diff --git a/.github/workflows/validate-pr.yml b/.github/workflows/validate-pr.yml index 5ac62f70b..04bde731f 100644 --- a/.github/workflows/validate-pr.yml +++ b/.github/workflows/validate-pr.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: "3.12" diff --git a/CHANGELOG.md b/CHANGELOG.md index 94bd59dbd..9831a2320 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change Log -## 3.0.1 (under development - last update 2024-08-14) +## 3.0.1 (Unrelease - under development - last update 2024-09-25) ### Changes since 3.0 @@ -23,11 +23,24 @@ - **Added:** `adler32` entry to `Core/HashAlgorithm` - [#826](https://github.com/spdx/spdx-3-model/pull/826) - The Adler-32 checksum, previously available in SPDX 2.3, has been reintroduced. -- **Clarified:** `AI/autonomyType` property - [#741](https://github.com/spdx/spdx-3-model/pull/741) +- **Added:** `Core/SpdxOrganization` - [#880](https://github.com/spdx/spdx-3-model/pull/880) + - An `SpdxOrganization` individual, an Organization representing the SPDX + Project, is added. It is by definition the creator of all Element type individuals + defined by the SPDX Project. +- **Clarified:** `AI/autonomyType` - [#741](https://github.com/spdx/spdx-3-model/pull/741) - Specified the meaning of `yes`, `no`, and `noAssertion` values in the `AI/autonomyType` property description. +- **Clarified:** `Build/buildType` - [#875](https://github.com/spdx/spdx-3-model/pull/875) + - Its intent is added: "The buildType is used to interpret the meaning of + other build parameters by defining the "type" of build...". +- **Clarified:** `hasData` entry in `Core/RelationshipType` - [#815](https://github.com/spdx/spdx-3-model/pull/815) - **Improved:** JSON-LD examples. - All JSON-LD examples in the "Syntax" section of class descriptions are now - validated. + validated - [#794](https://github.com/spdx/spdx-3-model/pull/794) - Added JSON-LD examples for `AI/EnergyConsumption` and - `AI/EnergyConsumptionDescription`. + `AI/EnergyConsumptionDescription` - [#780](https://github.com/spdx/spdx-3-model/pull/780) +- **Updated:** Model diagrams. + - Use updated names + - Specify XSD data types + - All named individuals are removed - [#884](https://github.com/spdx/spdx-3-model/pull/884) +- General typos and formatting fixes diff --git a/images/model-core-software.png b/images/model-core-software.png index f278054dd..5f6c2f038 100644 Binary files a/images/model-core-software.png and b/images/model-core-software.png differ diff --git a/images/model-core-software.svg b/images/model-core-software.svg index 3b92c8fcc..073d1d0c4 100644 --- a/images/model-core-software.svg +++ b/images/model-core-software.svg @@ -1,4 +1,4 @@ -
profile Core
profile Core
Element Classes
Element Classes
Enumerations
Enumerations
Simple Data Types
Simple Data Types
profile Software
profile SoftwareElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
rootElementSnippet+ byteRange: PositiveIntegerRange[0..1]+ lineRange: PositiveIntegerRange[0..1]
+ snippetFromFile: File[1]
+ snippetFromFile: File[1]File+ /Core/contentType: MediaType[0..1]+ name: xsd:string[1]
+ fileKind: FileKindType[0..1]
+ fileKind: FileKindType[0..1]Package+ packageVersion: xsd:string[0..1]+ downloadLocation: xsd:anyURI[0..1]+ packageUrl: xsd:anyURI[0..1]+ homePage: xsd:anyURI[0..1]+ sourceInfo: xsd:string[0..1]
*
*
1
1
subject
subjectBomSbom
+ sbomType: SbomType[0..*]
+ sbomType: SbomType[0..*]
*
*
element
element
*
*Legend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]

