diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..ff70475 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "maven" + cooldown: + default-days: 7 + directory: "/" + schedule: + interval: "weekly" + labels: + - "dependencies" diff --git a/.github/workflows/docker_deploy.yml b/.github/workflows/docker_deploy.yml index 55ce713..f35157a 100644 --- a/.github/workflows/docker_deploy.yml +++ b/.github/workflows/docker_deploy.yml @@ -6,9 +6,14 @@ name: Docker Build on: + workflow_dispatch: + pull_request: + paths: + - Dockerfile + - .github/workflows/docker_deploy.yml push: paths-ignore: - - "**.md" + - '**.md' tags: - 'v*' env: @@ -24,22 +29,16 @@ jobs: steps: - name: Checkout main repository - uses: actions/checkout@v3 + uses: actions/checkout@v5 - - name: Set environment variables - run: | - echo "ORG_BASE_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV - echo "TOOLS_JAVA_VERSION=${GITHUB_REF_NAME/v/}" >> $GITHUB_ENV - - name: Echoing current version - run: | - echo "$TOOLS_JAVA_VERSION" - echo $GITHUB_REF_NAME + - name: Setup QEMU + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -47,19 +46,23 @@ jobs: - name: Extract components metadata id: meta_base - uses: docker/metadata-action@v4 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v51.0.0 with: images: | - ${{ env.REGISTRY }}/${{ env.ORG_BASE_NAME }}/tools-java + ${{ env.REGISTRY }}/${{ github.repository }} + tags: | + type=ref,event=tag + type=semver,pattern={{version}} + type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }} + labels: org.opencontainers.image.licenses=Apache-2.0 - name: Build Container - uses: docker/build-push-action@v3 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . - push: true + push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }} load: false - build-args: | - TOOLS_JAVA_VERSION=${{ env.TOOLS_JAVA_VERSION }} + platforms: linux/amd64,linux/arm64 tags: | ${{ steps.meta_base.outputs.tags }} labels: ${{ steps.meta_base.outputs.labels }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..ff52f75 --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,36 @@ +name: Generate and publish API JavaDocs + +on: + push: + branches: [ master ] + +jobs: + docs: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + + - name: Set up JDK + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + with: + distribution: 'temurin' + java-version: 17 + + - name: Cache Maven packages + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + + - name: Generate docs + run: mvn javadoc:javadoc + + - name: Deploy docs + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./target/reports/apidocs diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c4a6f5f..096ae67 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -22,11 +22,11 @@ If you would like to work on a fix for any issue, please assign the issue to you Patches ------- -The source code for `spdx-tools` is hosted on [github.com/spdx/tools-java](https://github.com/spdx/tools-java). Please review [open pull requests](https://github.com/spdx/tools-java/pulls) and [active branches](https://github.com/spdx/tools-java/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. +The source code for `tools-java` is hosted on [github.com/spdx/tools-java](https://github.com/spdx/tools-java). Please review [open pull requests](https://github.com/spdx/tools-java/pulls) and [active branches](https://github.com/spdx/tools-java/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. To submit a patch via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. -To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.0"). +To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.1"). Once implemented, submit a pull request with `spec/X.X` branch as the parent branch. diff --git a/Dockerfile b/Dockerfile index df1be6a..9b37ffb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,21 @@ # syntax=docker/dockerfile:1.4 # Set Java versions -ARG JAVA_VERSION=17 +ARG JAVA_VERSION=21 # Use Maven eclipse Temurin based -FROM maven:3.8-eclipse-temurin-$JAVA_VERSION as build - -ARG TOOLS_JAVA_VERSION=1.1.5-SNAPSHOT +FROM maven:3.9-eclipse-temurin-$JAVA_VERSION as build WORKDIR /build # BUILD RUN --mount=type=cache,target=/root/.m2 \ --mount=type=bind,source=$PWD,target=/build,rw \ - mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ + export TOOLS_JAVA_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) \ + && mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ && mkdir -p /usr/lib/java/spdx \ && cp target/tools-java-$TOOLS_JAVA_VERSION-jar-with-dependencies.jar /usr/lib/java/spdx/ - # Configure the wrapper script COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java @@ -25,11 +23,10 @@ COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java