; + rdfs:comment "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "foundBy" ; + rdfs:comment "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "generates" ; + rdfs:comment "The `from` Element generates each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAddedFile" ; + rdfs:comment "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAssessmentFor" ; + rdfs:comment "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasAssociatedVulnerability" ; + rdfs:comment "Used to associate a `from` Artifact with each `to` Vulnerability."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasConcludedLicense" ; + rdfs:comment "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDataFile" ; + rdfs:comment "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDeclaredLicense" ; + rdfs:comment "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDeletedFile" ; + rdfs:comment "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDependencyManifest" ; + rdfs:comment "The `from` Element has manifest files that contain dependency information in each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDistributionArtifact" ; + rdfs:comment "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDocumentation" ; + rdfs:comment "The `from` Element is documented by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasDynamicLink" ; + rdfs:comment "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasEvidence" ; + rdfs:comment "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasExample" ; + rdfs:comment "Every `to` Element is an example for the `from` Element (`from` hasExample `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasHost" ; + rdfs:comment "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasInput" ; + rdfs:comment "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasMetadata" ; + rdfs:comment "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOptionalComponent" ; + rdfs:comment "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOptionalDependency" ; + rdfs:comment "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasOutput" ; + rdfs:comment "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasPrerequisite" ; + rdfs:comment "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasProvidedDependency" ; + rdfs:comment "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasRequirement" ; + rdfs:comment "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasSpecification" ; + rdfs:comment "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasStaticLink" ; + rdfs:comment "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasTest" ; + rdfs:comment "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasTestCase" ; + rdfs:comment "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "hasVariant" ; + rdfs:comment "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "invokedBy" ; + rdfs:comment "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "modifiedBy" ; + rdfs:comment "The `from` Element is modified by each `to` Element."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "other" ; + rdfs:comment "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "packagedBy" ; + rdfs:comment "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "patchedBy" ; + rdfs:comment "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "publishedBy" ; + rdfs:comment "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "reportedBy" ; + rdfs:comment "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "republishedBy" ; + rdfs:comment "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "serializedInArtifact" ; + rdfs:comment "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "testedOn" ; + rdfs:comment "The `from` Element has been tested on the `to` Element(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "trainedOn" ; + rdfs:comment "The `from` Element has been trained on the `to` Element(s)."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "underInvestigationFor" ; + rdfs:comment "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships."@en . + + a owl:NamedIndividual, + ns1:RelationshipType ; + rdfs:label "usesTool" ; + rdfs:comment "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "deployed" ; + rdfs:comment "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "development" ; + rdfs:comment "the artifact is in active development and is not considered ready for formal support from the supplier."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "endOfSupport" ; + rdfs:comment "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "limitedSupport" ; + rdfs:comment "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "noAssertion" ; + rdfs:comment "no assertion about the type of support is made. This is considered the default if no other support type is used."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "noSupport" ; + rdfs:comment "there is no support for the artifact from the supplier, consumer assumes any support obligations."@en . + + a owl:NamedIndividual, + ns1:SupportType ; + rdfs:label "support" ; + rdfs:comment "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support."@en . + +ns1:annotationType a owl:ObjectProperty ; + rdfs:comment "Describes the type of annotation."@en ; + rdfs:range ns1:AnnotationType . + +ns1:beginIntegerRange a owl:DatatypeProperty ; + rdfs:comment "Defines the beginning of a range."@en ; + rdfs:range xsd:positiveInteger . + +ns1:builtTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was built."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:completeness a owl:ObjectProperty ; + rdfs:comment "Provides information about the completeness of relationships."@en ; + rdfs:range ns1:RelationshipCompleteness . + +ns1:context a owl:DatatypeProperty ; + rdfs:comment """Gives information about the circumstances or unifying properties +that Elements of the bundle have been assembled under."""@en ; + rdfs:range xsd:string . + +ns1:created a owl:DatatypeProperty ; + rdfs:comment "Identifies when the Element was originally created."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:createdBy a owl:ObjectProperty ; + rdfs:comment "Identifies who or what created the Element."@en ; + rdfs:range ns1:Agent . + +ns1:createdUsing a owl:ObjectProperty ; + rdfs:comment "Identifies the tooling that was used during the creation of the Element."@en ; + rdfs:range ns1:Tool . + +ns1:creationInfo a owl:ObjectProperty ; + rdfs:comment "Provides information about the creation of the Element."@en ; + rdfs:range ns1:CreationInfo . + +ns1:dataLicense a owl:ObjectProperty ; + rdfs:comment """Provides the license under which the SPDX documentation of the Element can be +used."""@en ; + rdfs:range . + +ns1:definingArtifact a owl:ObjectProperty ; + rdfs:comment """Artifact representing a serialization instance of SPDX data containing the +definition of a particular Element."""@en ; + rdfs:range ns1:Artifact . + +ns1:description a owl:DatatypeProperty ; + rdfs:comment "Provides a detailed description of the Element."@en ; + rdfs:range xsd:string . + +ns1:element a owl:ObjectProperty ; + rdfs:comment "Refers to one or more Elements that are part of an ElementCollection."@en ; + rdfs:range ns1:Element . + +ns1:endIntegerRange a owl:DatatypeProperty ; + rdfs:comment "Defines the end of a range."@en ; + rdfs:range xsd:positiveInteger . + +ns1:endTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is no longer applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:extension a owl:ObjectProperty ; + rdfs:comment "Specifies an Extension characterization of some aspect of an Element."@en ; + rdfs:range . + +ns1:externalIdentifier a owl:ObjectProperty ; + rdfs:comment """Provides a reference to a resource outside the scope of SPDX-3.0 content +that uniquely identifies an Element."""@en ; + rdfs:range ns1:ExternalIdentifier . + +ns1:externalIdentifierType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external identifier."@en ; + rdfs:range ns1:ExternalIdentifierType . + +ns1:externalRef a owl:ObjectProperty ; + rdfs:comment """Points to a resource outside the scope of the SPDX-3.0 content +that provides additional characteristics of an Element."""@en ; + rdfs:range ns1:ExternalRef . + +ns1:externalRefType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the external reference."@en ; + rdfs:range ns1:ExternalRefType . + +ns1:externalSpdxId a owl:DatatypeProperty ; + rdfs:comment """Identifies an external Element used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + rdfs:range xsd:anyURI . + +ns1:from a owl:ObjectProperty ; + rdfs:comment "References the Element on the left-hand side of a relationship."@en ; + rdfs:range ns1:Element . + +ns1:identifier a owl:DatatypeProperty ; + rdfs:comment "Uniquely identifies an external element."@en ; + rdfs:range xsd:string . + +ns1:identifierLocator a owl:DatatypeProperty ; + rdfs:comment "Provides the location for more information regarding an external identifier."@en ; + rdfs:range xsd:anyURI . + +ns1:import a owl:ObjectProperty ; + rdfs:comment "Provides an ExternalMap of Element identifiers."@en ; + rdfs:range ns1:ExternalMap . + +ns1:issuingAuthority a owl:DatatypeProperty ; + rdfs:comment "An entity that is authorized to issue identification credentials."@en ; + rdfs:range xsd:string . + +ns1:key a owl:DatatypeProperty ; + rdfs:comment "A key used in a generic key-value pair."@en ; + rdfs:range xsd:string . + +ns1:locationHint a owl:DatatypeProperty ; + rdfs:comment "Provides an indication of where to retrieve an external Element."@en ; + rdfs:range xsd:anyURI . + +ns1:locator a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an external reference."@en ; + rdfs:range xsd:string . + +ns1:name a owl:DatatypeProperty ; + rdfs:comment "Identifies the name of an Element as designated by the creator."@en ; + rdfs:range xsd:string . + +ns1:namespace a owl:DatatypeProperty ; + rdfs:comment """Provides an unambiguous mechanism for conveying a URI fragment portion of an +Element ID."""@en ; + rdfs:range xsd:anyURI . + +ns1:namespaceMap a owl:ObjectProperty ; + rdfs:comment "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance."@en ; + rdfs:range ns1:NamespaceMap . + +ns1:originatedBy a owl:ObjectProperty ; + rdfs:comment "Identifies from where or whom the Element originally came."@en ; + rdfs:range ns1:Agent . + +ns1:packageVerificationCodeExcludedFile a owl:DatatypeProperty ; + rdfs:comment """The relative file name of a file to be excluded from the +`PackageVerificationCode`."""@en ; + rdfs:range xsd:string . + +ns1:prefix a owl:DatatypeProperty ; + rdfs:comment "A substitute for a URI."@en ; + rdfs:range xsd:string . + +ns1:profileConformance a owl:ObjectProperty ; + rdfs:comment """Describes one a profile which the creator of this ElementCollection intends to +conform to."""@en ; + rdfs:range ns1:ProfileIdentifierType . + +ns1:relationshipType a owl:ObjectProperty ; + rdfs:comment "Information about the relationship between two Elements."@en ; + rdfs:range ns1:RelationshipType . + +ns1:releaseTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time an artifact was released."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:rootElement a owl:ObjectProperty ; + rdfs:comment "This property is used to denote the root Element(s) of a tree of elements contained in a BOM."@en ; + rdfs:range ns1:Element . + +ns1:scope a owl:ObjectProperty ; + rdfs:comment "Capture the scope of information about a specific relationship between elements."@en ; + rdfs:range ns1:LifecycleScopeType . + +ns1:specVersion a owl:DatatypeProperty ; + rdfs:comment """Provides a reference number that can be used to understand how to parse and +interpret an Element."""@en ; + rdfs:range xsd:string . + +ns1:standardName a owl:DatatypeProperty ; + rdfs:comment "The name of a relevant standard that may apply to an artifact."@en ; + rdfs:range xsd:string . + +ns1:startTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time from which an element is applicable / valid."@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:statement a owl:DatatypeProperty ; + rdfs:comment "Commentary on an assertion that an annotator has made."@en ; + rdfs:range xsd:string . + +ns1:subject a owl:ObjectProperty ; + rdfs:comment "An Element an annotator has made an assertion about."@en ; + rdfs:range ns1:Element . + +ns1:summary a owl:DatatypeProperty ; + rdfs:comment "A short description of an Element."@en ; + rdfs:range xsd:string . + +ns1:supportLevel a owl:ObjectProperty ; + rdfs:comment "Specifies the level of support associated with an artifact."@en ; + rdfs:range ns1:SupportType . + +ns1:to a owl:ObjectProperty ; + rdfs:comment "References an Element on the right-hand side of a relationship."@en ; + rdfs:range ns1:Element . + +ns1:validUntilTime a owl:DatatypeProperty ; + rdfs:comment """Specifies until when the artifact can be used before its usage needs to be +reassessed."""@en ; + rdfs:range xsd:dateTimeStamp . + +ns1:value a owl:DatatypeProperty ; + rdfs:comment "A value used in a generic key-value pair."@en ; + rdfs:range xsd:string . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "amber" ; + rdfs:comment "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis."@en . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "clear" ; + rdfs:comment "Dataset may be distributed freely, without restriction."@en . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "green" ; + rdfs:comment "Dataset can be shared within a community of peers and partners."@en . + + a owl:NamedIndividual, + ns4:ConfidentialityLevelType ; + rdfs:label "red" ; + rdfs:comment "Data points in the dataset are highly confidential and can only be shared with named recipients."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "clickthrough" ; + rdfs:comment "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "directDownload" ; + rdfs:comment "the dataset is publicly available and can be downloaded directly."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "query" ; + rdfs:comment "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "registration" ; + rdfs:comment "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms."@en . + + a owl:NamedIndividual, + ns4:DatasetAvailabilityType ; + rdfs:label "scrapingScript" ; + rdfs:comment "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "audio" ; + rdfs:comment "data is audio based, such as a collection of music from the 80s."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "categorical" ; + rdfs:comment "data that is classified into a discrete number of categories, such as the eye color of a population of people."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "graph" ; + rdfs:comment "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "image" ; + rdfs:comment "data is a collection of images such as pictures of animals."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "noAssertion" ; + rdfs:comment "data type is not known."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "numeric" ; + rdfs:comment "data consists only of numeric entries."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "other" ; + rdfs:comment "data is of a type not included in this list."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "sensor" ; + rdfs:comment "data is recorded from a physical sensor, such as a thermometer reading or biometric device."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "structured" ; + rdfs:comment "data is stored in tabular format or retrieved from a relational database."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "syntactic" ; + rdfs:comment "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "text" ; + rdfs:comment "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "timeseries" ; + rdfs:comment "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "timestamp" ; + rdfs:comment "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends."@en . + + a owl:NamedIndividual, + ns4:DatasetType ; + rdfs:label "video" ; + rdfs:comment "data is video based, such as a collection of movie clips featuring Tom Hanks."@en . + +ns4:anonymizationMethodUsed a owl:DatatypeProperty ; + rdfs:comment "Describes the anonymization methods used."@en ; + rdfs:range xsd:string . + +ns4:confidentialityLevel a owl:ObjectProperty ; + rdfs:comment "Describes the confidentiality level of the data points contained in the dataset."@en ; + rdfs:range ns4:ConfidentialityLevelType . + +ns4:dataCollectionProcess a owl:DatatypeProperty ; + rdfs:comment "Describes how the dataset was collected."@en ; + rdfs:range xsd:string . + +ns4:dataPreprocessing a owl:DatatypeProperty ; + rdfs:comment "Describes the preprocessing steps that were applied to the raw data to create the given dataset."@en ; + rdfs:range xsd:string . + +ns4:datasetAvailability a owl:ObjectProperty ; + rdfs:comment "The field describes the availability of a dataset."@en ; + rdfs:range ns4:DatasetAvailabilityType . + +ns4:datasetNoise a owl:DatatypeProperty ; + rdfs:comment "Describes potentially noisy elements of the dataset."@en ; + rdfs:range xsd:string . + +ns4:datasetSize a owl:DatatypeProperty ; + rdfs:comment "Captures the size of the dataset."@en ; + rdfs:range xsd:nonNegativeInteger . + +ns4:datasetType a owl:ObjectProperty ; + rdfs:comment "Describes the type of the given dataset."@en ; + rdfs:range ns4:DatasetType . + +ns4:datasetUpdateMechanism a owl:DatatypeProperty ; + rdfs:comment "Describes a mechanism to update the dataset."@en ; + rdfs:range xsd:string . + +ns4:hasSensitivePersonalInformation a owl:ObjectProperty ; + rdfs:comment "Describes if any sensitive personal information is present in the dataset."@en ; + rdfs:range ns1:PresenceType . + +ns4:intendedUse a owl:DatatypeProperty ; + rdfs:comment "Describes what the given dataset should be used for."@en ; + rdfs:range xsd:string . + +ns4:knownBias a owl:DatatypeProperty ; + rdfs:comment "Records the biases that the dataset is known to encompass."@en ; + rdfs:range xsd:string . + +ns4:sensor a owl:ObjectProperty ; + rdfs:comment "Describes a sensor used for collecting the data."@en ; + rdfs:range ns1:DictionaryEntry . + +ns6:additionText a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition."@en ; + rdfs:range xsd:string . + +ns6:isDeprecatedAdditionId a owl:DatatypeProperty ; + rdfs:comment "Specifies whether an additional text identifier has been marked as deprecated."@en ; + rdfs:range xsd:boolean . + +ns6:isDeprecatedLicenseId a owl:DatatypeProperty ; + rdfs:comment """Specifies whether a license or additional text identifier has been marked as +deprecated."""@en ; + rdfs:range xsd:boolean . + +ns6:isFsfLibre a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as free by the +Free Software Foundation (FSF)."""@en ; + rdfs:range xsd:boolean . + +ns6:isOsiApproved a owl:DatatypeProperty ; + rdfs:comment """Specifies whether the License is listed as approved by the +Open Source Initiative (OSI)."""@en ; + rdfs:range xsd:boolean . + +ns6:standardAdditionTemplate a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a LicenseAddition, in SPDX templating format."@en ; + rdfs:range xsd:string . + +ns6:standardLicenseHeader a owl:DatatypeProperty ; + rdfs:comment """Provides a License author's preferred text to indicate that a file is covered +by the License."""@en ; + rdfs:range xsd:string . + +ns6:standardLicenseTemplate a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License, in SPDX templating format."@en ; + rdfs:range xsd:string . + +ns6:subjectAddition a owl:ObjectProperty ; + rdfs:comment "A LicenseAddition participating in a 'with addition' model."@en ; + rdfs:range ns6:LicenseAddition . + +ns6:subjectExtendableLicense a owl:ObjectProperty ; + rdfs:comment "A License participating in a 'with addition' model."@en ; + rdfs:range ns6:ExtendableLicense . + +ns6:subjectLicense a owl:ObjectProperty ; + rdfs:comment "A License participating in an 'or later' model."@en ; + rdfs:range ns6:License . + + a owl:DatatypeProperty ; + rdfs:comment "A name used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "A value used in a CdxPropertyEntry name-value pair."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment "Provides a map of a property names to a values."@en ; + rdfs:range . + + a owl:NamedIndividual, + ns5:ExploitCatalogType ; + rdfs:label "kev" ; + rdfs:comment "CISA's Known Exploited Vulnerability (KEV) Catalog"@en . + + a owl:NamedIndividual, + ns5:ExploitCatalogType ; + rdfs:label "other" ; + rdfs:comment "Other exploit catalogs"@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "act" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "attend" ; + rdfs:comment "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "track" ; + rdfs:comment "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."@en . + + a owl:NamedIndividual, + ns5:SsvcDecisionType ; + rdfs:label "trackStar" ; + rdfs:comment "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "componentNotPresent" ; + rdfs:comment "The software is not affected because the vulnerable component is not in the product."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "inlineMitigationsAlreadyExist" ; + rdfs:comment "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "vulnerableCodeCannotBeControlledByAdversary" ; + rdfs:comment "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "vulnerableCodeNotInExecutePath" ; + rdfs:comment "The affected code is not reachable through the execution of the code, including non-anticipated states of the product."@en . + + a owl:NamedIndividual, + ns5:VexJustificationType ; + rdfs:label "vulnerableCodeNotPresent" ; + rdfs:comment "The product is not affected because the code underlying the vulnerability is not present in the product."@en . + +ns5:actionStatement a owl:DatatypeProperty ; + rdfs:comment """Provides advise on how to mitigate or remediate a vulnerability when a VEX product +is affected by it."""@en ; + rdfs:range xsd:string . + +ns5:actionStatementTime a owl:DatatypeProperty ; + rdfs:comment """Records the time when a recommended action was communicated in a VEX statement +to mitigate a vulnerability."""@en ; + rdfs:range xsd:dateTimeStamp . + +ns5:assessedElement a owl:ObjectProperty ; + rdfs:comment """Specifies an Element contained in a piece of software where a vulnerability was +found."""@en ; + rdfs:range ns3:SoftwareArtifact . + +ns5:catalogType a owl:ObjectProperty ; + rdfs:comment "Specifies the exploit catalog type."@en ; + rdfs:range ns5:ExploitCatalogType . + +ns5:decisionType a owl:ObjectProperty ; + rdfs:comment """Provide the enumeration of possible decisions in the +[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)."""@en ; + rdfs:range ns5:SsvcDecisionType . + +ns5:exploited a owl:DatatypeProperty ; + rdfs:comment "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog."@en ; + rdfs:range xsd:boolean . + +ns5:impactStatement a owl:DatatypeProperty ; + rdfs:comment """Explains why a VEX product is not affected by a vulnerability. It is an +alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable +justification label."""@en ; + rdfs:range xsd:string . + +ns5:impactStatementTime a owl:DatatypeProperty ; + rdfs:comment "Timestamp of impact statement."@en ; + rdfs:range xsd:dateTimeStamp . + +ns5:justificationType a owl:ObjectProperty ; + rdfs:comment """Impact justification label to be used when linking a vulnerability to an element +representing a VEX product with a VexNotAffectedVulnAssessmentRelationship +relationship."""@en ; + rdfs:range ns5:VexJustificationType . + +ns5:locator a owl:DatatypeProperty ; + rdfs:comment "Provides the location of an exploit catalog."@en ; + rdfs:range xsd:anyURI . + +ns5:percentile a owl:DatatypeProperty ; + rdfs:comment "The percentile of the current probability score."@en ; + rdfs:range xsd:decimal . + +ns5:probability a owl:DatatypeProperty ; + rdfs:comment "A probability score between 0 and 1 of a vulnerability being exploited."@en ; + rdfs:range xsd:decimal . + +ns5:statusNotes a owl:DatatypeProperty ; + rdfs:comment "Conveys information about how VEX status was determined."@en ; + rdfs:range xsd:string . + +ns5:vexVersion a owl:DatatypeProperty ; + rdfs:comment "Specifies the version of a VEX statement."@en ; + rdfs:range xsd:string . + + a owl:ObjectProperty ; + rdfs:comment """Maps a LicenseRef or AdditionRef string for a Custom License or a Custom +License Addition to its URI ID."""@en ; + rdfs:range ns1:DictionaryEntry . + + a owl:DatatypeProperty ; + rdfs:comment "A string in the license expression format."@en ; + rdfs:range xsd:string . + + a owl:DatatypeProperty ; + rdfs:comment "The version of the SPDX License List used in the license expression."@en ; + rdfs:range xsd:string . + + a owl:NamedIndividual, + ns3:ContentIdentifierType ; + rdfs:label "gitoid" ; + rdfs:comment "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg)."@en . + + a owl:NamedIndividual, + ns3:ContentIdentifierType ; + rdfs:label "swhid" ; + rdfs:comment "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`."@en . + + a owl:NamedIndividual, + ns3:FileKindType ; + rdfs:label "directory" ; + rdfs:comment "The file represents a directory and all content stored in that directory."@en . + + a owl:NamedIndividual, + ns3:FileKindType ; + rdfs:label "file" ; + rdfs:comment "The file represents a single file (default)."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "analyzed" ; + rdfs:comment "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "build" ; + rdfs:comment "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "deployed" ; + rdfs:comment "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "design" ; + rdfs:comment "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "runtime" ; + rdfs:comment "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM."@en . + + a owl:NamedIndividual, + ns3:SbomType ; + rdfs:label "source" ; + rdfs:comment "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact."@en . + +ns3:additionalPurpose a owl:ObjectProperty ; + rdfs:comment "Provides additional purpose information of the software artifact."@en ; + rdfs:range ns3:SoftwarePurpose . + +ns3:attributionText a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record acknowledgement text for +a software Package, File or Snippet."""@en ; + rdfs:range xsd:string . + +ns3:byteRange a owl:DatatypeProperty ; + rdfs:comment """Defines the byte range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange . + +ns3:contentIdentifier a owl:DatatypeProperty ; + rdfs:comment """A canonical, unique, immutable identifier of the artifact content, that may be +used for verifying its identity and/or integrity."""@en ; + rdfs:range ns3:ContentIdentifier . + +ns3:contentIdentifierType a owl:ObjectProperty ; + rdfs:comment "Specifies the type of the content identifier."@en ; + rdfs:range ns3:ContentIdentifierType . + +ns3:contentIdentifierValue a owl:DatatypeProperty ; + rdfs:comment "Specifies the value of the content identifier."@en ; + rdfs:range xsd:anyURI . + +ns3:copyrightText a owl:DatatypeProperty ; + rdfs:comment """Identifies the text of one or more copyright notices for a software Package, +File or Snippet, if any."""@en ; + rdfs:range xsd:string . + +ns3:downloadLocation a owl:DatatypeProperty ; + rdfs:comment """Identifies the download Uniform Resource Identifier for the package at the time +that the document was created."""@en ; + rdfs:range xsd:anyURI . + +ns3:fileKind a owl:ObjectProperty ; + rdfs:comment "Describes if a given file is a directory or non-directory kind of file."@en ; + rdfs:range ns3:FileKindType . + +ns3:homePage a owl:DatatypeProperty ; + rdfs:comment """A place for the SPDX document creator to record a website that serves as the +package's home page."""@en ; + rdfs:range xsd:anyURI . + +ns3:lineRange a owl:DatatypeProperty ; + rdfs:comment """Defines the line range in the original host file that the snippet information +applies to."""@en ; + rdfs:range ns1:PositiveIntegerRange . + +ns3:packageUrl a owl:DatatypeProperty ; + rdfs:comment """Provides a place for the SPDX data creator to record the package URL string +(in accordance with the Package URL specification) for a software Package."""@en ; + rdfs:range xsd:anyURI . + +ns3:packageVersion a owl:DatatypeProperty ; + rdfs:comment "Identify the version of a package."@en ; + rdfs:range xsd:string . + +ns3:primaryPurpose a owl:ObjectProperty ; + rdfs:comment "Provides information about the primary purpose of the software artifact."@en ; + rdfs:range ns3:SoftwarePurpose . + +ns3:sbomType a owl:ObjectProperty ; + rdfs:comment "Provides information about the type of an SBOM."@en ; + rdfs:range ns3:SbomType . + +ns3:snippetFromFile a owl:ObjectProperty ; + rdfs:comment "Defines the original host file that the snippet information applies to."@en ; + rdfs:range ns3:File . + +ns3:sourceInfo a owl:DatatypeProperty ; + rdfs:comment """Records any relevant background information or additional comments +about the origin of the package."""@en ; + rdfs:range xsd:string . + +ns2:EnergyConsumption a owl:Class, + sh:NodeShape ; + rdfs:comment """A class for describing the energy consumption incurred by an AI model in +different stages of its lifecycle."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns2:EnergyConsumptionDescription ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:trainingEnergyConsumption ], + [ sh:class ns2:EnergyConsumptionDescription ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:finetuningEnergyConsumption ], + [ sh:class ns2:EnergyConsumptionDescription ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns2:inferenceEnergyConsumption ] . + +ns1:ExternalIdentifier a owl:Class, + sh:NodeShape ; + rdfs:comment "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifierLocator ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:issuingAuthority ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:identifier ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:class ns1:ExternalIdentifierType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalIdentifierType ] . + +ns1:ExternalMap a owl:Class, + sh:NodeShape ; + rdfs:comment """A map of Element identifiers that are used within an SpdxDocument but defined +external to that SpdxDocument."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:locationHint ], + [ sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing ], + [ sh:class ns1:Artifact ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:definingArtifact ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:externalSpdxId ] . + +ns1:ExternalRef a owl:Class, + sh:NodeShape ; + rdfs:comment "A reference to a resource outside the scope of SPDX-3.0 content related to an Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:ExternalRefType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:externalRefType ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:locator ] . + +ns1:Hash a owl:Class, + sh:NodeShape ; + rdfs:comment "A mathematically calculated representation of a grouping of data."@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:HashAlgorithm ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:algorithm ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:hashValue ] . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "adler32" ; + rdfs:comment "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b256" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b384" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake2b512" ; + rdfs:comment "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "blake3" ; + rdfs:comment "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "crystalsDilithium" ; + rdfs:comment "[Dilithium](https://pq-crystals.org/dilithium/)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "crystalsKyber" ; + rdfs:comment "[Kyber](https://pq-crystals.org/kyber/)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "falcon" ; + rdfs:comment "[FALCON](https://falcon-sign.info/falcon.