ExternalRefType

altDownloadLocation

altWebPage

binaryArtifact

bower

buildMeta

buildSystem

certificationReport

chat

componentAnalysisReport

documentation

dynamicAnalysisReport

eolNotice

exportControlAssessment

funding

issueTracker

license

mailingList

mavenCentral

metrics

npm

nuget

other

privacyAssessment

productMetadata

purchaseOrder

qualityAssessmentReport

releaseHistory

releaseNotes

riskAssessment

runtimeAnalysisReport

secureSoftwareAttestation

securityAdvisory

securityAdversaryModel

securityFix

securityOther

securityPenTestReport

securityPolicy

securityThreatModel

socialMedia

sourceArtifact

staticAnalysisReport

support

vcs

vulnerabilityDisclosureReport

vulnerabilityExploitabilityAssessment


ExternalRefType...

AnnotationType

other

review

AnnotationType...

HashAlgorithm

adler32

blake2b256

blake2b384

blake2b512

blake3

crystalsDilithium

crystalsKyber

falcon

md2

md4

md5

md6

other

sha1

sha224

sha256 [default]

sha384

sha512

sha3_224

sha3_256

sha3_384

sha3_512

HashAlgorithm...

SoftwarePurpose

application

archive

bom

configuration

container

data

device

diskImage

deviceDriver

documentation

evidence

executable

file

filesystemImage

firmware

framework

install

library

manifest

model

module

operatingSystem

other

patch

platform

requirement

source

specification

test

SoftwarePurpose...

RelationshipType

Meta

amendedBy                    [Element -> Element]

describes                    [Element -> Element]

modifiedBy                   [Element -> Element]

other                        [Element -> Element] (comment)


Structure

contains                     [Element -> Element]


Behavioral

configures                   [Element -> Element]

delegatedTo                  [Element -> Element]

dependsOn                    [Element -> Element]


Pedigree

copiedTo                     [Element -> Element]

expandsTo                   [Artifact -> Artifact]

generates                   [Artifact -> Artifact]

hasAddedfile                 [Element -> Element]

hasDatafile                  [Element -> Element]

hasDeletedfile               [Element -> Element]


Provenance

ancestorOf                   [Element -> Element]

availableFrom                [Element -> Element]

descendantOf                 [Element -> Element]

variant                     [Artifact -> Artifact]


Serialization

serializedInArtifact    [SpdxDocument -> Artifact]


Build

hasDependencyManifest        [Element -> Element]

hasDistributionArtifact      [Element -> Element]

hasDocumentation             [Element -> Element]

hasDynamicLink               [Element -> Element]

hasExample                   [Element -> Element]

hasHost                        [Build -> Element]

hasInput                       [Build -> Element]

hasMetadata                  [Element -> Element]

hasOptionalComponent         [Element -> Element]

hasOptionalDependency        [Element -> Element]

hasOutput                      [Build -> Element]

hasPrerequisite              [Element -> Element]

hasProvidedDependency        [Element -> Element]

hasRequirement               [Element -> Element]

hasSpecification             [Element -> Element]

hasStaticLink                [Element -> Element]

hasTest                      [Element -> Element]

hasTestCase                  [Element -> Element]

hasVariant                   [Element -> Element]

invokedBy                    [Element -> Agent]

packagedBy                   [Element -> Element]

patchedBy                    [Element -> Element]

usesTool                     [Element -> Element]


Licensing

hasConcludedLicense [SoftwareArtifact -> AnyLicenseInfo]

hasDeclaredLicense  [SoftwareArtifact -> AnyLicenseInfo]


Security

affects                [Vulnerability -> Element]

doesNotAffect          [Vulnerability -> Element]

exploitCreatedBy       [Vulnerability -> Agent]

fixedBy                [Vulnerability -> Agent]

foundBy                [Vulnerability -> Agent]

hasAssessmentFor       [Vulnerability -> Element]

hasAssociatedVulnerability  [Artifact -> Vulnerability]

publishedBy            [Vulnerability -> Agent]

reportedBy             [Vulnerability -> Agent]

republishedBy          [Vulnerability -> Agent]

underInvestigationFor  [Vulnerability -> Element]


AI/Dataset

hasEvidence                  [Element -> Element]

testedOn                     [Element -> Element]

trainedOn                    [Element -> Element]


RelationshipType...