RUN sed -i "s/@@VERSION@@/$TOOLS_JAVA_VERSION/g" /usr/bin/tools-java \ && chmod +x /usr/bin/tools-java - # Deploy image FROM eclipse-temurin:$JAVA_VERSION as run COPY --from=build /usr/lib/java/spdx /usr/lib/java/spdx COPY --from=build /usr/bin/tools-java /usr/bin/tools-java -ENTRYPOINT [ "/usr/bin/tools-java" ] \ No newline at end of file +ENTRYPOINT [ "/usr/bin/tools-java" ] diff --git a/README.md b/README.md index 0c9b5e6..93713aa 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # SPDX Tools +[![Maven Central Version](https://img.shields.io/maven-central/v/org.spdx/tools-java)](https://central.sonatype.com/artifact/org.spdx/tools-java) [![javadoc](https://javadoc.io/badge2/org.spdx/tools-java/javadoc.svg)](https://javadoc.io/doc/org.spdx/tools-java) A command-line utility for creating, converting, comparing, @@ -26,7 +27,7 @@ This utility supports versions 2.0, 2.1, 2.2, 2.3 and 3.0.1 of the SPDX specific ## Getting Starting -The SPDX Tools binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://search.maven.org/artifact/org.spdx/tools-java) (organization org.spdx, artifact tools-java). +The SPDX Tools binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://central.sonatype.com/artifact/org.spdx/tools-java) (organization `org.spdx`, artifact `tools-java`). See the Syntax section below for the commands available. @@ -36,7 +37,7 @@ If you are a developer, there are examples in the [examples folder](examples/org The command line interface of the SPDX Tools can be used like this: - java -jar tools-java-2.0.1-jar-with-dependencies.jar + java -jar tools-java-2.0.5-jar-with-dependencies.jar ## SPDX format converters @@ -53,18 +54,18 @@ The following converter tools support SPDX format: Example to convert a SPDX file from Tag to RDF format: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: -* use the file extension `.jsonld.json` or `.jsonld`; +* use the file extension `.spdx3.json` or `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities @@ -74,13 +75,13 @@ The following tools can be used to compare one or more SPDX documents: Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - java -jar tools-java-2.0.1-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.5-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN * CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.1-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.5-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer @@ -90,7 +91,7 @@ The following tool can be used to "Pretty Print" an SPDX document. Sample usage: - java -jar tools-java-2.0.1-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier @@ -100,7 +101,7 @@ The following tool can be used to verify an SPDX document: Sample usage: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators @@ -110,11 +111,13 @@ The following tool can be used to generate an SPDX verification code from a dire Sample usage: - java -jar tools-java-2.0.1-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.5-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool -The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. The [SPDX Validation Tool](https://tools.spdx.org/app/validate/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. +The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. + +The [SPDX Online Tools](https://tools.spdx.org/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. ## License diff --git a/dependency-check-supress.xml b/dependency-check-supress.xml index 442d77a..0eb63bd 100644 --- a/dependency-check-supress.xml +++ b/dependency-check-supress.xml @@ -1,4 +1,19 @@ - + + + ^pkg:maven/com\.ibm\.icu/icu4j@.*$ + CVE-2025-5222 + + + + ^pkg:maven/org\.spdx/spdx-java-model-2_X@.*$ + cpe:/a:x.org:x.org + \ No newline at end of file diff --git a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java index 584fdce..093dd7b 100644 --- a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java @@ -30,9 +30,9 @@ * for this example is assumed to be JSON (e.g. the output of the SimpleSpdxDocumentV2Compat example). * Different format can be used by using the associated store rather than the spdx-jackson store * (e.g. spdx-spreadsheet-store, spdx-tagvalue-store, or the spdx-rdf-store). - * + *

* This example depends on the Spdx-Java-Library and the spdx-java-jackson store libraries - * + *

* @author Gary O'Neall */ public class ExistingSpdxDocumentV2Compat { diff --git a/examples/org/spdx/examples/ExpandedLicenseExampleV3.java b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java new file mode 100644 index 0000000..5b07d11 --- /dev/null +++ b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java @@ -0,0 +1,189 @@ +/** + * SPDX-FileContributor: Gary O'Neall + * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + *
+ * Example of serializing a single expanded license + */ + +package org.spdx.examples; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion.VersionFlag; +import com.networknt.schema.ValidationMessage; +import org.spdx.core.DefaultModelStore; +import org.spdx.core.IModelCopyManager; +import org.spdx.library.LicenseInfoFactory; +import org.spdx.library.ModelCopyManager; +import org.spdx.library.SpdxModelFactory; +import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; +import org.spdx.library.model.v3_0_1.core.CreationInfo; +import org.spdx.library.model.v3_0_1.core.Element; +import org.spdx.library.model.v3_0_1.core.ProfileIdentifierType; +import org.spdx.library.model.v3_0_1.core.SpdxDocument; +import org.spdx.library.model.v3_0_1.expandedlicensing.ExtendableLicense; +import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; +import org.spdx.storage.IModelStore; +import org.spdx.storage.simple.InMemSpdxStore; +import org.spdx.tools.Verify; +import org.spdx.v3jsonldstore.JsonLDStore; + +import java.io.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Set; + +import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; + +/** + * Simple example serializing a single expanded license + */ +public class ExpandedLicenseExampleV3 { + + static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); + + /** + * @param args args[0] is the file path for the output serialized file + */ + public static void main(String[] args) throws Exception { + if (args.length != 1) { + usage(); + System.exit(1); + } + File outFile = new File(args[0]); + if (outFile.exists()) { + System.out.printf("%s already exists.\n", args[0]); + System.exit(1); + } + if (!outFile.createNewFile()) { + System.out.printf("Unable to create file %s\n", args[0]); + System.exit(1); + } + if (!outFile.canWrite()) { + System.out.printf("Can not write to file %s\n", args[0]); + System.exit(1); + } + SpdxModelFactory.init(); + IModelCopyManager copyManager = new ModelCopyManager(); + try (JsonLDStore modelStore = new JsonLDStore(new InMemSpdxStore())) { + modelStore.setUseExternalListedElements(true); // setting this to false will include all the listed license details in the document + String defaultDocUri = "https://spdx.github.io/spdx-spec/v3.0.1/examples/complex-license-eaa46bdcfa20"; + String prefix = defaultDocUri + "#"; + DefaultModelStore.initialize(modelStore, defaultDocUri, copyManager); + CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( + modelStore, prefix + "garyagent", "Gary O'Neall", + copyManager); + SpdxDocument doc = creationInfo.createSpdxDocument(prefix + "document") + .setDataLicense(LicenseInfoFactory.getListedLicenseById("CC0")) + .addNamespaceMap(creationInfo.createNamespaceMap(modelStore.getNextId(IModelStore.IdType.Anonymous)) + .setNamespace(prefix) + .setPrefix("example") + .build()) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.setIdPrefix(prefix); + AnyLicenseInfo complexLicense = doc.createConjunctiveLicenseSet(prefix + "complexlicense") + // CustomLicense + .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense1") + .setLicenseText("This is the license text for my custom license") + .setName("Gary's Custom License") + .addSeeAlso("https://example.com") + .build()) + // OrLaterOperator + .addMember(doc.createOrLaterOperator(prefix + "complexorlater") + // ListedLicense + .setSubjectLicense(doc.createListedLicense("http://spdx.org/licenses/EPL-1.0") + .setName("Eclipse Public License 1.0") + .setLicenseText("Eclipse Public License - v 1.0\n\nTHE ACCOMPANYING PROGRAM IS PROVIDED" + + " UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION " + + "OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENTS ACCEPTANCE OF THIS AGREEMENT.\n\n1. " + + "DEFINITIONS\n\n\"Contribution\" means:\n a) in the case of the initial Contributor...") + .setIsFsfLibre(true) + .setComment("EPL replaced the CPL on 28 June 2005.") + .addSeeAlso("https://opensource.org/licenses/EPL-1.0") + .build()) + .build()) + // DisjunctiveLicenseSet + .addMember(doc.createDisjunctiveLicenseSet(prefix + "complexdisjunctive") + // WithAdditionOperator + .addMember(doc.createWithAdditionOperator(prefix + "complexwith") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("GPL-2.0-or-later")) + // ListedLicenseException + .setSubjectAddition(doc.createListedLicenseException("http://spdx.org/licenses/Autoconf-exception-2.0") + .setName("Autoconf exception 2.0") + .setComment("Typically used with GPL-2.0-only or GPL-2.0-or-later") + .setAdditionText("As a special exception, the Free Software Foundation gives unlimited " + + "permission to copy, distribute and modify the ...") + .addSeeAlso("http://ftp.gnu.org/gnu/autoconf/autoconf-2.59.tar.gz") + .build()) + .build()) + .addMember(doc.createWithAdditionOperator(prefix + "complexwithcustomaddition") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0")) + // CustomLicenseAddition + .setSubjectAddition(doc.createCustomLicenseAddition(prefix + "complexcustomaddition") + .setName("My License Addition") + .setAdditionText("Custom addition text - just for me") + .addSeeAlso("https://example.com") + .build()) + .build()) + // ExtendableLicense - Abstract + // IndividualLicensingInfo - used by listed license + // License - Abstract + .addMember(LicenseInfoFactory.parseSPDXLicenseString("MIT")) + .build()) + .build(); + doc.getRootElements().add(complexLicense); + doc.getElements().add(complexLicense); + List warnings = new ArrayList<>(); + Collection docElements = doc.getElements(); + SpdxModelFactory.getSpdxObjects(modelStore, copyManager, null, null, prefix).forEach( + modelObject -> { + if (modelObject instanceof Element) { + Element element = (Element)modelObject; + if (!docElements.contains(element) && !element.equals(doc)) { + warnings.add("Element not in the document elements: " + element.getObjectUri()); + docElements.add(element); + } + } + } + ); + warnings.addAll(complexLicense.verify()); + try (OutputStream outStream = new FileOutputStream(outFile)) { + modelStore.serialize(outStream, doc); + } + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); + JsonSchema schema; + try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { + schema = jsonSchemaFactory.getSchema(is); + } + JsonNode root; + try (InputStream is = new FileInputStream(outFile)) { + root = JSON_MAPPER.readTree(is); + } + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { + warnings.add(msg.toString()); + } + if (!warnings.isEmpty()) { + System.out.println("Generated document contains the following warnings:"); + for (String warning:warnings) { + System.out.print("\t"); + System.out.println(warning); + } + } + } + } + + private static void usage() { + System.out.println("Generates an SPDX JSON-LD file containing all of the supported classes."); + System.out.println("Usage: FullSpdxV3Example outputfile"); + } +} diff --git a/examples/org/spdx/examples/FullSpdxV3Example.java b/examples/org/spdx/examples/FullSpdxV3Example.java new file mode 100644 index 0000000..132b3a6 --- /dev/null +++ b/examples/org/spdx/examples/FullSpdxV3Example.java @@ -0,0 +1,868 @@ +/** + * SPDX-FileContributor: Gary O'Neall + * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + *
+ * Full example of an SPDX document using all classes + */ + +package org.spdx.examples; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion.VersionFlag; +import com.networknt.schema.ValidationMessage; +import org.spdx.core.DefaultModelStore; +import org.spdx.core.IModelCopyManager; +import org.spdx.core.InvalidSPDXAnalysisException; +import org.spdx.library.LicenseInfoFactory; +import org.spdx.library.ModelCopyManager; +import org.spdx.library.SpdxModelFactory; +import org.spdx.library.model.v2.SpdxConstantsCompatV2; +import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; +import org.spdx.library.model.v3_0_1.ai.AIPackage; +import org.spdx.library.model.v3_0_1.ai.EnergyUnitType; +import org.spdx.library.model.v3_0_1.ai.SafetyRiskAssessmentType; +import org.spdx.library.model.v3_0_1.build.Build; +import org.spdx.library.model.v3_0_1.core.*; +import org.spdx.library.model.v3_0_1.dataset.ConfidentialityLevelType; +import org.spdx.library.model.v3_0_1.dataset.DatasetAvailabilityType; +import org.spdx.library.model.v3_0_1.dataset.DatasetPackage; +import org.spdx.library.model.v3_0_1.dataset.DatasetType; +import org.spdx.library.model.v3_0_1.expandedlicensing.ExtendableLicense; +import org.spdx.library.model.v3_0_1.security.*; +import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; +import org.spdx.library.model.v3_0_1.simplelicensing.SimpleLicensingText; +import org.spdx.library.model.v3_0_1.software.*; +import org.spdx.storage.IModelStore; +import org.spdx.storage.simple.InMemSpdxStore; +import org.spdx.tools.Verify; +import org.spdx.v3jsonldstore.JsonLDStore; + +import java.io.*; +import java.time.LocalDateTime; +import java.time.format.DateTimeFormatter; +import java.util.*; + +import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; + + +/** + * This class attempts to implement all the SPDX specification classes and most of the properties. + *

+ * It will generate a resulting serialization that can be used as a full serialization example. + *

+ *

+ * This example is current as of the version 3.0.1 of the SPDX Specification + *