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md2" ; + rdfs:comment "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md4" ; + rdfs:comment "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md5" ; + rdfs:comment "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "md6" ; + rdfs:comment "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "other" ; + rdfs:comment "any hashing algorithm that does not exist in this list of entries"@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha1" ; + rdfs:comment "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha224" ; + rdfs:comment "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha256" ; + rdfs:comment "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha384" ; + rdfs:comment "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_224" ; + rdfs:comment "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_256" ; + rdfs:comment "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_384" ; + rdfs:comment "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha3_512" ; + rdfs:comment "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final)."@en . + + a owl:NamedIndividual, + ns1:HashAlgorithm ; + rdfs:label "sha512" ; + rdfs:comment "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/)."@en . + +ns1:IndividualElement a owl:Class ; + rdfs:comment """A concrete subclass of Element used by Individuals in the +Core profile."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + +ns1:NamespaceMap a owl:Class, + sh:NodeShape ; + rdfs:comment "A mapping between prefixes and namespace partial URIs."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:prefix ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:namespace ] . + +ns1:Relationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Describes a relationship between one or more elements."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:Element ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:to ], + [ sh:class ns1:RelationshipCompleteness ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:completeness ], + [ sh:class ns1:RelationshipType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:relationshipType ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:startTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Element ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:from ] . + +ns1:Tool a owl:Class ; + rdfs:comment "An element of hardware and/or software utilized to carry out a particular function."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + +ns1:algorithm a owl:ObjectProperty ; + rdfs:comment "Specifies the algorithm used for calculating the hash value."@en ; + rdfs:range ns1:HashAlgorithm . + +ns1:hashValue a owl:DatatypeProperty ; + rdfs:comment "The result of applying a hash algorithm to an Element."@en ; + rdfs:range xsd:string . + +ns1:suppliedBy a owl:ObjectProperty ; + rdfs:comment """Identifies who or what supplied the artifact or VulnAssessmentRelationship +referenced by the Element."""@en ; + rdfs:range ns1:Agent . + +ns1:verifiedUsing a owl:ObjectProperty ; + rdfs:comment """Provides an IntegrityMethod with which the integrity of an Element can be +asserted."""@en ; + rdfs:range ns1:IntegrityMethod . + +ns6:IndividualLicensingInfo a owl:Class ; + rdfs:comment """A concrete subclass of AnyLicenseInfo used by Individuals in the +ExpandedLicensing profile."""@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI . + +ns6:deprecatedVersion a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this license or exception +identifier was deprecated."""@en ; + rdfs:range xsd:string . + +ns6:licenseXml a owl:DatatypeProperty ; + rdfs:comment """Identifies all the text and metadata associated with a license in the license +XML format."""@en ; + rdfs:range xsd:string . + +ns6:listVersionAdded a owl:DatatypeProperty ; + rdfs:comment """Specifies the SPDX License List version in which this ListedLicense or +ListedLicenseException identifier was first added."""@en ; + rdfs:range xsd:string . + +ns6:member a owl:ObjectProperty ; + rdfs:comment "A license expression participating in a license set."@en ; + rdfs:range . + +ns6:obsoletedBy a owl:DatatypeProperty ; + rdfs:comment """Specifies the licenseId that is preferred to be used in place of a deprecated +License or LicenseAddition."""@en ; + rdfs:range xsd:string . + +ns6:seeAlso a owl:DatatypeProperty ; + rdfs:comment "Contains a URL where the License or LicenseAddition can be found in use."@en ; + rdfs:range xsd:anyURI . + + a owl:Class, + sh:NodeShape ; + rdfs:comment "A property name with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "critical" ; + rdfs:comment "When a CVSS score is between 9.0 - 10.0"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "high" ; + rdfs:comment "When a CVSS score is between 7.0 - 8.9"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "low" ; + rdfs:comment "When a CVSS score is between 0.1 - 3.9"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "medium" ; + rdfs:comment "When a CVSS score is between 4.0 - 6.9"@en . + + a owl:NamedIndividual, + ns5:CvssSeverityType ; + rdfs:label "none" ; + rdfs:comment "When a CVSS score is 0.0"@en . + +ns5:modifiedTime a owl:DatatypeProperty ; + rdfs:comment "Specifies a time when a vulnerability assessment was modified"@en ; + rdfs:range xsd:dateTimeStamp . + +ns5:publishedTime a owl:DatatypeProperty ; + rdfs:comment "Specifies the time when a vulnerability was published."@en ; + rdfs:range xsd:dateTimeStamp . + +ns5:severity a owl:ObjectProperty ; + rdfs:comment "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software."@en ; + rdfs:range ns5:CvssSeverityType . + +ns5:withdrawnTime a owl:DatatypeProperty ; + rdfs:comment "Specified the time and date when a vulnerability was withdrawn."@en ; + rdfs:range xsd:dateTimeStamp . + + a owl:DatatypeProperty ; + rdfs:comment "Identifies the full text of a License or Addition."@en ; + rdfs:range xsd:string . + +ns3:ContentIdentifier a owl:Class, + sh:NodeShape ; + rdfs:comment "A canonical, unique, immutable identifier"@en ; + rdfs:subClassOf ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:contentIdentifierValue ], + [ sh:class ns3:ContentIdentifierType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:contentIdentifierType ] . + +ns3:File a owl:Class, + sh:NodeShape ; + rdfs:comment "Refers to any object that stores content on a computer."@en ; + rdfs:subClassOf ns3:SoftwareArtifact ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns3:FileKindType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:fileKind ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:contentType ; + sh:pattern "^[^\\/]+\\/[^\\/]+$" ] . + +ns3:Package a owl:Class, + sh:NodeShape ; + rdfs:comment """Refers to any unit of content that can be associated with a distribution of +software."""@en ; + rdfs:subClassOf ns3:SoftwareArtifact ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:packageVersion ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:downloadLocation ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:sourceInfo ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:packageUrl ], + [ sh:datatype xsd:anyURI ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:homePage ] . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "application" ; + rdfs:comment "The Element is a software application."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "archive" ; + rdfs:comment "The Element is an archived collection of one or more files (.tar, .zip, etc.)."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "bom" ; + rdfs:comment "The Element is a bill of materials."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "configuration" ; + rdfs:comment "The Element is configuration data."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "container" ; + rdfs:comment "The Element is a container image which can be used by a container runtime application."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "data" ; + rdfs:comment "The Element is data."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "device" ; + rdfs:comment "The Element refers to a chipset, processor, or electronic board."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "deviceDriver" ; + rdfs:comment "The Element represents software that controls hardware devices."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "diskImage" ; + rdfs:comment "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "documentation" ; + rdfs:comment "The Element is documentation."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "evidence" ; + rdfs:comment "The Element is the evidence that a specification or requirement has been fulfilled."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "executable" ; + rdfs:comment "The Element is an Artifact that can be run on a computer."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "file" ; + rdfs:comment "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.)."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "filesystemImage" ; + rdfs:comment "The Element is a file system image that can be written to a disk (or virtual) partition."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "firmware" ; + rdfs:comment "The Element provides low level control over a device's hardware."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "framework" ; + rdfs:comment "The Element is a software framework."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "install" ; + rdfs:comment "The Element is used to install software on disk."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "library" ; + rdfs:comment "The Element is a software library."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "manifest" ; + rdfs:comment "The Element is a software manifest."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "model" ; + rdfs:comment "The Element is a machine learning or artificial intelligence model."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "module" ; + rdfs:comment "The Element is a module of a piece of software."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "operatingSystem" ; + rdfs:comment "The Element is an operating system."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "other" ; + rdfs:comment "The Element doesn't fit into any of the other categories."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "patch" ; + rdfs:comment "The Element contains a set of changes to update, fix, or improve another Element."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "platform" ; + rdfs:comment "The Element represents a runtime environment."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "requirement" ; + rdfs:comment "The Element provides a requirement needed as input for another Element."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "source" ; + rdfs:comment "The Element is a single or a collection of source files."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "specification" ; + rdfs:comment "The Element is a plan, guideline or strategy how to create, perform or analyze an application."@en . + + a owl:NamedIndividual, + ns3:SoftwarePurpose ; + rdfs:label "test" ; + rdfs:comment "The Element is a test used to verify functionality on an software element."@en . + +ns1:ElementCollection a owl:Class, + sh:NodeShape ; + rdfs:comment "A collection of Elements, not necessarily with unifying context."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:ProfileIdentifierType ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ns1:profileConformance ], + [ sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:element ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:ElementCollection ] ; + sh:path rdf:type ], + [ sh:class ns1:Element ; + sh:nodeKind sh:IRI ; + sh:path ns1:rootElement ] . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "no" ; + rdfs:comment "Indicates absence of the field."@en . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "noAssertion" ; + rdfs:comment "Makes no assertion about the field."@en . + + a owl:NamedIndividual, + ns1:PresenceType ; + rdfs:label "yes" ; + rdfs:comment "Indicates presence of the field."@en . + +ns1:contentType a owl:DatatypeProperty ; + rdfs:comment "Provides information about the content type of an Element or a Property."@en ; + rdfs:range xsd:string . + +ns5:score a owl:DatatypeProperty ; + rdfs:comment "Provides a numerical (0-10) representation of the severity of a vulnerability."@en ; + rdfs:range xsd:decimal . + +ns5:vectorString a owl:DatatypeProperty ; + rdfs:comment "Specifies the CVSS vector string for a vulnerability."@en ; + rdfs:range xsd:string . + +ns1:AnnotationType a owl:Class ; + rdfs:comment "Specifies the type of an annotation."@en . + +ns1:PositiveIntegerRange a owl:Class, + sh:NodeShape ; + rdfs:comment "A tuple of two positive integers that define a range."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:beginIntegerRange ], + [ sh:datatype xsd:positiveInteger ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:endIntegerRange ] . + + a owl:Class ; + rdfs:comment "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ] . + +ns5:ExploitCatalogType a owl:Class ; + rdfs:comment "Specifies the exploit catalog type."@en . + +ns3:ContentIdentifierType a owl:Class ; + rdfs:comment "Specifies the type of a content identifier."@en . + +ns3:FileKindType a owl:Class ; + rdfs:comment "Enumeration of the different kinds of SPDX file."@en . + +ns2:EnergyUnitType a owl:Class ; + rdfs:comment "Specifies the unit of energy consumption."@en . + +ns1:Artifact a owl:Class, + sh:NodeShape ; + rdfs:comment "A distinct article or unit within the digital domain."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:builtTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns1:standardName ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:Artifact ] ; + sh:path rdf:type ], + [ sh:class ns1:Agent ; + sh:nodeKind sh:IRI ; + sh:path ns1:originatedBy ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:validUntilTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:SupportType ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ns1:supportLevel ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:releaseTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ] . + +ns1:RelationshipCompleteness a owl:Class ; + rdfs:comment "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness."@en . + +ns1:SpdxOrganization a owl:NamedIndividual, + ns1:Organization ; + rdfs:comment "An Organization representing the SPDX Project."@en ; + owl:sameAs ; + ns1:creationInfo . + +ns1:comment a owl:DatatypeProperty ; + rdfs:comment """Provide consumers with comments by the creator of the Element about the +Element."""@en ; + rdfs:range xsd:string . + +ns6:ExtendableLicense a owl:Class ; + rdfs:comment "Abstract class representing a License or an OrLaterOperator."@en ; + rdfs:subClassOf ; + sh:nodeKind sh:IRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns6:ExtendableLicense ] ; + sh:path rdf:type ] . + +ns6:License a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract class for the portion of an AnyLicenseInfo representing a license."@en ; + rdfs:subClassOf ns6:ExtendableLicense ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isOsiApproved ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:standardLicenseHeader ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns6:License ] ; + sh:path rdf:type ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:licenseXml ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:obsoletedBy ], + [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isFsfLibre ], + [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isDeprecatedLicenseId ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:standardLicenseTemplate ], + [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns6:seeAlso ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ] . + +ns6:LicenseAddition a owl:Class, + sh:NodeShape ; + rdfs:comment """Abstract class for additional text intended to be added to a License, but +which is not itself a standalone License."""