APIs.io Engineering Platform · Schema
Dependency Graph SPDX SBOM
A schema for the SPDX JSON format returned by the Dependency Graph.
APIs.ioEngineeringPlatform
Properties
| Name | Type | Description |
|---|---|---|
| sbom | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/dependency-graph-spdx-sbom",
"title": "Dependency Graph SPDX SBOM",
"description": "A schema for the SPDX JSON format returned by the Dependency Graph.",
"type": "object",
"properties": {
"sbom": {
"type": "object",
"properties": {
"SPDXID": {
"type": "string",
"example": "SPDXRef-DOCUMENT",
"description": "The SPDX identifier for the SPDX document."
},
"spdxVersion": {
"type": "string",
"example": "SPDX-2.3",
"description": "The version of the SPDX specification that this document conforms to."
},
"creationInfo": {
"type": "object",
"properties": {
"created": {
"type": "string",
"example": "2021-11-03T00:00:00Z",
"description": "The date and time the SPDX document was created."
},
"creators": {
"type": "array",
"items": {
"type": "string",
"example": "GitHub"
},
"description": "The tools that were used to generate the SPDX document."
}
},
"required": [
"created",
"creators"
]
},
"name": {
"type": "string",
"example": "github/github",
"description": "The name of the SPDX document."
},
"dataLicense": {
"type": "string",
"example": "CC0-1.0",
"description": "The license under which the SPDX document is licensed."
},
"documentDescribes": {
"type": "array",
"items": {
"type": "string",
"example": "github/github"
},
"description": "The name of the repository that the SPDX document describes."
},
"documentNamespace": {
"type": "string",
"example": "https://github.com/example/dependency_graph/sbom-123",
"description": "The namespace for the SPDX document."
},
"packages": {
"type": "array",
"items": {
"type": "object",
"properties": {
"SPDXID": {
"type": "string",
"example": "SPDXRef-Package",
"description": "A unique SPDX identifier for the package."
},
"name": {
"type": "string",
"example": "rubygems:github/github",
"description": "The name of the package."
},
"versionInfo": {
"type": "string",
"example": "1.0.0",
"description": "The version of the package. If the package does not have an exact version specified,\na version range is given."
},
"downloadLocation": {
"type": "string",
"example": "NOASSERTION",
"description": "The location where the package can be downloaded,\nor NOASSERTION if this has not been determined."
},
"filesAnalyzed": {
"type": "boolean",
"example": false,
"description": "Whether the package's file content has been subjected to\nanalysis during the creation of the SPDX document."
},
"licenseConcluded": {
"type": "string",
"example": "MIT",
"description": "The license of the package as determined while creating the SPDX document."
},
"licenseDeclared": {
"type": "string",
"example": "NOASSERTION",
"description": "The license of the package as declared by its author, or NOASSERTION if this information\nwas not available when the SPDX document was created."
},
"supplier": {
"type": "string",
"example": "NOASSERTION",
"description": "The distribution source of this package, or NOASSERTION if this was not determined."
},
"copyrightText": {
"type": "string",
"example": "Copyright (c) 1985 GitHub.com",
"description": "The copyright holders of the package, and any dates present with those notices, if available."
},
"externalRefs": {
"type": "array",
"items": {
"type": "object",
"properties": {
"referenceCategory": {
"type": "string",
"example": "PACKAGE-MANAGER",
"description": "The category of reference to an external resource this reference refers to."
},
"referenceLocator": {
"type": "string",
"example": "pkg:gem/[email protected]",
"description": "A locator for the particular external resource this reference refers to."
},
"referenceType": {
"type": "string",
"example": "purl",
"description": "The category of reference to an external resource this reference refers to."
}
},
"required": [
"referenceCategory",
"referenceLocator",
"referenceType"
]
}
}
}
},
"required": [
"SPDXID",
"name",
"versionInfo",
"downloadLocation",
"filesAnalyzed",
"licenseConcluded",
"licenseDeclared",
"supplier"
]
}
},
"required": [
"SPDXID",
"spdxVersion",
"creationInfo",
"name",
"dataLicense",
"documentDescribes",
"documentNamespace",
"packages"
]
}
},
"required": [
"sbom"
]
}