This repository was archived by the owner on Aug 27, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathclasses.json
236 lines (236 loc) · 10.7 KB
/
classes.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
[
{
"name": "Element",
"package": "Artifact",
"description": "This class is the abstract parent class of all the classes from the 3T-SBOM-EMS specifications who needs annotations, relationships, involvement in build process, .... It supports a graph-based approach to Software Bill of Material modeling where salient elements are the nodes of a graph, that can be related together. ",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Artifact-Element"
},
{
"name": "AbstractDocument",
"package": "Artifact",
"generalization": "Element",
"description": "This class is the abstract parent of all the classes representing the Software Bill of Material document:",
"compositionDescription": [
"The document themselves,",
"The references to external documents."],
"id": "3T-SBOM-EMS-Artifact-AbstractDocument"
},
{
"name": "Document",
"package": "Artifact",
"generalization": "AbstractDocument",
"description": "This class represents the Software Bill of Material document. Its function is dual:",
"compositionDescription": [
"Clearly identify the piece of software under consideration,",
"Be referenced to attach additional pieces of information pertaining to the considered piece of software."],
"id": "3T-SBOM-EMS-Artifact-Document"
},
{
"name": "ExternalDocumentRef",
"package": "Artifact",
"generalization": "AbstractDocument",
"description": "This class represents references to external Software Bill of Material documents. They can be needed:",
"compositionDescription": [
"To hint at documents detailing ReferencedArtifact elements,",
"To be used in Relationship elements,",
"..."],
"id": "3T-SBOM-EMS-Artifact-ExternalDocumentRef"
},
{
"name": "AbstractArtifact",
"package": "Artifact",
"generalization": "Element",
"description": "This abstract class represents the components, assets, ... detailed or referenced in the Software Bill of Material documents.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Artifact-AbstractArtifact"
},
{
"name": "Artifact",
"package": "Artifact",
"generalization": "AbstractArtifact",
"description": "This class represents the components, assets, ... detailed in the Software Bill of Material documents.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Artifact-Artifact"
},
{
"name": "ReferencedArtifact",
"package": "Artifact",
"generalization": "AbstractArtifact",
"description": "This class represents the components, assets, ... referenced in the Software Bill of Material documents.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Artifact-ReferencedArtifact"
},
{
"name": "Hash",
"package": "Artifact",
"description": "This class represents the hash value using the provided hash algorithm of the related content: a document, a source file, a binary file, ... The following special situations should be processed as described:",
"compositionDescription": [
"To compute the hash of an Artifact supported by the delivery of multiple physical files, the hash is computed as the hash of files' hash values, sorted alphabetically.",
"To compute the hash of an element whose identifier and content includes the hash information, the hash is computed as the hash of all the elements, excluding the identifier and content including the hash information."],
"id": "3T-SBOM-EMS-Artifact-Hash"
},
{
"name": "Signature",
"package": "Artifact",
"description": "This class represents the signature elements of the related document. To compute the signature of a Document, ...",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Artifact-Signature"
},
{
"name": "Relationship",
"package": "Relationship",
"description": "This class represents a relationship between two SBoM elements. It points at a source SBoM element and a target SBoM element, and indicates the nature of the relationship. It supports a graph-based approach to SBOM modeling where salient elements are the nodes of a graph, linked together via these relationships. Most of the time, these will be relationships between SBOM documents, but the 3T-SBOM-EMS model supports more advanced behaviors.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Relationship-Relationship"
},
{
"name": "AbstractFile",
"package": "Content",
"generalization": "Element",
"description": "This abstract class represents physical deliverable files detailed or referenced in the Software Bill of Material documents. It is composed of:",
"compositionDescription": [
"A name,",
"A relative path to identify the file within the root location of the parent package."
],
"id": "3T-SBOM-EMS-Content-AbstractFile"
},
{
"name": "File",
"package": "Content",
"generalization": "AbstractFile",
"description": "This class represents physical deliverable files detailed in the Software Bill of Material documents.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Content-File"
},
{
"name": "ReferencedFile",
"package": "Content",
"generalization": "AbstractFile",
"description": "This class represents physical deliverable files referenced in the Software Bill of Material documents. It must identify the ReferencedArtifact it is part of.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Content-ReferencedFile"
},
{
"name": "Snippet",
"package": "Content",
"generalization": "Element",
"description": "This class represents snippets of physical deliverable files. It is composed of:",
"compositionDescription": [
"A byte range,",
"When applicable, a line range."