@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:additionText ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:standardAdditionTemplate ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns6:LicenseAddition ] ; + sh:path rdf:type ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:obsoletedBy ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:licenseXml ], + [ sh:datatype xsd:anyURI ; + sh:nodeKind sh:Literal ; + sh:path ns6:seeAlso ], + [ sh:datatype xsd:boolean ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns6:isDeprecatedAdditionId ] . + +ns5:VexVulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all VEX relationships"@en ; + rdfs:subClassOf ns5:VulnAssessmentRelationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:statusNotes ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:vexVersion ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns5:VexVulnAssessmentRelationship ] ; + sh:path rdf:type ] . + +ns2:EnergyConsumptionDescription a owl:Class, + sh:NodeShape ; + rdfs:comment """The class that helps note down the quantity of energy consumption and the unit +used for measurement."""@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns2:EnergyUnitType ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns2:energyUnit ], + [ sh:datatype xsd:decimal ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns2:energyQuantity ] . + +ns2:SafetyRiskAssessmentType a owl:Class ; + rdfs:comment "Specifies the safety risk level."@en . + +ns4:ConfidentialityLevelType a owl:Class ; + rdfs:comment "Categories of confidentiality level."@en . + +ns5:SsvcDecisionType a owl:Class ; + rdfs:comment "Specifies the SSVC decision type."@en . + +ns3:SoftwareArtifact a owl:Class, + sh:NodeShape ; + rdfs:comment "A distinct article or unit related to Software."@en ; + rdfs:subClassOf ns1:Artifact ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns3:SoftwarePurpose ; + sh:in ( ) ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns3:primaryPurpose ], + [ sh:datatype xsd:string ; + sh:nodeKind sh:Literal ; + sh:path ns3:attributionText ], + [ sh:class ns3:ContentIdentifier ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns3:contentIdentifier ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns3:SoftwareArtifact ] ; + sh:path rdf:type ], + [ sh:class ns3:SoftwarePurpose ; + sh:in ( ) ; + sh:nodeKind sh:IRI ; + sh:path ns3:additionalPurpose ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns3:copyrightText ] . + +ns1:CreationInfo a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides information about the creation of the Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:class ns1:Tool ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdUsing ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:created ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns1:Agent ; + sh:minCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:createdBy ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:specVersion ; + sh:pattern "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" ] . + +ns1:IntegrityMethod a owl:Class, + sh:NodeShape ; + rdfs:comment "Provides an independently reproducible mechanism that permits verification of a specific Element."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:IntegrityMethod ] ; + sh:path rdf:type ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ] . + +ns4:DatasetAvailabilityType a owl:Class ; + rdfs:comment "Availability of dataset."@en . + +ns5:VexJustificationType a owl:Class ; + rdfs:comment "Specifies the VEX justification type."@en . + +ns1:LifecycleScopeType a owl:Class ; + rdfs:comment "Provide an enumerated set of lifecycle phases that can provide context to relationships."@en . + +ns5:CvssSeverityType a owl:Class ; + rdfs:comment "Specifies the CVSS base, temporal, threat, or environmental severity type."@en . + +ns5:VulnAssessmentRelationship a owl:Class, + sh:NodeShape ; + rdfs:comment "Abstract ancestor class for all vulnerability assessments"@en ; + rdfs:subClassOf ns1:Relationship ; + sh:nodeKind sh:IRI ; + sh:property [ sh:class ns1:Agent ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns1:suppliedBy ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:modifiedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns5:VulnAssessmentRelationship ] ; + sh:path rdf:type ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:publishedTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:datatype xsd:dateTimeStamp ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns5:withdrawnTime ; + sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ], + [ sh:class ns3:SoftwareArtifact ; + sh:maxCount 1 ; + sh:nodeKind sh:IRI ; + sh:path ns5:assessedElement ] . + +ns3:SbomType a owl:Class ; + rdfs:comment """Provides a set of values to be used to describe the common types of SBOMs that +tools may create."""@en . + +ns1:PresenceType a owl:Class ; + rdfs:comment "Categories of presence or absence."@en . + +ns1:SupportType a owl:Class ; + rdfs:comment "Indicates the type of support that is associated with an artifact."@en . + +ns1:Agent a owl:Class ; + rdfs:comment "Agent represents anything with the potential to act on a system."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI . + +ns1:ProfileIdentifierType a owl:Class ; + rdfs:comment "Enumeration of the valid profiles."@en . + + a owl:Class ; + rdfs:comment "Abstract class representing a license combination consisting of one or more licenses."@en ; + rdfs:subClassOf ns1:Element ; + sh:nodeKind sh:IRI ; + sh:property [ sh:message "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ] ; + sh:path rdf:type ] . + +ns1:ExternalIdentifierType a owl:Class ; + rdfs:comment "Specifies the type of an external identifier."@en . + +ns1:DictionaryEntry a owl:Class, + sh:NodeShape ; + rdfs:comment "A key with an associated value."@en ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:value ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:key ] . + +ns4:DatasetType a owl:Class ; + rdfs:comment "Enumeration of dataset types."@en . + +ns1:Element a owl:Class, + sh:NodeShape ; + rdfs:comment "Base domain class from which all other SPDX-3.0 domain classes derive."@en ; + sh:nodeKind sh:IRI ; + sh:property [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:description ], + [ sh:class ns1:IntegrityMethod ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:verifiedUsing ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:summary ], + [ sh:class ns1:ExternalRef ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalRef ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:comment ], + [ sh:class ns1:ExternalIdentifier ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:externalIdentifier ], + [ sh:message "https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead."@en ; + sh:not [ sh:hasValue ns1:Element ] ; + sh:path rdf:type ], + [ sh:class ns1:CreationInfo ; + sh:maxCount 1 ; + sh:minCount 1 ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:creationInfo ], + [ sh:class ; + sh:nodeKind sh:BlankNodeOrIRI ; + sh:path ns1:extension ], + [ sh:datatype xsd:string ; + sh:maxCount 1 ; + sh:nodeKind sh:Literal ; + sh:path ns1:name ] . + +ns1:HashAlgorithm a owl:Class ; + rdfs:comment "A mathematical algorithm that maps data of arbitrary size to a bit string."@en . + +ns3:SoftwarePurpose a owl:Class ; + rdfs:comment "Provides information about the primary purpose of an Element."@en . + +ns1:ExternalRefType a owl:Class ; + rdfs:comment "Specifies the type of an external reference."@en . + +ns1:RelationshipType a owl:Class ; + rdfs:comment "Information about the relationship between two Elements."@en . + diff --git a/rdf/spdx-model.xml b/rdf/spdx-model.xml new file mode 100644 index 0000000000..5b69204215 --- /dev/null +++ b/rdf/spdx-model.xml @@ -0,0 +1,5729 @@ + + + + + + + + + + + + + + + + 1 + + + + + + + 1 + + + + + support + A reference to the software support channel or other support information for a package. + + + + + serializedInArtifact + The `from` SpdxDocument can be found in a serialized form in each `to` Artifact. + + + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + + + hasExample + Every `to` Element is an example for the `from` Element (`from` hasExample `to`). + + + + + + 1 + 1 + + + Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. + + + + + Describes if any sensitive personal information is present in the dataset. + + + + + + + + + 1 + 1 + + + + Agent represents anything with the potential to act on a system. + + + + + + + support + the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support. + + + + + sha256 + SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). + + + + + + 1 + + + Maps a LicenseRef or AdditionRef string for a Custom License or a Custom +License Addition to its URI ID. + + + + + + + A canonical, unique, immutable identifier + + + + + + + + + other + Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless). + + + + + act + The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible. + + + + A license addition that is not listed on the SPDX Exceptions List. + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + Describes a mechanism to update the dataset. + + + + + + + hasHost + The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on). + + + + + other + Used when the type does not match any of the other options. + + + + + + 1 + 1 + + + + + deployed + in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service. + + + + + An SPDX Element containing an SPDX license expression string. + + + + + + + + + + + 1 + 1 + + + + + + 1 + + + + + A collection of Elements that have a shared context. + + + + + + + + funding + A reference to funding information related to a package. + + + + + + + + + build + A relationship has specific context implications during an element's build phase, during development. + + + + + + + + + + The class that helps note down the quantity of energy consumption and the unit +used for measurement. + + + + + + + + + + A probability score between 0 and 1 of a vulnerability being exploited. + + + + + + + modifiedBy + The `from` Element is modified by each `to` Element. + + + + + configuration + The Element is configuration data. + + + + + System Package Data Exchange (SPDX) Ontology + This ontology defines the terms and relationships used in the SPDX specification to describe system packages + 2024-04-05 + SPDX Project + + + System Package Data Exchange (SPDX) Ontology + Copyright (C) 2024 SPDX Project + + + + + email + Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3. + + + Provides a place for the SPDX data creator to record the package URL string +(in accordance with the Package URL specification) for a software Package. + + + + + + + amber + Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis. + + + + + + + 1 + 1 + + + + + + + + + riskAssessment + A reference to a risk assessment for a package. + + + + + + + + + + + Defines the byte range in the original host file that the snippet information +applies to. + + + + + + + republishedBy + Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent. + + + Defines the beginning of a range. + + + + + + + A mapping between prefixes and namespace partial URIs. + + + + + + + + A license or addition that is not listed on the SPDX License List. + + + + + + + + clear + Dataset may be distributed freely, without restriction. + + + + + sourceArtifact + A reference to an artifact containing the sources for a package. + + + + + A distinct article or unit related to Software. + + + + + + + + + + + + + packagedBy + Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`). + + + + + + 1 + + + + + endOfSupport + there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact. + + + + + + 1 + + + + + + + + Abstract class representing a License or an OrLaterOperator. + + + + + + + + delegatedTo + The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`). + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + runtimeAnalysisReport + A reference to a runtime analysis report for a package. + + + + + design + A relationship has specific context implications during an element's design. + + + Provides relevant information about the AI software, not including the model +description. + + + + + + + + + + + + 1 + 1 + + + + + noAssertion + Makes no assertion about the field. + + + + + + + Artifact representing a serialization instance of SPDX data containing the +definition of a particular Element. + + + + + + + + + Identifies the full text of a License or Addition. + + + + + + + + 1 + 1 + + + + + text + data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript. + + + + + securityThreatModel + A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package. + + + + + megajoule + Megajoule. + + + + + + 1 + 1 + + + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + 1 + + + + + bom + The Element is a bill of materials. + + + + + usesTool + The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period. + + + + ^[^\/]+\/[^\/]+$ + + + 1 + + + + + + + + Designates elements as products where the impact of a vulnerability is being +investigated. + + + + + + + falcon + [FALCON](https://falcon-sign.info/falcon.pdf) + + + + + crystalsKyber + [Kyber](https://pq-crystals.org/kyber/) + + + + + sha512 + SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). + + + + + + + + + hasAddedFile + Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`). + + + + + + 1 + 1 + + + + + + + + + swhid + SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. + + + + + + An Individual Value for Element representing a set of Elements of unknown +identify or cardinality (number). + + + + + hasDistributionArtifact + The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file). + + + + Specifies the SSVC decision type. + + + + + + + + + + + 1 + 1 + + + + + + + 1 + + + + + + + + + + + + + + + + + availableFrom + The `from` Element is available from the additional supplier described by each `to` Element. + + + + + + + + + + + + + structured + data is stored in tabular format or retrieved from a relational database. + + + + + + + + + Specifies the type of a content identifier. + + + + + + + + + + + + + + + A collection of SPDX Elements describing a single package. + + + + + + + + A collection of Elements, not necessarily with unifying context. + + + + + + + + + + + + 1 + 1 + + + + + + 1 + + + + + Abstract class for additional text intended to be added to a License, but +which is not itself a standalone License. + + + + + + + + + + + + + + + + + + blake2b256 + BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. + + + + + dynamicAnalysisReport + A reference to a dynamic analysis report for a package. + + + + + blake3 + [BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf) + + + + + + + + + + patch + The Element contains a set of changes to update, fix, or improve another Element. + + + + + Portion of an AnyLicenseInfo representing a set of licensing information +where all elements apply. + + + + + + + + Provides a CVSS version 2.0 assessment for a vulnerability. + + + + + + + + + lite + the element follows the Lite profile specification + + + + + + + + + registration + the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms. + + + + + exploitCreatedBy + The `from` Vulnerability has had an exploit created against it by each `to` Agent. + + + + + Provides information about the creation of the Element. + + + + + + + + + + + + + + + A collection of SPDX Elements that could potentially be serialized. + + + + + + + + + + + 1 + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + yes + Indicates presence of the field. + + + + + An SPDX version 2.X