Skip to content
/ cyclonedx-property-taxonomy Public

CycloneDX Property Taxonomy for the 'siemens' namespace

License

Apache-2.0 license
6 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

siemens/cyclonedx-property-taxonomy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Siemens CycloneDX Property Taxonomy, v1.3.0

This is the official Siemens property taxonomy for CycloneDX.

For more information about CycloneDX property taxonomies, refer to their official documentation.

Property Description Scope
siemens:direct A flag indicating whether the component is a direct dependency (true) or a transitive dependency (false). components[]
siemens:filename The simple file name of the component, without path. For example, the simple name of a JAR file. components[]
siemens:internal A flag indicating whether the component is an internal ("in-house") component (true) or not (false). components[] or metadata/component
siemens:legalRemark Pass-through free text for legal remarks that need to be included in attribution information. A "legal remark" is provided by the people creating the SBOM, normally the team behind the product described by the SBOM. components[]
siemens:primaryLanguage Indicates the primary programming language the artifact is written in. components[]
siemens:profile A Siemens-internal declaration which indicates the use case for this SBOM. Depending on the profile, Siemens-internal validation tooling will expect different fields to be present or not present in the SBOM. metadata
siemens:sbomNature Used to indicate the nature of the entire SBOM document. Possible values are:
  • binary – The SBOM contains binary components.
  • source – The SBOM contains source components.
This property is mostly relevant for package ecosystems that have this distinction, like Debian or RPM.		 metadata
siemens:thirdPartyNotices The contents of all third-party notices found for the component, if any. Note that this is not the path to the notice files, but the actual notice text (which may be quite a lot of text). Third-party notices are provided by the component's author.
Since CycloneDX allows only a single String value for this, we separate different notice files by two consecutive line feeds.		 components[]
siemens:vcsClean A flag (true or false) indicating whether the Git workspace was clean when the SBOM was created, i.e. all changes had been committed. metadata or metadata/component
siemens:vcsRevision The most recent VCS hash, for example a Git commit hash. Together with siemens:vcsClean, this additional value allows ensuring accurate reproducibility of the SBOM. metadata or metadata/component

The Scope column describes which properties section is the intended location for the property. For example, a scope of metadata means that the property is intended for use in metadata/properties. This is meant as a recommendation only.

Contributing

These properties are maintained by Siemens. Feel free to raise an issue if you have any questions.

License

Copyright 2022 Siemens AG.

Licensed under Apache License 2.0.

About

CycloneDX Property Taxonomy for the 'siemens' namespace

Topics

software-bill-of-materials sbom cyclonedx

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

6 stars

Watchers

8 watching

Forks

2 forks
Report repository

Releases 1

v1.3.0 Latest
Jun 21, 2024

Contributors 2

  •  
  •