+ */ +public class FullSpdxV3Example { + + static final DateTimeFormatter SPDX_DATE_FORMATTER = DateTimeFormatter.ofPattern(SpdxConstantsCompatV2.SPDX_DATE_FORMAT); + static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); + + static class ExampleBuilder { + private final String prefix; + private final SpdxDocument doc; + private Sbom sBom = null; + private SpdxPackage pkg = null; + + public ExampleBuilder(String prefix, SpdxDocument doc) { + this.prefix = prefix; + this.doc = doc; + } + + void build() throws InvalidSPDXAnalysisException { + addCoreClasses(); + addSoftwareClasses(); + addAIandDataClasses(); + addSecurityClasses(); + addSimpleLicensingClasses(); + addExpandedLicensingClasses(); + addBuildClasses(); + addExtensionClasses(); + } + + private String getNextAnonId() throws InvalidSPDXAnalysisException { + return doc.getModelStore().getNextId(IModelStore.IdType.Anonymous); + } + + private void addExtensionClasses() throws InvalidSPDXAnalysisException { + //TODO: The following is causing a schema validation error - uncomment when resolved +// ModelRegistry.getModelRegistry().registerExtensionType("Extension.example", +// SpdxExtensionExample.class); +// SpdxExtensionExample extension = new SpdxExtensionExample(doc.getModelStore(), +// prefix + "extension", doc.getCopyManager(), true, prefix); +// extension.setExtensionProperty("Extension property value"); +// doc.getExtensions().add(extension); + doc.getExtensions().add(doc.createCdxPropertiesExtension(getNextAnonId()) + .addCdxProperty(doc.createCdxPropertyEntry(getNextAnonId()) + .setCdxPropName("CDXProperty") + .setCdxPropValue("Property Value") + .build()) + .build()); + } + + private void addBuildClasses() throws InvalidSPDXAnalysisException { + Build build = doc.createBuild(prefix + "build") + .setBuildType("https://github.com/spdx/tools-java/blob/master/pom.xml") + .setComment("Builds use the maven-release-plugin") + .setBuildStartTime(LocalDateTime.of(2025, 10, 15, 11, 42) + .format(SPDX_DATE_FORMATTER)) + .setBuildEndTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .addConfigSourceDigest(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("cc75cc9bfad1fb047f15fd60fe48806a9614c17bfee073e79e5ac3bd3e5d5271 ") + .build()) + .addConfigSourceEntrypoint("release") + .addConfigSourceUri("https://repo1.maven.org/maven2/org/spdx/tools-java/2.0.2/tools-java-2.0.2.pom") + .addEnvironment(doc.createDictionaryEntry(getNextAnonId()) + .setKey("OS") + .setValue("Windows11") + .build()) + .addParameter(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Next Snapshot Version") + .setValue("2.0.3-SNAPSHOT") + .build()) + .build(); + + // hasInput relationship + SpdxFile pomFile = doc.createSpdxFile(prefix + "pomfile") + .setName("pom.xml") + .setFileKind(FileKindType.FILE) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("cc75cc9bfad1fb047f15fd60fe48806a9614c17bfee073e79e5ac3bd3e5d5271") + .build()) + .build(); + doc.getElements().add(pomFile); + sBom.getElements().add(pomFile); + SpdxFile srcDir = doc.createSpdxFile(prefix + "src") + .setName("src") + .setFileKind(FileKindType.DIRECTORY) + .build(); + doc.getElements().add(srcDir); + sBom.getElements().add(srcDir); + Relationship hasInput = doc.createLifecycleScopedRelationship(prefix + "hasinput") + .setRelationshipType(RelationshipType.HAS_INPUT) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setScope(LifecycleScopeType.BUILD) + .setFrom(build) + .addTo(srcDir) + .addTo(pomFile) + .build(); + doc.getElements().add(hasInput); + SpdxFile jarWithDependencies = doc.createSpdxFile(prefix + "jarwdeps") + .setName("tools-java-2.0.2-jar-with-dependencies.jar") + .setFileKind(FileKindType.FILE) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("3b326e4ea0e901d71a58627ca14c7d7ec36fc7bdb01308a78de99de2171c7904") + .build()) + .build(); + doc.getElements().add(jarWithDependencies); + Relationship hasOutput = doc.createRelationship(prefix + "hasoutput") + .setRelationshipType(RelationshipType.HAS_OUTPUT) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(build) + .addTo(jarWithDependencies) + .build(); + doc.getElements().add(hasOutput); + } + + private void addExpandedLicensingClasses() throws InvalidSPDXAnalysisException { + // ConjunctiveLicenseSet + AnyLicenseInfo complexLicense = doc.createConjunctiveLicenseSet(prefix + "complexlicense") + // CustomLicense + .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense3") + .setLicenseText("This is the license text for my custom license") + .setName("Gary's Custom License") + .addSeeAlso("https://example.com") + .build()) + // OrLaterOperator + .addMember(doc.createOrLaterOperator(prefix + "complexorlater") + // ListedLicense + .setSubjectLicense(doc.createListedLicense("http://spdx.org/licenses/EPL-1.0") + .setName("Eclipse Public License 1.0") + .setLicenseText("Eclipse Public License - v 1.0\n\nTHE ACCOMPANYING PROGRAM IS PROVIDED" + + " UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION " + + "OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENTS ACCEPTANCE OF THIS AGREEMENT.