RelationshipCompleteness

complete [default]

incomplete

noAssertion


RelationshipCompleteness...Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]

ExternalIdentifierType

cpe22

cpe23

cve

email

getoid

other

packageUrl

securityOther

swhid

swid

urlScheme

ExternalIdentifierType...ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent

SbomType

analyzed

build

deployed

design

runtime

source

SbomType...
SoftwareArtifact
SoftwareArtifact+ contentIdentifier: ContentIdentifier[0..*]+ primaryPurpose: SoftwarePurpose[0..1]
+ additionalPurpose: SoftwarePurpose[0..*]
+ additionalPurpose: SoftwarePurpose[0.....
+ copyrightText: xsd:string[0..1]
+ copyrightText: xsd:string[0..1]
+ attributionText: xsd:string[0..*]
+ attributionText: xsd:string[0..*]
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...

ProfileIdentifierType

ai

build

core

dataset

expandedLicensing

extension

lite

security

simpleLicensing

software

ProfileIdentifierType...

LifecycleScopeType

build

design

development

other

runtime

test

LifecycleScopeType...

PresenceType

no

noAssertion

yes

PresenceType...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*]

SupportType

development

endOfSupport

limitedSupport

noSupport

noAssertion

support

SupportType...
Individuals
Individuals

FileKindType

directory

file

FileKindType...<<Individual>>NoAssertionElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion<<Individual>>NoneElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/None
https://spdx.org/rdf/3.0.1/terms/Core/None

ContentIdentifierType

gitoid

swhid

ContentIdentifierType...ContentIdentifier+ contentIdentifierType: ContentIdentifierType[1]+ contentIdentifierValue: xsd:anyURI[1] \ No newline at end of file +
profile Core
profile Core
Element Classes
Element Classes
Enumerations
Enumerations
Simple Data Types
Simple Data Types
profile Software
profile SoftwareElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
roo...Snippet+ byteRange: PositiveIntegerRange[0..1]+ lineRange: PositiveIntegerRange[0..1]
+ snippetFromFile: File[1]
+ snippetFromFile: File[1]File+ /Core/contentType: MediaType[0..1]+ name: xsd:string[1]
+ fileKind: FileKindType[0..1]
+ fileKind: FileKindType[0..1]Package+ packageVersion: xsd:string[0..1]+ downloadLocation: xsd:anyURI[0..1]+ packageUrl: xsd:anyURI[0..1]+ homePage: xsd:anyURI[0..1]+ sourceInfo: xsd:string[0..1]
*
*
1
1
subject
sub...BomSbom
+ sbomType: SbomType[0..*]
+ sbomType: SbomType[0..*]
*
*
element
ele...
*
*Legend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]

ExternalRefType

altDownloadLocation

altWebPage

binaryArtifact

bower

buildMeta

buildSystem

certificationReport

chat

componentAnalysisReport

documentation

dynamicAnalysisReport

eolNotice

exportControlAssessment

funding

issueTracker

license

mailingList

mavenCentral

metrics

npm

nuget

other

privacyAssessment

productMetadata

purchaseOrder

qualityAssessmentReport

releaseHistory

releaseNotes

riskAssessment

runtimeAnalysisReport

secureSoftwareAttestation

securityAdvisory

securityAdversaryModel

securityFix

securityOther

securityPenTestReport

securityPolicy

securityThreatModel

socialMedia

sourceArtifact

staticAnalysisReport

support

vcs

vulnerabilityDisclosureReport

vulnerabilityExploitabilityAssessment


ExternalRefType...

AnnotationType

other

review

AnnotationType...

HashAlgorithm

adler32

blake2b256

blake2b384

blake2b512

blake3

crystalsDilithium

crystalsKyber

falcon

md2

md4

md5

md6

other

sha1

sha224

sha256 [default]

sha384

sha512

sha3_224

sha3_256

sha3_384

sha3_512

HashAlgorithm...