compatible verification method for software packages. + + + + + + + + + + + + 1 + 1 + + + + + + + + + + + + + + core + the element follows the Core profile specification + + + + + + + + + expandedLicensing + the element follows the ExpandedLicensing profile specification + + + Gives information about the circumstances or unifying properties +that Elements of the bundle have been assembled under. + + + + + + + + + + Describes potentially noisy elements of the dataset. + + + + + + + + + + + serious + The highest level of risk posed by an AI system. + + + + + + 1 + + + + + + + + + specification + The Element is a plan, guideline or strategy how to create, perform or analyze an application. + + + + + other + Any other units of energy measurement. + + + Describes a sensor used for collecting the data. + + + + + + + filesystemImage + The Element is a file system image that can be written to a disk (or virtual) partition. + + + + + Specifies a data package and its associated information. + + + + + + + + + + + + + + + + + + + + + + + + fixedIn + A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships. + + + + + + + + + + + + + + + + blake2b384 + BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. + + + + + ai + the element follows the AI profile specification + + + The result of applying a hash algorithm to an Element. + + + + + Describes one a profile which the creator of this ElementCollection intends to +conform to. + + + + + + + sha3_224 + SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + + + hasAssociatedVulnerability + Used to associate a `from` Artifact with each `to` Vulnerability. + + + + + data + The Element is data. + + + + + issueTracker + A reference to the issue tracker for a package. + + + + + + An Individual Value for License when no assertion can be made about its actual +value. + + + + + + + + + + doesNotAffect + The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships. + + + + + + + + Provides a reference to a resource outside the scope of SPDX-3.0 content +that uniquely identifies an Element. + + + + + + + Abstract class for the portion of an AnyLicenseInfo representing a license. + + + + + + + + + + + + + + + + + + 1 + 1 + + + Describes the anonymization methods used. + + + + + + + + 1 + 1 + + + + + cwe + [Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/). + + + + + + + + + + + + + coordinatedBy + The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent). + + + + + runtime + A relationship has specific context implications during the execution phase of an element. + + + + + hasConcludedLicense + The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license. + + + A name used in a CdxPropertyEntry name-value pair. + + + + + + + releaseHistory + A reference to a published list of releases for a package. + + + Provides information about the creation of the Element. + + + + + Identifies the text of one or more copyright notices for a software Package, +File or Snippet, if any. + + + + + Provide consumers with comments by the creator of the Element about the +Element. + + + + + + + + + + + + + + + + + 2 + + + + + mavenCentral + A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`. + + + + + + + + + hasAssessmentFor + Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types. + + + + + library + The Element is a software library. + + + Contains a URL where the License or LicenseAddition can be found in use. + + + + + + + audio + data is audio based, such as a collection of music from the 80s. + + + + + + 1 + 1 + + + + + + 1 + 1 + + + + + inlineMitigationsAlreadyExist + Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability. + + + + + extension + the element follows the Extension profile specification + + + + + staticAnalysisReport + A reference to a static analysis report for a package. + + + + + + + + + directory + The file represents a directory and all content stored in that directory. + + + Refers to one or more Elements that are part of an ElementCollection. + + + + + Provides information about the primary purpose of the software artifact. + + + + + + + + + + + + + 1 + 1 + + + + + buildSystem + A reference build system used to create or publish the package. + + + + + + 1 + + + + + + 1 + + + + + + 1 + 1 + + + + + Provides a CVSS version 4 assessment for a vulnerability. + + + + + + + + + + + + + + + An Individual Value for License where the SPDX data creator determines that no +license is present. + + + + Specifies the version of a VEX statement. + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + + Specifies whether the License is listed as free by the +Free Software Foundation (FSF). + + + + + + + framework + The Element is a software framework. + + + + + Class that describes a build instance of software/artifacts. + + + + + + + + + + + + + + + + + + + Specifies the VEX justification type. + + + + + + + 1 + 1 + + + Identifies from where or whom the Element originally came. + + + + + + + chat + A reference to the instant messaging system used by the maintainer for a package. + + + + Provide an enumerated set of lifecycle phases that can provide context to relationships. + + + + + + 1 + 1 + + + + + + + 1 + + + + + + + 1 + + + + + releaseNotes + A reference to the release notes for a package. + + + + + + + + + Provides an independently reproducible mechanism that permits verification of a specific Element. + + + + + + Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance. + + + + + Specifies the CVSS vector string for a vulnerability. + + + + + Timestamp of impact statement. + + + + + + + vulnerabilityDisclosureReport + A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final). + + + + + + + + + + + 1 + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + 1 + + + Specifies the time from which an element is applicable / valid. + + + + + + + firmware + The Element provides low level control over a device's hardware. + + + + + trainedOn + The `from` Element has been trained on the `to` Element(s). + + + + + Connects a vulnerability and an element designating the element as a product +affected by the vulnerability. + + + + + + + + + + + + + hasPrerequisite + The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period. + + + + + + 1 + 1 + + + + + + + + + + sha3_256 + SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + + + build + SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs. + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + + + 1 + 1 + + + + + + 1 + 1 + + + + + eolNotice + A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package. + + + + + hasOutput + The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period. + + + + + + + + + patchedBy + Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`). + + + + + underInvestigationFor + The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships. + + + + + Refers to any unit of content that can be associated with a distribution of +software. + + + + + + + + + + + + + + + + + 1 + + + Specifies the level of support associated with an artifact. + + + + + + + contains + The `from` Element contains each `to` Element. + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + metrics + A reference to metrics related to package such as OpenSSF scorecards. + + + + + + + + + + + Specifies the type of the external identifier. + + + + + + + + + Records the time when a recommended action was communicated in a VEX statement +to mitigate a vulnerability. + + + + + + + buildMeta + A reference build metadata related to a published package. + + + + + + 1 + 1 + + + + + Portion of an AnyLicenseInfo representing a set of licensing information where +only one of the elements applies. + + + + + + + ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + + 1 + + + + + Abstract ancestor class for all vulnerability assessments + + + + + + + + + + + + + + + + + + + + + runtime + SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an "Instrumented" or "Dynamic" SBOM. + + + + + + + + + publishedBy + Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent. + + + + + hasDeletedFile + Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`). + + + + + hasDependencyManifest + The `from` Element has manifest files that contain dependency information in each `to` Element. + + + + + Abstract ancestor class for all VEX relationships + + + + + + + + + + Links a vulnerability and one or more elements designating the latter as products +not affected by the vulnerability. + + + + + + + + + Provides information about the primary purpose of an Element. + + + + + track + The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines. + + + + + md2 + MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/). + + + + + + 1 + 1 + + + + Specifies the unit of energy consumption. + + + + + sensor + data is recorded from a physical sensor, such as a thermometer reading or biometric device. + + + An Element an annotator has made an assertion about. + + + + + Captures the threshold that was used for computation of a metric described in +the metric field. + + + + + + + vulnerableCodeCannotBeControlledByAdversary + The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack. + + + + + + + + + + + + + + diskImage + The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc. + + + Provides an ExternalMap of Element identifiers. + + + + + + + A tuple of two positive integers that define a range. + + + + + + + + A license that is listed on the SPDX License List. + + + + + + + + + A reference to a resource outside the scope of SPDX-3.0 content related to an Element. + + + + + + + + + + + 1 + 1 + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + directDownload + the dataset is publicly available and can be downloaded directly. + + + + + Specifies a vulnerability and its associated information. + + + + + + + + + + sha224 + SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/). + + + + + other + Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element). + + + References the Element on the left-hand side of a relationship. + + + + + + Specifies the exploit catalog type. + + + + + + 1 + + + + + https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + Identifies the full text of a LicenseAddition. + + + + + + + securityOther + Used when there is a security related identifier of unspecified type. + + + + + + + + + Portion of an AnyLicenseInfo representing a License which has additional +text applied to it. + + + + + + + + + hasDynamicLink + The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period. + + + + + install + The Element is used to install software on disk. + + + + + operatingSystem + The Element is an operating system. + + + + + + + + + securityFix + A reference to the patch or source code that fixes a vulnerability. + + + + + Describes a relationship between one or more elements. + + + + + + + + + + + + + + + + + + + + + complete + The relationship is known to be exhaustive. + + + + + + + + + + 1 + + + A place for the SPDX document creator to record a website that serves as the +package's home page. + + + + + Defines the original host file that the snippet information applies to. + + + + + + + Describes a certain part of a file. + + + + + + + + Specifies an Extension characterization of some aspect of an Element. + + + + + + + + 1 + 1 + + + + + + + Property that describes the digest of the build configuration file used to +invoke a build. + + + + + + + + + 1 + + + + + + + Provides the location of an external reference. + + + + + Describes the confidentiality level of the data points contained in the dataset. + + + + + Identifies who or what created the Element. + + + + + + + adler32 + Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3. + + + + + nuget + A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`. + + + + + hasVariant + Every `to` Element is a variant the `from` Element (`from` hasVariant `to`). + + + + + dependsOn + The `from` Element depends on each `to` Element, during a LifecycleScopeType period. + + + + + blake2b512 + BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. + + + + + exportControlAssessment + A reference to a export control assessment for a package. + + + + + + + + + Provides a CVSS version 3 assessment for a vulnerability. + + + + + + + + + + + + + + securityPolicy + A reference to instructions for reporting newly discovered security vulnerabilities for a package. + + + Describes relevant information about different steps of the training process. + + + + + + + + + Specifies the licenseId that is preferred to be used in place of a deprecated +License or LicenseAddition. + + + + + + + + 1 + + + + + + + + A characterization of some aspect of an Element that is associated with the Element in a generalized fashion. + + + + + + + Specifies an AI package and its associated information. + + + + + + + + + + + + + + + + + + + + Points to a resource outside the scope of the SPDX-3.0 content +that provides additional characteristics of an Element. + + + + + + + + + + + A class for describing the energy consumption incurred by an AI model in +different stages of its lifecycle. + + + + + + + + + + + + + + securityAdversaryModel + A reference to the security adversary model for a package. + + + + + hasRequirement + The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period. + + + + + development + the artifact is in active development and is not considered ready for formal support from the supplier. + + + + + + + + + Base domain class from which all other SPDX-3.0 domain classes derive. + + + + + + + + + + + + + + + ^[^\/]+\/[^\/]+$ + + + 1 + + + + + + + An entity that is authorized to issue identification credentials. + + + + + + + medium + The third-highest level of risk posed by an AI system. + + + + + + + + + + + + + + + + A concrete subclass of Element used by Individuals in the +Core profile. + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + + + + + + + syntactic + data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing. + + + + + archive + The Element is an archived collection of one or more files (.tar, .zip, etc.). + + + + + graph + data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends. + + + + + + + + + + + + ^[^\/]+\/[^\/]+$ + + + 1 + + + + + + + + + A type of extension consisting of a list of name value pairs. + + + + + + + + software + the element follows the Software profile specification + + + + + certificationReport + A reference to a certification report for a package from an accredited/independent body. + + + Provides an unambiguous mechanism for conveying a URI fragment portion of an +Element ID. + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + review + Used when someone reviews the Element. + + + + + + 1 + + + + + green + Dataset can be shared within a community of peers and partners. + + + + + + + + + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + 1 + 1 + + + + + + + + + + 1 + 1 + + + + + md4 + MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/). + + + Provides a detailed description of the Element. + + + + + Provides a License author's preferred text to indicate that a file is covered +by the License. + + + + + + + An assertion made in relation to one or more elements. + + + + + + + + + + + query + the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset. + + + + + packageUrl + Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification. + + + + + red + Data points in the dataset are highly confidential and can only be shared with named recipients. + + + + + + + + An element of hardware and/or software utilized to carry out a particular function. + + + + + + + + + Property describing a parameter used in an instance of a build. + + + + + + + + 1 + 1 + + + + + + + 1 + + + + Links a vulnerability and elements representing products (in the VEX sense) where +a fix has been applied and are no longer affected. + + + + + + + + 1 + + + Specifies the amount of energy consumed during inference time by an AI model +that is being used in the AI system. + + + + + A