],
"id": "3T-SBOM-EMS-Content-Snippet"
},
{
"name": "AbstractAnnotation",
"package": "Annotation",
"generalization": "Element",
"description": "This abstract class represents information to convey about the document, the document creation, the artifact, ... that is not part of the structured model. Annotations content can be part of the document or external, via a reference to external content. Annotation elements can be used to support:",
"compositionDescription": [
"Exchange of information that are not part of the specification but that are agreed upon between consumer and supplier of the document,",
"Information about artifact topics and technologies,",
"Data Marking",
"... "
],
"id": "3T-SBOM-EMS-Annotation-AbstractAnnotation"
},
{
"name": "Annotation",
"package": "Annotation",
"generalization": "AbstractAnnotation",
"description": "This class represents content included in the Software Bill of Material documents.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Annotation-Annotation"
},
{
"name": "ExternalAnnotation",
"package": "Annotation",
"generalization": "AbstractAnnotation",
"description": "This class represents external content referenced by the Software Bill of Material documents.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Annotation-ExternalAnnotation"
},
{
"name": "AbstractLicensingInformation",
"package": "Licensing",
"generalization": "Element",
"description": "This abstract class represents the detailed licensing information, detailing the Intellectual Property of the piece of software or of its constituant elements, as copyright or detailed licenses. It is designed to extend the SBoM document when the document data license attribute is not enough.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Licensing-AbstractLicensingInformation"
},
{
"name": "CopyrightInformation",
"package": "Licensing",
"generalization": "AbstractLicensingInformation",
"description": "This class represents the copyright information.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Licensing-CopyrightInformation"
},
{
"name": "LicenseInformation",
"package": "Licensing",
"generalization": "AbstractLicensingInformation",
"description": "This class represents the license information.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Licensing-LicenseInformation"
},
{
"name": "LicenseReference",
"package": "Licensing",
"generalization": "AbstractLicensingInformation",
"description": "This class represents a license reference, when the license is use is not standard.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Licensing-LicenseReference"
},
{
"name": "Activity",
"package": "Activity",
"generalization": "Element",
"description": "This class represents action performed during the production process of the piece of software, to build it or to ensure its quality or compliance. It is worth noting that:",
"compositionDescription": [
"The activity elements can be linked together via the relationships, supporting informative sequences of actions,",
"The activity elements can be linked together via the flow of materials and products, supporting detailed sequences of actions,",
"The activity elements can be linked to any other SBoM elements used as input or produced as output of the action. Most of the time, these will be file items, but the 3T-SBOM-EMS model supports more advanced behaviors."],
"id": "3T-SBOM-EMS-Activity-Activity"
},
{
"name": "Creation",
"package": "Activity",
"generalization": "Activity",
"description": "This class represents action performed to produce the piece of software, thus transforming the sofwtare.This covers the following activities:",
"compositionDescription": [
"Commits,",
"Compilations,",
"Builds,",
"..."
],
"id": "3T-SBOM-EMS-Activity-Creation"
},
{
"name": "Assessment",
"package": "Activity",
"generalization": "Activity",
"description": "This class represents action performed to ensure its quality or compliance, without transforming the software. This covers the following activities:",
"compositionDescription": [
"Code reviews,",
"Vulnerability scans,",
"..."
],
"id": "3T-SBOM-EMS-Activity-Assessment"
},
{
"name": "Run",
"package": "Activity",
"description": "This class represents run(s) of action performed during the production process of the piece of software, to build it or to ensure its quality or compliance.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Activity-Run"
},
{
"name": "Environment",
"package": "Activity",
"description": "This class represents the environment of the action performed during the production process of the piece of software, to build it or to ensure its quality or compliance.",
"compositionDescription": {},
"id": "3T-SBOM-EMS-Activity-Environment"
}
]