SoftwarePurpose

application

archive

bom

configuration

container

data

device

diskImage

deviceDriver

documentation

evidence

executable

file

filesystemImage

firmware

framework

install

library

manifest

model

module

operatingSystem

other

patch

platform

requirement

source

specification

test

SoftwarePurpose...

RelationshipType

Meta

amendedBy                    [Element -> Element]

describes                    [Element -> Element]

modifiedBy                   [Element -> Element]

other                        [Element -> Element] (comment)


Structure

contains                     [Element -> Element]


Behavioral

configures                   [Element -> Element]

delegatedTo                  [Element -> Element]

dependsOn                    [Element -> Element]


Pedigree

copiedTo                     [Element -> Element]

expandsTo                   [Artifact -> Artifact]

generates                   [Artifact -> Artifact]

hasAddedfile                 [Element -> Element]

hasDatafile                  [Element -> Element]

hasDeletedfile               [Element -> Element]


Provenance

ancestorOf                   [Element -> Element]

availableFrom                [Element -> Element]

descendantOf                 [Element -> Element]

variant                     [Artifact -> Artifact]


Serialization

serializedInArtifact    [SpdxDocument -> Artifact]


Build

hasDependencyManifest        [Element -> Element]

hasDistributionArtifact      [Element -> Element]

hasDocumentation             [Element -> Element]

hasDynamicLink               [Element -> Element]

hasExample                   [Element -> Element]

hasHost                        [Build -> Element]

hasInput                       [Build -> Element]

hasMetadata                  [Element -> Element]

hasOptionalComponent         [Element -> Element]

hasOptionalDependency        [Element -> Element]

hasOutput                      [Build -> Element]

hasPrerequisite              [Element -> Element]

hasProvidedDependency        [Element -> Element]

hasRequirement               [Element -> Element]

hasSpecification             [Element -> Element]

hasStaticLink                [Element -> Element]

hasTest                      [Element -> Element]

hasTestCase                  [Element -> Element]

hasVariant                   [Element -> Element]

invokedBy                    [Element -> Agent]

packagedBy                   [Element -> Element]

patchedBy                    [Element -> Element]

usesTool                     [Element -> Element]


Licensing

hasConcludedLicense [SoftwareArtifact -> AnyLicenseInfo]

hasDeclaredLicense  [SoftwareArtifact -> AnyLicenseInfo]


Security

affects                [Vulnerability -> Element]

doesNotAffect          [Vulnerability -> Element]

exploitCreatedBy       [Vulnerability -> Agent]

fixedBy                [Vulnerability -> Agent]

foundBy                [Vulnerability -> Agent]

hasAssessmentFor       [Vulnerability -> Element]

hasAssociatedVulnerability  [Artifact -> Vulnerability]

publishedBy            [Vulnerability -> Agent]

reportedBy             [Vulnerability -> Agent]

republishedBy          [Vulnerability -> Agent]

underInvestigationFor  [Vulnerability -> Element]


AI/Dataset

hasEvidence                  [Element -> Element]

testedOn                     [Element -> Element]

trainedOn                    [Element -> Element]


RelationshipType...

RelationshipCompleteness

complete [default]

incomplete

noAssertion


RelationshipCompleteness...Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]

ExternalIdentifierType

cpe22

cpe23

cve

email

getoid

other

packageUrl

securityOther

swhid

swid

urlScheme

ExternalIdentifierType...ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent

SbomType

analyzed

build

deployed

design

runtime

source

SbomType...
SoftwareArtifact
SoftwareArtifact+ contentIdentifier: ContentIdentifier[0..*]+ primaryPurpose: SoftwarePurpose[0..1]
+ additionalPurpose: SoftwarePurpose[0..*]
+ additionalPurpose: SoftwarePurpose[0.....
+ copyrightText: xsd:string[0..1]
+ copyrightText: xsd:string[0..1]
+ attributionText: xsd:string[0..*]
+ attributionText: xsd:string[0..*]
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...