\n\n1. " + + "DEFINITIONS\n\n\"Contribution\" means:\n a) in the case of the initial Contributor...") + .setIsFsfLibre(true) + .setComment("EPL replaced the CPL on 28 June 2005.") + .addSeeAlso("https://opensource.org/licenses/EPL-1.0") + .build()) + .build()) + // DisjunctiveLicenseSet + .addMember(doc.createDisjunctiveLicenseSet(prefix + "complexdisjunctive") + // WithAdditionOperator + .addMember(doc.createWithAdditionOperator(prefix + "complexwith") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("GPL-2.0-or-later")) + // ListedLicenseException + .setSubjectAddition(doc.createListedLicenseException("http://spdx.org/licenses/Autoconf-exception-2.0") + .setName("Autoconf exception 2.0") + .setComment("Typically used with GPL-2.0-only or GPL-2.0-or-later") + .setAdditionText("As a special exception, the Free Software Foundation gives unlimited " + + "permission to copy, distribute and modify the ...") + .addSeeAlso("http://ftp.gnu.org/gnu/autoconf/autoconf-2.59.tar.gz") + .build()) + .build()) + .addMember(doc.createWithAdditionOperator(prefix + "complexwithcustomaddition") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0")) + // CustomLicenseAddition + .setSubjectAddition(doc.createCustomLicenseAddition(prefix + "complexcustomaddition") + .setName("My License Addition") + .setAdditionText("Custom addition text - just for me") + .addSeeAlso("https://example.com") + .build()) + .build()) + // ExtendableLicense - Abstract + // IndividualLicensingInfo - used by listed license + // License - Abstract + .addMember(LicenseInfoFactory.parseSPDXLicenseString("MIT")) + .build()) + .build(); + doc.getElements().add(complexLicense); + } + + private void addSimpleLicensingClasses() throws InvalidSPDXAnalysisException { + // SimpleLicensingText + String simpleLicenseId = "LicenseRef-simpletext"; + String simpleAdditionId = "LicenseRef-simpleaddition"; + SimpleLicensingText slt = doc.createSimpleLicensingText(prefix + simpleLicenseId) + .setLicenseText("This is the license text to go with my license expression") + .build(); + doc.getElements().add(slt); + SimpleLicensingText simpleaddition = doc.createSimpleLicensingText(prefix + simpleAdditionId) + .setLicenseText("This is the custom addition text") + .build(); + doc.getElements().add(simpleaddition); + // LicenseExpression + doc.getElements().add(doc.createLicenseExpression(prefix + "licenseexpression") + .setLicenseExpression("Apache-2.0 AND " + simpleLicenseId + " WITH " + simpleAdditionId) + .addCustomIdToUri(doc.createDictionaryEntry(getNextAnonId()) + .setKey(simpleLicenseId) + .setValue(prefix + simpleLicenseId) + .build()) + .addCustomIdToUri(doc.createDictionaryEntry(getNextAnonId()) + .setKey(simpleAdditionId) + .setValue(prefix + simpleAdditionId) + .build()) + .build()); + // AnyLicenseInfo - Abstract + } + + private void addSecurityClasses() throws InvalidSPDXAnalysisException { + // First - let's add a dependeny with a known vulnerability + SpdxPackage log4j = doc.createSpdxPackage(prefix + "log4j") + .setName("Apache Log4j 2") + .setPackageVersion("2.14.1") + .setPackageUrl("pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1") + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.CPE23) + .setIssuingAuthority("NVD") + .setIdentifier("cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*") + .build()) + .build(); + doc.getElements().add(log4j); + sBom.getElements().add(log4j); + Relationship depRelationship = doc.createRelationship(prefix + "log4jdep") + .setFrom(pkg) + .addTo(log4j) + .setRelationshipType(RelationshipType.HAS_DYNAMIC_LINK) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build(); + doc.getElements().add(depRelationship); + sBom.getElements().add(depRelationship); + // Since we don't want the vulnerabilities to be in the more static SBOMs, let's create a different collection + Bundle securityBundle = doc.createBundle(prefix + "securitybundle") + .setContext("Security information related to "+sBom.getObjectUri()) + .build(); + // Vulnerability + Vulnerability vuln = doc.createVulnerability(prefix + "log4jvuln") + .setSummary("Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups.") + .setDescription("Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not " + + "protect from uncontrolled recursion from self-referential lookups. This allows an attacker " + + "with control over ...") + .setPublishedTime(LocalDateTime.of(2021, 12, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.CVE) + .setIdentifier("CVE-2021-45105") + .addIdentifierLocator("https://www.cve.org/CVERecord?id=CVE-2021-45105") + .build()) + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.SECURITY_ADVISORY) + .addLocator("https://nvd.nist.gov/vuln/detail/CVE-2021-45105") + .build()) + .build(); + doc.getElements().add(vuln); + securityBundle.getElements().add(vuln); + Relationship