License participating in a 'with addition' model. + + + + + + + + + + + + + + + + + Specifies the time an artifact was released. + + + + + + + file + The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.). + + + + + + 1 + + + Specifies a time when a vulnerability assessment was modified + + + + + Provides the location for more information regarding an external identifier. + + + + + Specifies the value of the content identifier. + + + + + + + + + Identifies the download Uniform Resource Identifier for the package at the time +that the document was created. + + + + + + + Refers to any object that stores content on a computer. + + + + + + + + + + + + + A key with an associated value. + + + + + + + + + + + + binaryArtifact + A reference to binary artifacts related to a package. + + + + + + + + A concrete subclass of AnyLicenseInfo used by Individuals in the +ExpandedLicensing profile. + + + + + Specifies an Element contained in a piece of software where a vulnerability was +found. + + + + + + + foundBy + Designates a `from` Vulnerability was originally discovered by the `to` Agent(s). + + + + + + + + + + 1 + + + + + manifest + The Element is a software manifest. + + + + + clickthrough + the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage. + + + + + + + Identifies an external Element used within an SpdxDocument but defined +external to that SpdxDocument. + + + + + + + + + Specifies the algorithm used for calculating the hash value. + + + + + + + A property name with an associated value. + + + + + + + + affects + The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships. + + + + + incomplete + The relationship is known not to be exhaustive. + + + + + + + Provides an IntegrityMethod with which the integrity of an Element can be +asserted. + + + + + + + + 1 + + + + + A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element. + + + + + + + + + + + + + + + + + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + Captures the size of the dataset. + + + + + Describes the preprocessing steps that were applied to the raw data to create the given dataset. + + + + + + + + + + + + + + + + + + + + + timeseries + data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 1 + + + + + + + + + + + + + + Specifies the type of an annotation. + + + + + + + Identifies all the text and metadata associated with a license in the license +XML format. + + + + + + A license that is not listed on the SPDX License List. + + + + + + + Provides an EPSS assessment for a vulnerability. + + + + + + + + + + 1 + + + + + simpleLicensing + the element follows the SimpleLicensing profile specification + + + + + none + When a CVSS score is 0.0 + + + + + Provide context for a relationship that occurs in the lifecycle. + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + 1 + + + + + + + 1 + + + + + + + + + + crystalsDilithium + [Dilithium](https://pq-crystals.org/dilithium/) + + + + + npm + A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`. + + + + + requirement + The Element provides a requirement needed as input for another Element. + + + + + + + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + trackStar + ("Track\*" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\* vulnerabilities within standard update timelines. + + + + + + + + + noSupport + there is no support for the artifact from the supplier, consumer assumes any support obligations. + + + The relative file name of a file to be excluded from the +`PackageVerificationCode`. + + + + + + + A mathematically calculated representation of a grouping of data. + + + + + + + Provides a place for the SPDX data creator to record acknowledgement text for +a software Package, File or Snippet. + + + + + + + + + + + + + Capture the scope of information about a specific relationship between elements. + + + + + + + source + The Element is a single or a collection of source files. + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + + + socialMedia + A reference to a social media channel for a package. + + + + + + 1 + + + The name of a relevant standard that may apply to an artifact. + + + + + + + hasDeclaredLicense + The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling. + + + + + A map of Element identifiers that are used within an SpdxDocument but defined +external to that SpdxDocument. + + + + + + + + + + + + + + + + + + + hasEvidence + Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`). + + + + + + + Captures a standard that is being complied with. + + + + + This property is used to denote the root Element(s) of a tree of elements contained in a BOM. + + + + + + + + + Provides a map of a property names to a values. + + + + + + + componentNotPresent + The software is not affected because the vulnerable component is not in the product. + + + + + Provides an exploit assessment of a vulnerability. + + + + + + + + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + + + attend + The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines. + + + + + numeric + data consists only of numeric entries. + + + + + + + + + + + + + + + + + + + + + altDownloadLocation + A reference to an alternative download location. + + + + + + + Specifies whether an additional text identifier has been marked as deprecated. + + + + + + + + + 1 + 1 + + + + + video + data is video based, such as a collection of movie clips featuring Tom Hanks. + + + + + + + + + + + + + + + + + + hasSpecification + Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period. + + + + + + + + + hasTestCase + Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`). + + + + + + 1 + + + + + + 1 + 1 + + + Identifies when the Element was originally created. + + + + + + + + An Organization representing the SPDX Project. + + + + Provides a reference number that can be used to understand how to parse and +interpret an Element. + + + + + + + + + + + + + + + + + + + image + data is a collection of images such as pictures of animals. + + + + + Portion of an AnyLicenseInfo representing this version, or any later version, +of the indicated License. + + + + + + + + + + + + + + + + development + A relationship has specific context implications during development phase of an element. + + + + + + 1 + + + Defines the end of a range. + + + + + + + documentation + The Element is documentation. + + + Specifies until when the artifact can be used before its usage needs to be +reassessed. + + + + + + + + + + + + + 1 + + + + + copiedTo + The `from` Element has been copied to each `to` Element. + + + + + high + When a CVSS score is between 7.0 - 8.9 + + + + + swid + Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3. + + + + + + + 1 + 1 + + + + + + + + + + 1 + + + + + + + + + hasMetadata + Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`). + + + + + + + + + vulnerableCodeNotPresent + The product is not affected because the code underlying the vulnerability is not present in the product. + + + Specifies the amount of energy consumed when finetuning the AI model that is +being used in the AI system. + + + + + + + + + + + + 1 + + + + + + + 1 + + + + + + 1 + + + + + + + + + + 1 + + + + + urlScheme + [Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource. + + + + + + + + + + 1 + + + + + + 1 + + + + + fixedBy + Designates a `from` Vulnerability has been fixed by the `to` Agent(s). + + + + + + 1 + 1 + + + + + + + + + + + + + + + + + md5 + MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/). + + + + + + + + vulnerabilityExploitabilityAssessment + A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf). + + + + + + + + + + deployed + SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment. + + + Identifies the name of an Element as designated by the creator. + + + + + + + + + + + limitedSupport + the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support. + + + + + + + + + + + + + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + Describes methods that can be used to explain the results from the AI model. + + + + + + + evidence + The Element is the evidence that a specification or requirement has been fulfilled. + + + + + + + + + source + SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact. + + + + + security + the element follows the Security profile specification + + + + An individual human being. + + + + + + + + + + + + + + + bower + A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the "install" section of [Bower API documentation](https://bower.io/docs/api/#install). + + + + + + + + Identifies who or what supplied the artifact or VulnAssessmentRelationship +referenced by the Element. + + + + + + + + + Describes the type of annotation. + + + + + + + + 1 + + + + + + 1 + + + Records the biases that the dataset is known to encompass. + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + Indicates the type of support that is associated with an artifact. + + + + + hasStaticLink + The `from` Element statically links in each `to` Element, during a LifecycleScopeType period. + + + + + + + + + hasDataFile + The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency. + + + + + + + + + + + + + + 2 + + + + + + 1 + + + + + + + Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog. + + + + + + + https://spdx.org/rdf/3.0.1/terms/Core/Artifact is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + 1 + + + A substitute for a URI. + + + + + + + + + + + hasOptionalComponent + Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`). + + + Property describing the session in which a build is invoked. + + + + + + + + 1 + 1 + + + + + + 1 + + + Provides a numerical (0-10) representation of the severity of a vulnerability. + + + + + + + + 1 + + + + + + + 1 + + + + Enumeration of dataset types. + + + + + + 1 + + + + + expandsTo + The `from` archive expands out as an artifact described by each `to` Element. + + + + + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + Property that describes the URI of the build configuration source file. + + + + + + + A license exception that is listed on the SPDX Exceptions list. + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + + + + + + Information about the relationship between two Elements. + + + + Availability of dataset. + + + + + https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + describes + The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used. + + + References an Element on the right-hand side of a relationship. + + + + + Provides additional purpose information of the software artifact. + + + + + + + module + The Element is a module of a piece of software. + + + + + low + Low/no risk is posed by an AI system. + + + + + other + any hashing algorithm that does not exist in this list of entries + + + + + + + + + + + Describes all the preprocessing steps applied to the training data before the +model training. + + + + + Uniquely identifies an external element. + + + + + + + componentAnalysisReport + A reference to a Software Composition Analysis (SCA) report. + + + + + securityPenTestReport + A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package. + + + + + design + SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact. + + + + + hasOptionalDependency + The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period. + + + + + + + + + amendedBy + The `from` Element is amended by each `to` Element. + + + + + + + + + + + + + + 1 + + + Property describing the start time of a build. + + + + + + + + + + + + + + + + + + + + + + + + sha384 + SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). + + + + A software agent. + + + + + + + + + Information about the relationship between two Elements. + + + + + + + + + + A container for a grouping of SPDX-3.0 content characterizing details +(provenence, composition, licensing, etc.) about a product. + + + + + + Specifies the CVSS base, temporal, threat, or environmental severity type. + + + + + + + + + + + + + + + + + gitoid + [Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg). + + + + + + + + + + + + + A mathematical algorithm that maps data of arbitrary size to a bit string. + + + + + noAssertion + data type is not known. + + + + + hasDocumentation + The `from` Element is documented by each `to` Element. + + + + + + + + + + + Defines the line range in the original host file that the snippet information +applies to. + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + + + + + 1 + 1 + + + + + + 1 + + + + + + 1 + + + A value used in a generic key-value pair. + + + + + + + test + A relationship has specific context implications during an element's testing phase, during development. + + + Identifies the tooling that was used during the creation of the Element. + + + + + A buildType is a hint that is used to indicate the toolchain, platform, or +infrastructure that the build was invoked on. + + + + + + + + 1 + 1 + + + + + + + + + + + + + altWebPage + A reference to an alternative web page. + + + + + + + + + reportedBy + Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent. + + + + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + 1 + + + + + license + A reference to additional license information related to an artifact. + + + + + + + + + + + + descendantOf + The `from` Element is a descendant of each `to` Element. + + + + + + 1 + + + + + + + + + + + + + + + + + + 1 + 1 + + + + + medium + When a CVSS score is between 4.0 - 6.9 + + + + + + + + Describes the type of the given dataset. + + + + + Conveys information about how VEX status was determined. + + + + + + + + An Individual Value for Element representing a set of Elements with +cardinality (number/count) of zero. + + + + + + 1 + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + + + noAssertion + No assertion can be made about the completeness of the relationship. + + + + + other + data is of a type not included in this list. + + + + + + + Describes how the dataset was collected. + + + + + + + ancestorOf + The `from` Element is an ancestor of each `to` Element. + + + + + + + + + + + + + + + Specifies whether a license or additional text identifier has been marked as +deprecated. + + + + + + + + + + + + + + Property that describes the time at which a build stops. + + + + + Specifies the unit in which energy is measured. + + + + + + + invokedBy + The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step). + + + + + + 1 + + + A LicenseAddition participating in a 'with addition' model. + + + + + + + + 1 + + + + ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ + + + 1 + + + Specified the time and date when a vulnerability was withdrawn. + + + + + + + noAssertion + no assertion about the type of support is made. This is considered the default if no other support type is used. + + + + Abstract class representing a license combination consisting of one or more licenses. + + + + + + + + + + + + + + + + kilowattHour + Kilowatt-hour. + + + + + + 1 + + + Describes what the given dataset should be used for. + + + + + + + https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + 1 + 1 + + + + + + + Specifies the SPDX License List version in which this license or exception +identifier was deprecated. + + + + + + + + 1 + 1 + + + + + + + 1 + + + Identify the version of a package. + + + + + + + + + + + + + + + Provides an SSVC assessment for a vulnerability. + + + + + + + + + + + + A distinct article or unit within the digital domain. + + + + + + + + + + + + + + + + 1 + 1 + + + Commentary on an assertion that an annotator has made. + + + + + Identifies the full text of a LicenseAddition, in SPDX templating format. + + + + + + + + + + + + + Specifies the SPDX License List version in which this ListedLicense or +ListedLicenseException identifier was first added. + + + + + + + + + + + + + + + + + + + deviceDriver + The Element represents software that controls hardware devices. + + + + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + productMetadata + A reference to additional product metadata such as reference within organization's product