ProfileIdentifierType

ai

build

core

dataset

expandedLicensing

extension

lite

security

simpleLicensing

software

ProfileIdentifierType...

LifecycleScopeType

build

design

development

other

runtime

test

LifecycleScopeType...

PresenceType

no

noAssertion

yes

PresenceType...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*]

SupportType

development

endOfSupport

limitedSupport

noSupport

noAssertion

support

SupportType...

FileKindType

directory

file

FileKindType...

ContentIdentifierType

gitoid

swhid

ContentIdentifierType...ContentIdentifier+ contentIdentifierType: ContentIdentifierType[1]+ contentIdentifierValue: xsd:anyURI[1] \ No newline at end of file diff --git a/images/model-core.png b/images/model-core.png index 89ec41c87..d99b0a1b7 100644 Binary files a/images/model-core.png and b/images/model-core.png differ diff --git a/images/model-core.svg b/images/model-core.svg index 40a0dbb76..7f0c222af 100644 --- a/images/model-core.svg +++ b/images/model-core.svg @@ -1,4 +1,4 @@ -
profile Core
profile Core
Element Classes
Element Classes
Simple Data Types
Simple Data TypesElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
rootElement
*
*
1
1
subject
subjectBom
*
*
*
*
element
elementLegend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*]
Individuals
Individuals<<Individual>>NoAssertionElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion<<Individual>>NoneElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/None
https://spdx.org/rdf/3.0.1/terms/Core/None \ No newline at end of file +
profile Core
profile Core
Element Classes
Element Classes
Simple Data Types
Simple Data TypesElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
rootElement
*
*
1
1
subject
subjectBom
*
*
*
*
element
elementLegend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*] \ No newline at end of file diff --git a/images/model-licensing.png b/images/model-licensing.png index f80381e54..eb23d211a 100644 Binary files a/images/model-licensing.png and b/images/model-licensing.png differ diff --git a/images/model-licensing.svg b/images/model-licensing.svg index 440114a79..51a7af41d 100644 --- a/images/model-licensing.svg +++ b/images/model-licensing.svg @@ -1,4 +1,4 @@ -
profile Expanded Licensing
profile Expanded...
member
member
*
*
2..*
2..*DisjunctiveLicenseSet
profile Simple Licensing
profile Simple L...
profile Core
profile CoreElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]AnyLicenseInfoLicenseExpression
+ customIdToUri: DictionaryEntry[0..*]
+ customIdToUri: DictionaryEntry[0...+ licenseExpression: xsd:string[1]+ licenseListVersion: SemVer[0..1]
member
member
*
*
2..*
2..*ConjunctiveLicenseSetLicense
+ /SimpleLicensing/licenseText: xsd:string[1]
+ /SimpleLicensing/licenseText: xsd:stri...
+ isDeprecatedLicenseId: xsd:boolean[0..1]
+ isDeprecatedLicenseId: xsd:boolean[0.....
+ isFsfLibre: xsd:boolean[0..1]
+ isFsfLibre: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0....ExtendableLicenseCustomLicenseLicenseAddition
+ additionText: xsd:string[1]
+ additionText: xsd:string[1]
+ isDeprecatedAdditionId: xsd:boolean[0..1]
+ isDeprecatedAdditionId: xsd:boolean[0....
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardAdditionTemplate: xsd:string[0..1]
+ standardAdditionTemplate: xsd:string[0...CustomLicenseAdditionListedLicense
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0....
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0.....ListedLicenseException
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0....
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0.....OrLaterOperator
+ subjectLicense: License[1]
+ subjectLicense: License[1]WithAdditionOperator
+ subjectExtendableLicense: ExtendableLicense[1]
+ subjectExtendableLicense: ExtendableLicense[1]
subjectAddition
subjectAddition
1
1
*
*SimpleLicensingText
+ licenseText: xsd:string[1]
+ licenseText: xsd:string[1]IndividualLicensingInfo<<Individual>>NoAssertionLicense : IndividualLicensingInfo
https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion
https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion<<Individual>>NoneLicense : IndividualLicensingInfo
https://spdx.org/rdf/3.0.1/terms/Licensing/None
https://spdx.org/rdf/3.0.1/terms/Licensing/None \ No newline at end of file +
profile Expanded Licensing
profile Expanded...
member
member
*
*
2..*
2..*DisjunctiveLicenseSet
profile Simple Licensing
profile Simple L...
profile Core
profile CoreElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]AnyLicenseInfoLicenseExpression
+ customIdToUri: DictionaryEntry[0..*]
+ customIdToUri: DictionaryEntry[0...+ licenseExpression: xsd:string[1]+ licenseListVersion: SemVer[0..1]
member
member
*
*
2..*
2..*ConjunctiveLicenseSetLicense
+ /SimpleLicensing/licenseText: xsd:string[1]
+ /SimpleLicensing/licenseText: xsd:stri...
+ isDeprecatedLicenseId: xsd:boolean[0..1]
+ isDeprecatedLicenseId: xsd:boolean[0.....
+ isFsfLibre: xsd:boolean[0..1]
+ isFsfLibre: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0....ExtendableLicenseCustomLicenseLicenseAddition
+ additionText: xsd:string[1]
+ additionText: xsd:string[1]
+ isDeprecatedAdditionId: xsd:boolean[0..1]
+ isDeprecatedAdditionId: xsd:boolean[0....
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardAdditionTemplate: xsd:string[0..1]
+ standardAdditionTemplate: xsd:string[0...CustomLicenseAdditionListedLicense
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0...
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0....ListedLicenseException
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0...
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0....OrLaterOperator
+ subjectLicense: License[1]
+ subjectLicense: License[1]WithAdditionOperator
+ subjectExtendableLicense: ExtendableLicense[1]
+ subjectExtendableLicense: ExtendableLicense[1]
subjectAddition
subjectAddition
1
1
*
*SimpleLicensingText
+ licenseText: xsd:string[1]
+ licenseText: xsd:string[1]IndividualLicensingInfo \ No newline at end of file diff --git a/model.drawio b/model.drawio index 2984a72ab..4212a045b 100644 --- a/model.drawio +++ b/model.drawio @@ -1,17 +1,17 @@ - + - + - + - + @@ -278,10 +278,10 @@ - + - + @@ -405,13 +405,13 @@ - + - + @@ -561,7 +561,7 @@ - + @@ -588,43 +588,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1083,7 +1046,7 @@ - + @@ -1411,18 +1374,6 @@ - - - - - - - - - - - - @@ -2163,12 +2114,12 @@ - + - + @@ -2177,7 +2128,7 @@ - + @@ -2638,10 +2589,10 @@ - + - + @@ -2784,13 +2735,13 @@ - + - + @@ -2984,7 +2935,7 @@ - + @@ -3023,46 +2974,9 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/model/AI/AI.md b/model/AI/AI.md index 75b1449ee..eba7882eb 100644 --- a/model/AI/AI.md +++ b/model/AI/AI.md @@ -25,8 +25,7 @@ the following has to hold: 1. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as its `from` property - and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property. + and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. 2. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship` of type `hasDeclaredLicense` having that element as its `from` property - and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property. - + and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. diff --git a/model/Core/Datatypes/MediaType.md b/model/Core/Datatypes/MediaType.md index 294bc7774..d7ffc249f 100644 --- a/model/Core/Datatypes/MediaType.md +++ b/model/Core/Datatypes/MediaType.md @@ -5,7 +5,7 @@ SPDX-License-Identifier: Community-Spec-1.0 ## Summary Standardized way of indicating the type of content of an Element or a Property. -A String constrained to the RFC 2046 specificiation. +A String constrained to the RFC 2046 specification. ## Description diff --git a/model/Core/Individuals/NoAssertionElement.md b/model/Core/Individuals/NoAssertionElement.md index bc7609f61..901348641 100644 --- a/model/Core/Individuals/NoAssertionElement.md +++ b/model/Core/Individuals/NoAssertionElement.md @@ -23,7 +23,7 @@ For example, a Relationship with and `to`=NoAssertionElement is explicitly expressing that -no assertion is being made about any potential descendents of Element1. +no assertion is being made about any potential descendants of Element1. ## Metadata diff --git a/model/Core/Individuals/NoneElement.md b/model/Core/Individuals/NoneElement.md index 0872c6845..d0764863e 100644 --- a/model/Core/Individuals/NoneElement.md +++ b/model/Core/Individuals/NoneElement.md @@ -17,7 +17,7 @@ For example, a Relationship with `from`=Element1, and `to`=NoneElement is explicitly expressing an assertion that -Element1 has no descendents. +Element1 has no descendants. ## Metadata diff --git a/model/Core/Individuals/SpdxOrganization.md b/model/Core/Individuals/SpdxOrganization.md index 42c880444..3d0d5a689 100644 --- a/model/Core/Individuals/SpdxOrganization.md +++ b/model/Core/Individuals/SpdxOrganization.md @@ -9,7 +9,8 @@ An Organization representing the SPDX Project. ## Description SpdxOrganization is an Organization representing the SPDX Project. -It is by definition the creator of all individuals defined by the SPDX Project. +It is by definition the creator of all Element type individuals defined by +the SPDX Project. These individuals include licences and exceptions defined in the SPDX License List, as well as individuals defined in the specification. diff --git a/model/Dataset/Dataset.md b/model/Dataset/Dataset.md index f1f3e77e1..6585cae6a 100644 --- a/model/Dataset/Dataset.md +++ b/model/Dataset/Dataset.md @@ -24,9 +24,9 @@ the following has to hold: 1. for every `/Dataset/DatasetPackage` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as its - `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. 2. for every `/Dataset/DatasetPackage` there MUST exist exactly one `/Core/Relationship` of type `hasDeclaredLicense` having that element as its - `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. diff --git a/model/Licensing/Licensing.md b/model/Licensing/Licensing.md index 21bf84991..701159077 100644 --- a/model/Licensing/Licensing.md +++ b/model/Licensing/Licensing.md @@ -119,5 +119,5 @@ the following has to hold: 1. for every `/Software/SoftwareArtifact` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as - its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. diff --git a/model/Lite/Lite.md b/model/Lite/Lite.md index aa345bacd..327a2b32c 100644 --- a/model/Lite/Lite.md +++ b/model/Lite/Lite.md @@ -40,11 +40,11 @@ Additionally: 1. for every `/Software/Package` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as - its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. 2. for every `/Software/Package` there MUST exist exactly one `/Core/Relationship` of type `hasDeclaredLicense` having that element as its - `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. For a `/Core/SpdxDocument` to be conformant with this profile, the following has to hold: diff --git a/model/Security/Classes/VexVulnAssessmentRelationship.md b/model/Security/Classes/VexVulnAssessmentRelationship.md index 9e76cfe4c..49644fb24 100644 --- a/model/Security/Classes/VexVulnAssessmentRelationship.md +++ b/model/Security/Classes/VexVulnAssessmentRelationship.md @@ -4,7 +4,7 @@ SPDX-License-Identifier: Community-Spec-1.0 ## Summary -Asbtract ancestor class for all VEX relationships +Abstract ancestor class for all VEX relationships ## Description @@ -17,10 +17,10 @@ When linking elements using a VexVulnAssessmentRelationship, the following requirements must be observed: - The from: end must be a /Security/Vulnerability classed element -- The to: end must point to elements representing the VEX _products_. +- The to: end must point to elements representing the VEX *products*. To specify a different element where the vulnerability was detected, the VEX -relationship can optionally specify _subcomponents_ using the assessedElement +relationship can optionally specify *subcomponents* using the assessedElement property. VEX inherits information from the document level down to its statements. When a