catalog. + + + + + + + + + + + + + + 1 + + + + + + + + + + + + + + + Specifies the type of the content identifier. + + + + + + + + + + + + + + + categorical + data that is classified into a discrete number of categories, such as the eye color of a population of people. + + + Identifies the full text of a License, in SPDX templating format. + + + + + Records the measurement of prediction quality of the AI model. + + + + + + + + + Records if sensitive personal information is used during model training or +could be used during the inference. + + + + + + + + + + Specifies the type of an external identifier. + + + + + + + A canonical, unique, immutable identifier of the artifact content, that may be +used for verifying its identity and/or integrity. + + + + + + + + + + + + + + + + securityOther + A reference to related security information of unspecified type. + + + + + scrapingScript + the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data. + + + + + + 1 + 1 + + + + + + + 1 + + + + + + + + + + + + + + + + + + + + + sha1 + SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/). + + + + + + + + + + + + + + + + Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness. + + + + + configures + The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period. + + + + + + + + + + + 1 + 1 + + + + + kev + CISA's Known Exploited Vulnerability (KEV) Catalog + + + + + + + + + cpe23 + [Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final) + + + + + + 1 + 1 + + + + + other + A relationship has other specific context information necessary to capture that the above set of enumerations does not handle. + + + + + other + Other exploit catalogs + + + + + md6 + [MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf) + + + + + + + + + critical + When a CVSS score is between 9.0 - 10.0 + + + + + hasInput + The `from` Build has each `to` Element as an input, during a LifecycleScopeType period. + + + + + + + + + + + 1 + + + + + + + + + + + + + + generates + The `from` Element generates each `to` Element. + + + + + secureSoftwareAttestation + A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form). + + + + + + + + + + + + Records a hyperparameter used to build the AI model contained in the AI +package. + + + + + + + https://spdx.org/rdf/3.0.1/terms/Extension/Extension is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + A key used in a generic key-value pair. + + + + + Provides advise on how to mitigate or remediate a vulnerability when a VEX product +is affected by it. + + + + + Provides the license under which the SPDX documentation of the Element can be +used. + + + + + Specifies the type of the external reference. + + + + + + + model + The Element is a machine learning or artificial intelligence model. + + + + + + + + + + 1 + + + + + device + The Element refers to a chipset, processor, or electronic board. + + + + + + + + + + 1 + + + + + + + + + + 1 + + + Records the type of the model used in the AI software. + + + + + + + https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + + + + + + securityAdvisory + A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries. + + + + + + + + + + purchaseOrder + A reference to a purchase order for a package. + + + + + sha3_512 + SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + + + + + + + low + When a CVSS score is between 0.1 - 3.9 + + + + + sha3_384 + SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). + + + + + + + + + + + + + + The field describes the availability of a dataset. + + + + + A buildId is a locally unique identifier used by a builder to identify a unique +instance of a build produced by it. + + + + + Specifies the exploit catalog type. + + + + + A short description of an Element. + + + + + + + + + + + + + + + + analyzed + SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a "3rd party" SBOM. + + + + + + + + + timestamp + data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends. + + + + Provides a set of values to be used to describe the common types of SBOMs that +tools may create. + + + + + vcs + A reference to a version control system related to a software artifact. + + + A string in the license expression format. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + https://spdx.org/rdf/3.0.1/terms/Core/Element is an abstract class and should not be instantiated directly. Instantiate a subclass instead. + + + + A group of people who work together in an organized way for a shared purpose. + + + + + + + + + + + + + + + + + + + + + + + Specifies the time an artifact was built. + + + + + + + file + The file represents a single file (default). + + + + + + + A value used in a CdxPropertyEntry name-value pair. + + + + + Provide the enumeration of possible decisions in the +[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc). + + + + + + + qualityAssessmentReport + A reference to a quality assessment for a package. + + + + ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + + 1 + 1 + + + + + + + + + gitoid + [Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg). + + + A License participating in an 'or later' model. + + + + + + + + 1 + + + + + + + + + + + + + + + + A license expression participating in a license set. + + + + + + + + + + + other + Used when the type does not match any of the other options. + + + + + + + + + mailingList + A reference to the mailing list used by the maintainer for a package. + + + + + + + + This individual element was defined by the spec. + 2024-11-22T03:00:01Z + + 3.0.1 + + + Provides information about the completeness of relationships. + + + + + + + no + Indicates absence of the field. + + + + + + + + + + + + + + 1 + 1 + + + Specifies the time when a vulnerability was published. + + + + + + Enumeration of the valid profiles. + + + + + executable + The Element is an Artifact that can be run on a computer. + + + + + + + + + + + + + container + The Element is a container image which can be used by a container runtime application. + + + The percentile of the current probability score. + + + + + + + + + + + + + + + dataset + the element follows the Dataset profile specification + + + + + cpe22 + [Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf) + + + + + + + + + privacyAssessment + A reference to a privacy assessment for a package. + + + + + + + + + + + + + swhid + SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. + + + + + application + The Element is a software application. + + + + + + + + + + + + + + + + + + + + + + hasProvidedDependency + The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period. + + + + + + 1 + + + Indicates the amount of energy consumption incurred by an AI model. + + + + + + + + + + + + + + + + + Provides an indication of where to retrieve an external Element. + + + + + + + + + + + + + + + + + + + + + + + + + + + test + The Element is a test used to verify functionality on an software element. + + + + + hasTest + Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period. + + + + Specifies the safety risk level. + + + + + documentation + A reference to the documentation for a package. + + + + + + + Provides information about the content type of an Element or a Property. + + + + + + + + + + + platform + The Element represents a runtime environment. + + + + + + + + + + + + + + 1 + + + + + + + Describes if a given file is a directory or non-directory kind of file. + + + + + + + + 1 + + + + + other + The Element doesn't fit into any of the other categories. + + + + + high + The second-highest level of risk posed by an AI system. + + + + + + + + + + Represents the energy quantity. + + + + + + + + + + + + + Categories of confidentiality level. + + + + + + + + + + + Specifies whether the License is listed as approved by the +Open Source Initiative (OSI). + + + + + + Specifies the type of an external reference. + + + + + + + + + + + + + + + + Specifies the time from which an element is no longer applicable / valid. + + + + + + + + + + + + + Specifies the amount of energy consumed when training the AI model that is +being used in the AI system. + + + + + + + + + Provides information about the type of an SBOM. + + + + + + + + + + + + + + + + + + + testedOn + The `from` Element has been tested on the `to` Element(s). + + + Provides the location of an exploit catalog. + + + + + + + + + + + build + the element follows the Build profile specification + + + Impact justification label to be used when linking a vulnerability to an element +representing a VEX product with a VexNotAffectedVulnAssessmentRelationship +relationship. + + + + + Explains why a VEX product is not affected by a vulnerability. It is an +alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable +justification label. + + + + + + + + + + + + Records any relevant background information or additional comments +about the origin of the package. + + + + + The version of the SPDX License List used in the license expression. + + + + + + + + + + + + + Property describes the invocation entrypoint of a build. + + + + + + + + + + + + + + + + + + + cve + Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id). + + + + + + + + + + + + + + + + + + + + + + + + + + vulnerableCodeNotInExecutePath + The affected code is not reachable through the execution of the code, including non-anticipated states of the product. + + + + + + + Indicates whether the system can perform a decision or action without human +involvement or guidance. + + + + + Records the results of general safety risk assessment of the AI system. + + + + + + + + + + + + + + + + + + + + + + + + Captures the domain in which the AI package can be used. + + + + + + + + + + + + + + + + + + + + + + Categories of presence or absence. + + + Captures a limitation of the AI software. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Enumeration of the different kinds of SPDX file. + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/requirements.txt b/requirements.txt index d6493c126f..40d817e067 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,5 @@ -json-schema-for-humans==1.0.2 -mike==2.1.2 -mkdocs==1.6.0 -mkdocs-pdf-export-plugin==0.5.10 -PyYAML==6.0.1 -shacl2code==0.0.12 +mike==2.1.3 +mkdocs==1.6.1 +# mkdocs-pdf-export-plugin==0.5.10 +PyYAML==6.0.2 +shacl2code==0.0.19 diff --git a/serialization/jsonld/annotations.ttl b/serialization/jsonld/annotations.ttl index 801f528932..5e3297df3d 100644 --- a/serialization/jsonld/annotations.ttl +++ b/serialization/jsonld/annotations.ttl @@ -1,4 +1,4 @@ -@base . +@base . @prefix sh-to-code: . ; diff --git a/setup.py b/setup.py index fb0bcd8210..4c7ae11e38 100644 --- a/setup.py +++ b/setup.py @@ -11,8 +11,8 @@ def read(fname): setup( name = "spdx_specification", - version = "3.0", - author = "Linux Foundation and SPDX Contributors", + version = "3.0.1", + author = "The Linux Foundation and SPDX Contributors", author_email = "spdx-tech@lists.spdx.org", description = ("The System Package Data Exchange (SPDX®) specification is an open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases."), license = "Community-Spec-1.0 AND CC-BY-3.0 AND MIT", @@ -20,7 +20,7 @@ def read(fname): url = "https://spdx.org", long_description=read('README.md'), classifiers=[ - "Topic :: Dcoumentation", + "Topic :: Documentation", ], python_requires='>=2.7.9,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*', ) diff --git a/submissions/ISO/README.md b/submissions/ISO/README.md new file mode 100644 index 0000000000..fad2742053 --- /dev/null +++ b/submissions/ISO/README.md @@ -0,0 +1,32 @@ + +Here are files that are only relevant to the production of the PDF +that will be submitted to ISO. + +The content here will be combined with the one in the `docs` directory +at the top of the repository. + +The structure of the PDF will include the following (in order): + +- TOC +- front/iso-foreword +- front/introduction + +- scope +- references +- symbols +- terms-and-definitions +- conformance +- serializations + +- model + +- annexes/rdf-model +- annexes/spdx-license-expressions +- annexes/license-matching-guidelines-and-templates +- annexes/spdx-lite +- annexes/pkg-url-specification +- annexes/changes-from-previous-iso + +- licenses/Community-Spec-1.0 +- licenses/CC-BY-3.0 + diff --git a/submissions/ISO/annexes/changes-from-previous-iso.md b/submissions/ISO/annexes/changes-from-previous-iso.md new file mode 100644 index 0000000000..8b44b99773 --- /dev/null +++ b/submissions/ISO/annexes/changes-from-previous-iso.md @@ -0,0 +1,14 @@ +# Changes from the previous version + +## Overview + +The previous published version of this standard was ISO/IEC 5962:2021(E), +titled "Information technology -- SPDX® Specification V2.2.1" +published by ISO (the International Organization for Standardization) +and IEC (the International Electrotechnical Commission) +in 2021. + +The present chapter outlines the changes that the current version +introduces related to that previous edition. + + diff --git a/submissions/ISO/front/iso-foreword.md b/submissions/ISO/front/iso-foreword.md new file mode 100644 index 0000000000..539149dd5d --- /dev/null +++ b/submissions/ISO/front/iso-foreword.md @@ -0,0 +1,52 @@ +# Foreword + +ISO (the International Organization for Standardization) and IEC (the +International Electrotechnical Commission) form the specialized system for +worldwide standardization. National bodies that are members of ISO or IEC +participate in the development of International Standards through technical +committees established by the respective organization to deal with particular +fields of technical activity. ISO and IEC technical committees collaborate in +fields of mutual interest. Other international organizations, governmental and +non-governmental, in liaison with ISO and IEC, also take part in the work. + +The procedures used to develop this document and those intended for its further +maintenance are described in the ISO/IEC Directives, Part 1. In particular, the +different approval criteria needed for the different types of document should +be noted (see +[www.iso.org/directives](https://www.iso.org/directives) or +[www.iec.ch/members_experts/refdocs](https://www.iec.ch/members_experts/refdocs)). + +Attention is drawn to the possibility that some of the elements of this +document may be the subject of patent rights. ISO and IEC shall not be held +responsible for identifying any or all such patent rights. Details of any +patent rights identified during the development of the document will be in the +Introduction and/or on the ISO list of patent declarations received +(see [www.iso.org/patents](https://www.iso.org/patents)) or the IEC list of +patent declarations received (see [patents.iec.ch](https://patents.iec.ch)). + +Any trade name used in this document is information given for the convenience +of users and does not constitute an endorsement. + +For an explanation of the voluntary nature of standards, the meaning of ISO +specific terms and expressions related to conformity assessment, as well as +information about ISO's adherence to the World Trade Organization (WTO) +principles in the Technical Barriers to Trade (TBT), see +[www.iso.org/iso/foreword.html](https://www.iso.org/iso/foreword.html). +In the IEC, see +[www.iec.ch/understanding-standards](https://www.iec.ch/understanding-standards). + +This document was prepared by +[The Linux Foundation](https://www.linuxfoundation.org/) and its Contributors +under the [SPDX Working Group](https://spdx.dev/) +(as SPDX® Specification v3.0.1) +and drafted in accordance with its editorial rules. +Its preparation and publication has been made in coordination with related +efforts with the [Object Management Group (OMG)](https://www.omg.org/). +It was adopted, under the JTC 1 PAS (“Publicly Available Specification”) +procedure, by +[Joint Technical Committee ISO/IEC JTC 1, Information technology](https://jtc1info.org/). + +Any feedback or questions on this document should be directed to the user’s +national standards body. A complete listing of these bodies can be found at +[www.iso.org/members.html](https://www.iso.org/members.html) and +[www.iec.ch/national-committees](https://www.iec.ch/national-committees). diff --git a/submissions/OMG/README.md b/submissions/OMG/README.md new file mode 100644 index 0000000000..7d95419b7d --- /dev/null +++ b/submissions/OMG/README.md @@ -0,0 +1,35 @@ + +Here are files that are only relevant to the production of the PDF +that will be submitted to OMG. + +The content here will be combined with the one in the `docs` directory +at the top of the repository. + +The structure of the PDF will include the following (in order): + +- front/cover +- front/second-page +- TOC +- front/introduction +- front/omg-preface + +- scope +- references +- symbols +- terms-and-definitions +- conformance +- serializations +- people + +- model + +- annexes/rdf-model +- annexes/spdx-license-expressions +- annexes/license-matching-guidelines-and-templates +- annexes/spdx-lite +- annexes/pkg-url-specification +- annexes/omg-history + +- licenses/Community-Spec-1.0 +- licenses/CC-BY-3.0 + diff --git a/submissions/OMG/annexes/omg-history.md b/submissions/OMG/annexes/omg-history.md new file mode 100644 index 0000000000..3b82307e2e --- /dev/null +++ b/submissions/OMG/annexes/omg-history.md @@ -0,0 +1,134 @@ +# History with OMG, Motivation and Rational (Informative) + +The OMG and CISQ involvement in developing this specification had its start due +to a need that came from the several years of work in the Department of +Commerce’s National Telecommunications and Information Administration (NTIA) in +creating an Initiative to Improve Software Component Transparency in July of +2018 [6]. That effort actually was the culmination of several earlier attempts +to get software transparency, updatability and bill of materials as +requirements in safety critical sectors like automotive and healthcare as early +as 2013/2014 [2, 3] with many talks and papers written for and against them and +discussions. With the launch of the NTIA Software Component Transparency +Initiative there was a major increase in the energy and coordination of those +proposing software bill of materials (SBOM) as a key element of communication +across the different participants in software supply chains. +These meetings, which started with a public meeting in Washington DC consisted +primarily of vendors of software and customers of those vendors. +It was this mix of participants that struck us that these efforts were missing +an important community member if they were to make SBOMs successful and useful +– they seemed to be missing the organizations who create the tools for +developing software. + +To address this gap, over the winter and spring of 2019, we crafted a market +analysis of the software development tooling ecosystem and documented usage +scenarios to drive the functionality needed for an SBOM standard usable by +tools to talk to other tools and bring speed and agility into the discussion of +software transparency and assurance about the information itself. This +information was used to present to the Systems Assurance Platform Task Force +(PTF) and the Architecture Driven Modernization PTF in March and June of 2019. +The paper “Standardizing SBOM within the SW Development Tooling Ecosystem”, +which captured this work, was later published by MITRE [1] and included 8 core +usage scenarios for SBOMs as well as a discussion of the various roles were in +the software creation tooling ecosystem. This paper and its various +pre-publication drafts were used as a discussion starter to garner interest and +participation in the Tool-to-Tool (3T) Software Bill of Materials Exchange +effort [4]. The 3T-SBOM Exchange effort was co-sponsored by CISQ and OMG and +launched in the fall of 2019 with three to four weekly meetings working the +various facets of SBOMs. Over the next two years the 3T-SBOM community, which +included over 30 organizations that develop and integrate software creation +tooling and infrastructure, developed a 3T-SBOM core model (shown in Figure 13) +in September of 2020 that had seven basic concepts connected together to +address the usage scenarios outlined for the project. + +![Figure 13 – 3T-SBOM draft core model (circa Sep 2020)](images/3tsbom-draft-core.png "Figure 13 – 3T-SBOM draft core model (circa Sep 2020)") +**Figure 13 – 3T-SBOM draft core model (circa Sep 2020)** + +While the 3T-SBOM community was working to develop their model, the work within +the NTIA Software Component Transparency effort also met in numerous weekly +virtual meetings to discuss the various aspects of SBOMs, their use, the roles +of different players in the lifecycle of an SBOM and the need to educate the +world about SBOMs. This was captured in the NTIA Software Bill Of Materials +web page. [7] + +In late 2020 and much of 2021 the world of software security turned its +attention to the software supply chain attack on the Solar Winds Corporation +[5] and the need to prevent similar types of attacks in the future. The United +States Government responded to this and other similar attacks by issuing +Executive Order 14028 in May 2021 [12] calling for stronger software security +practices for products used by the government and that the software have SBOMs +with them. The Executive Order required that “Within 60 days of the date of +this order, the Secretary of Commerce, in coordination with the Assistant +Secretary for Communications and Information and the Administrator of the +National Telecommunications and Information Administration, shall publish +minimum elements for an SBOM.” This was done leveraging the community work that +NTIA had been doing with industry for the past 34 months and set the new +requirements for SBOM capabilities. [11] + +Over the 2019-2020 timespan, some of the organization in the 3T-SBOM community +were also working within the Linux Foundation’s Software Package Data Exchange +(SPDX®) open-source effort to evolve their previous work. Started in 2010 to +help organizations developing software that planned to incorporate open source +software make sure that the licenses for that open source software were +appropriate for how the organizations planned to use them in their own +offerings, the SPDX community developed a series of software products, +specifications, and capabilities to address this area. The first published work +was a version 1.0 specification in August of 2011; followed by 1.1 version a +year later; a 1.2 version in October 2013; a 2.0 version in 2015; and 2.1 +version in 2016. The 2.2 version of the specification was published in 2020 to address the required SBOM minimum elements. The 2.2.1 version of SPDX specification was published through the Linux +Foundation’s new Joint Development Foundation and sent to ISO under the +Publicly Available Standard (PAS) process with it eventually being republished +as “ISO/IEC 5962:2021 - Information technology — SPDX®” in 2021. + +Through the common members in 3T-SBOM and the Linux Foundation’s SPDX effort +many of the concepts around SBOMs flowed back and forth between the two +resulting in a draft core model for SPDX 3.0 in September of 2020 that had the +same seven basic concepts connected together that were in the 3T-SBOM core +model. Figure 14 shows the state of the SPDX 3.0 core model at that time. + +![Figure 14 – SPDX 3.0 draft core model (circa Sep 2020)](images/spdx30-draft-core.png "Figure 14 – SPDX 3.0 draft core model (circa Sep 2020)") +**Figure 14 – SPDX 3.0 draft core model (circa Sep 2020)** + +The similarities and alignment of the two group’s work (shown in Figure 15 +below) was brought to the attention of both teams and after long discussions +about each other’s efforts, goals, and approach to creating a standard for +today, both agreed in principle to join together under the SPDX 3.0 label but +to make several changes in the way the SPDX community activities were run as +well as how the resulting specification would be vetted. + +![Figure 15 – Correspondence between 3T-SBOM and SPDX 3.0 draft models (circa Sep 2020)](images/3tsbom-spdx30-correspondence.png "Figure 15 – Correspondence between 3T-SBOM and SPDX 3.0 draft models (circa Sep 2020)") +**Figure 15 – Correspondence between 3T-SBOM and SPDX 3.0 draft models (circa +Sep 2020)** + +Specifically, the SPDX community revised their charter to align with the +processes of a Standards Development Organization, electing new chairs and +adding the OMG Architecture Board review as a gating factor in the publication +of SPDX 3.0 and subsequent versions. + +The merged activities of the two group slid together the beginning weeks of +2021 with activities generally moving forward but occasionally stalling while +the larger group worked through issues that one or the other hadn’t discussed +or had a different opinion about. Eventually, after releasing SPDX 2.3 in +August of 2022 with updates that brought some of the concepts and capabilities +slated for SPDX 3.0 to the community in preparation of the shift that SPDX 3.0 +represents, the first release candidate of SPDX 3.0 was released in May of +2023. Within the SPDX community, which is both a standards creation +organization as well as a community of open source developers, a release +candidate offers an opportunity for implementors of SPDX, both new and old, to +review the work and determine whether there were parts that were unclear or +that would be extremely burdensome to implement. + +Based on the comments and change requests from the initial candidate release +several areas of the model were revised and reworked, resulting in a release +candidate 2 of SPDX 3.0 in February of 2024. This release candidate will give +tool creators and those who maintain the support libraries for working with +SPDX time to start revising their projects in advance of the final version of +the specification. For those not following the inner workings, debates, and +discussion of the combined 3T-SBOM and SPDX 3.0 working group for the last 3 +years there will be a dramatic change in the SPDX model as it goes from SPDX +2.3 to SPDX 3.0, as shown by looking at Figure 16’s left-side (SPDX 2.3 model) +compared to its right-side (SPDX 3.0), shifting the SPDX name from Software +Package Data Exchange to System Package Data Exchange and the scope of items it +can convey in a bill of materials. + +![Figure 16 – SPDX 2.3 Model compared to the SPDX 3.0 Model](images/spdx23-spdx30-comparison.png "Figure 16 – SPDX 2.3 Model compared to the SPDX 3.0 Model") +**Figure 16 – SPDX 2.3 Model compared to the SPDX 3.0 Model** diff --git a/submissions/OMG/front/cover.md b/submissions/OMG/front/cover.md new file mode 100644 index 0000000000..3c4e2c6e97 --- /dev/null +++ b/submissions/OMG/front/cover.md @@ -0,0 +1,3 @@ + +# The System Package Data Exchange (SPDX) Specification Version 3.0.1 + diff --git a/docs/omg-preface.md b/submissions/OMG/front/omg-preface.md similarity index 100% rename from docs/omg-preface.md rename to submissions/OMG/front/omg-preface.md diff --git a/submissions/OMG/front/second-page.md b/submissions/OMG/front/second-page.md new file mode 100644 index 0000000000..4d99b09f6e --- /dev/null +++ b/submissions/OMG/front/second-page.md @@ -0,0 +1,31 @@ +# The System Package Data Exchange® (SPDX®) Specification Version 3.0.1 + +Copyright © 2010-2024, The Linux Foundation and its Contributors, +including SPDX Model contributions from OMG and its Contributors. + +## Use of Specification - Terms, Conditions & Notices + +This work is licensed under the +[Community Specification License 1.0](./licenses/Community-Spec-1.0.md) +(Community-Spec-1.0). +Pre-existing portions of this work from copyright holders who have not +subsequently contributed under the Community-Spec-1.0 are provided under +[Creative Commons Attribution License 3.0 Unported](./licenses/CC-BY-3.0.md) +(CC-BY-3.0). +Copies of these licenses are reproduced in their entirety herein. + +### Trademarks + +SPDX® is a registered trademark of The Linux Foundation. + +### Compliance + +Use of the SPDX trademarks is subject to the SPDX Trademark License, +currently available at +[SPDX Legal Notices page](https://spdx.dev/about/legal-notices/). + +Software developed under the terms of the licenses under which this +specification is issued may claim compliance or conformance with this +specification if and only if the software provider complies with the +SPDX Trademark License given above. + diff --git a/submissions/OMG/images/3tsbom-draft-core.png b/submissions/OMG/images/3tsbom-draft-core.png new file mode 100644 index 0000000000..33ff28c5c1 Binary files /dev/null and b/submissions/OMG/images/3tsbom-draft-core.png differ diff --git a/submissions/OMG/images/3tsbom-spdx30-correspondence.png b/submissions/OMG/images/3tsbom-spdx30-correspondence.png new file mode 100644 index 0000000000..999be5a5eb Binary files /dev/null and b/submissions/OMG/images/3tsbom-spdx30-correspondence.png differ diff --git a/submissions/OMG/images/spdx23-spdx30-comparison.png b/submissions/OMG/images/spdx23-spdx30-comparison.png new file mode 100644 index 0000000000..1307977b75 Binary files /dev/null and b/submissions/OMG/images/spdx23-spdx30-comparison.png differ diff --git a/submissions/OMG/images/spdx30-draft-core.png b/submissions/OMG/images/spdx30-draft-core.png new file mode 100644 index 0000000000..23fc15df72 Binary files /dev/null and b/submissions/OMG/images/spdx30-draft-core.png differ diff --git a/submissions/OMG/people.md b/submissions/OMG/people.md new file mode 100644 index 0000000000..33c9b7903e --- /dev/null +++ b/submissions/OMG/people.md @@ -0,0 +1,118 @@ +# Additional information + +## Author acknowledgements + +The following people authored this specification: + +Adam Cohn, +Adolfo García Veytia, +Alfred Strauch, +Alan Tse, +Alexios Zavras, +Andrew Back, +Ann Thornton, +Armin Tänzer, +Arthit Suriyawongkul, +Ayumi Watanabe, +Basil Peace, +Bill Schineller, +Bradlee Edmondson, +Brandon Lum, +Bruno Cornec, +Ciaran Farrell, +Daniel German, +David Edelsohn, +David Kemp, +David A. Wheeler, +Debra McGlade, +Dennis Clark, +Dick Brooks, +Ed Warnicke, +Eran Strod, +Eric Thomas, +Esteban Rockett, +Gary O'Neall, +Gopi Krishnan Rajbahadur, +Guillaume Rousseau, +Hassib Khanafer, +Henk Birkholz, +Hiroyuki Fukuchi, +Itaru Hosomi, +Jack Manbeck, +Jaime Garcia, +Jeff Licquia, +Jeff Luszcz, +Jeff Schutt, +Jilayne Lovejoy, +John Ellis, +Jonas Oberg, +Joshua Watt, +Kamsang Salima, +Karen Bennet, +Karen Copenhaver, +Kate Stewart, +Kevin Mitchell, +Kim Weins, +Kirsten Newcomer, +Kouki Hama, +Kris Reeves, +Liang Cao, +Lon Hohberger, +Marc-Etienne Vargenau, +Mark Gisi, +Marshall Clow, +Martin Michlmayr, +Martin von Willebrand, +Mark Atwood, +Matija Šuklje, +Matt Germonprez, +Maximilian Huber, +Meret Behrens, +Michael J. Herzog, +Michel Ruffin, +Nicole Pappler, +Nisha Kumar, +Nobuyuki Tanaka, +Norio Kobota, +Nuno Brito, +Oliver Fendt, +Paul Madick, +Peter Williams, +Phil Robb, +Philip Koltun, +Philip Odence, +Philippe Ombredanne, +Pierre Lapointe, +Rana Rahal, +Robert Martin, +Robin Gandhi, +Rose Judge, +Sam Ellis, +Sameer Ahmed, +Satoru Koizumi, +Scott K Peterson, +Scott Lamons, +Scott Sterling, +Sean Barnum, +Sebastian Crane, +Shane Coughlan, +Steve Cropper, +Steve Winslow, +Steven Carbno, +Stuart Hughes, +Takashi Ninjouji, +Thomas F. Incorvia, +Thomas Steenbergen, +Tom Callaway, +Tom Vidal, +Toru Taima, +Venkata Krishna, +W. Trevor King, +William Bartholomew, +Yev Bronshteyn, +Yoshiko Ouchi, +Yoshiyuki Ito, +Yuji Nomura, +Yumi Tomita, +and +Zachary McFarland. diff --git a/submissions/README.md b/submissions/README.md new file mode 100644 index 0000000000..75e3239bb8 --- /dev/null +++ b/submissions/README.md @@ -0,0 +1,6 @@ + +This directory holds content relevant to the submissions +of the Specification to various organizations. + +Please note that all the submissions happen only in PDF format. +