log4jVulnRel = doc.createRelationship(prefix + "log4jvulnrelationship") + .setRelationshipType(RelationshipType.HAS_ASSOCIATED_VULNERABILITY) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(log4j) + .addTo(vuln) + .build(); + doc.getElements().add(log4jVulnRel); + securityBundle.getElements().add(log4jVulnRel); + Relationship pkgVulnRel = doc.createRelationship(prefix + "pkgvulnrelationship") + .setRelationshipType(RelationshipType.HAS_ASSOCIATED_VULNERABILITY) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(pkg) + .addTo(vuln) + .build(); + doc.getElements().add(pkgVulnRel); + securityBundle.getElements().add(pkgVulnRel); + // CvssV2VulnAssessmentRelationship + Agent supplierAgent = doc.createAgent(prefix + "assessmentagent") + .setName("Supplier of Assessments") + .setComment("This would be the supplier of the vulnerability assessments") + .build(); + CvssV2VulnAssessmentRelationship cvssV2 = doc.createCvssV2VulnAssessmentRelationship(prefix + "cvssv2vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setVectorString("(AV:N/AC:M/Au:N/C:P/I:N/A:N)") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV2); + securityBundle.getElements().add(cvssV2); + // CvssV3VulnAssessmentRelationship + CvssV3VulnAssessmentRelationship cvssV3 = doc.createCvssV3VulnAssessmentRelationship(prefix + "cvssv3vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setSeverity(CvssSeverityType.CRITICAL) + .setVectorString("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV3); + securityBundle.getElements().add(cvssV3); + // CvssV4VulnAssessmentRelationship + CvssV4VulnAssessmentRelationship cvssV4 = doc.createCvssV4VulnAssessmentRelationship(prefix + "cvssv4vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setSeverity(CvssSeverityType.CRITICAL) + .setVectorString("(AV:N/AC:M/Au:N/C:P/I:N/A:N)") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV4); + securityBundle.getElements().add(cvssV4); + // EpssVulnAssessmentRelationship + EpssVulnAssessmentRelationship epss = doc.createEpssVulnAssessmentRelationship(prefix + "epss") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setProbability(0.01) + .setPercentile(0.4) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(epss); + securityBundle.getElements().add(epss); + // ExploitCatalogVulnAssessmentRelationship + //TODO: The schema has "locator" for the field while the generated Java code has "securityLocator" + //Need to regenerate the library then uncomment the example below + ExploitCatalogVulnAssessmentRelationship excat = doc.createExploitCatalogVulnAssessmentRelationship(prefix + "exploitcat") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setCatalogType(ExploitCatalogType.KEV) + .setSecurityLocator("https://www.cisa.gov/known-exploited-vulnerabilities-catalog") + .setExploited(true) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(excat); + securityBundle.getElements().add(excat); + + // SsvcVulnAssessmentRelationship + SsvcVulnAssessmentRelationship ssvs = doc.createSsvcVulnAssessmentRelationship(prefix + "ssvs") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setDecisionType(SsvcDecisionType.ACT) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(ssvs); + securityBundle.getElements().add(ssvs); + // VexAffectedVulnAssessmentRelationship + VexAffectedVulnAssessmentRelationship vexAffected = doc.createVexAffectedVulnAssessmentRelationship(prefix + "vexaffected") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(log4j) + .setActionStatement("Upgrade to version 2.20 or later") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexAffected); + securityBundle.getElements().add(vexAffected); + // VexFixedVulnAssessmentRelationship + VexFixedVulnAssessmentRelationship vexFixed = doc.createVexFixedVulnAssessmentRelationship(prefix + "vexfixed") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexFixed); + securityBundle.getElements().add(vexFixed); + // VexNotAffectedVulnAssessmentRelationship + VexNotAffectedVulnAssessmentRelationship vexNotAffected = doc.createVexNotAffectedVulnAssessmentRelationship(prefix + "vexnotaffected") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setJustificationType(VexJustificationType.INLINE_MITIGATIONS_ALREADY_EXIST) + .setImpactStatement("No longer using this vulnerable part of this library.") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexNotAffected); + securityBundle.getElements().add(vexNotAffected); + // VexUnderInvestigationVulnAssessmentRelationship + VexUnderInvestigationVulnAssessmentRelationship vexUnderInvestigation = doc.createVexUnderInvestigationVulnAssessmentRelationship(prefix + "vexunderinvestigation") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexUnderInvestigation); + securityBundle.getElements().add(vexUnderInvestigation); + // VexVulnAssessmentRelationship - Abstract + // VulnAssessmentRelationship - Abstract + } + + private void addCoreClasses() throws InvalidSPDXAnalysisException { + // Agent - Abstract, already in creation info + // Annotation + doc.getElements().add(doc.createAnnotation(prefix + "docannotation") + .setStatement("This document is for example purposes only") + .setAnnotationType(AnnotationType.OTHER) + .setSubject(doc) + .build()); + // Artifact - Abstract - used in software package and several others + // Bom - will be used as an AI BOM and software BOM + // Bundle + doc.getElements().add(doc.createBundle(prefix + "bundle") + .setComment("This is just an example of a concrete Bundle class - the elements are not used elsewhere in the SPDX document") + .setContext("Custom Licenses") + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense1") + .setLicenseText("This is a custom license text number one.") + .build()) + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense2") + .setLicenseText("This is a custom license text number two.") + .build()) + .build()); + // CreationInfo - Already created + // DictionaryEntry - Used in several places including SimpleLicensing + // Element - Abstract + // ElementCollection - Abstract + // ExternalIdentifier - Used in Security profile + // Organization + doc.getCreationInfo().getCreatedBys().add(doc.createOrganization(prefix + "spdxorg") + .setName("System Package Data Exchange (SPDX)") + .build()); + // ExternalMap + String orgLocation = "https://external/organization/spdxdata"; + String orgPrefix = orgLocation + "#"; + String orgUri = orgPrefix + "org"; + ExternalOrganization externalOrg = new ExternalOrganization(doc.getModelStore(), + orgUri, doc.getCopyManager(), + true, orgLocation); + doc.getCreationInfo().getCreatedBys().add(externalOrg); + doc.getSpdxImports().add(doc.createExternalMap(getNextAnonId()) + .setExternalSpdxId(orgUri) + .setLocationHint(orgLocation) + .build()); + // Hash - Used in file + // IndividualElement - Used in software package originated by + // IntegrityMethod - Used in file and package + // LifecycleScopedRelationship + // NamespaceMap - Used in doc already + // PackageVerificationCode - Going to ignore - deprecated + // Person - Used in creation info + // PositiveIntegerRange - Used in snippets + // Relationship - Used in software + // SoftwareAgent + doc.getCreationInfo().getCreatedBys().add(doc.createSoftwareAgent(prefix + "softwareagent") + .setName("SPDX Spec Github CI") + .build()); + // SpdxDocument - already used + // ExternalRef + // Tool + doc.getCreationInfo().getCreatedUsings().add(doc.createTool(prefix + "creationtool") + .setName("tools-java") + .setComment("Created by the FullSpdxV3Example.java utility in tools-java") + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java") + .build()) + .build()); + } + + private void addSoftwareClasses() throws InvalidSPDXAnalysisException { + // Sbom + sBom = doc.createSbom(prefix + "sbom") + .setName("AI SBOM") + .addSbomType(SbomType.ANALYZED) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.BUILD) + .addProfileConformance(ProfileIdentifierType.SECURITY) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.getElements().add(sBom); + doc.getRootElements().add(sBom); + // Package + pkg = doc.createSpdxPackage(prefix + "tools-java") + .setName("tools-java") + .setPrimaryPurpose(SoftwarePurpose.APPLICATION) + .addAdditionalPurpose(SoftwarePurpose.LIBRARY) + .addAttributionText("Maintained by the SPDX Community") + .setBuiltTime(LocalDateTime.of(2025, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + // ContentIdentifier + .addContentIdentifier(doc.createContentIdentifier(getNextAnonId()) + .setContentIdentifierType(ContentIdentifierType.GITOID) + .setContentIdentifierValue("23bd470259f55641eb72b0c5d733edac014a4554") + .build()) + .setCopyrightText("Copyright (c) Source Auditor Inc.") + .setDescription("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .setDownloadLocation("https://github.com/spdx/tools-java/releases/download/v2.0.2/tools-java-2.0.2.zip") + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.URL_SCHEME) + .setIdentifier("https://github.com/spdx/tools-java") + .setIssuingAuthority("GitHub") + .build()) + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java:jar:2.0.2") + .build()) + .setPackageUrl("pkg:maven/org.spdx/tools-java@2.0.2") + .setPackageVersion("2.0.2") + .setReleaseTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .setSourceInfo("This package came from the original source - the official SPDX GitHub repo and build process") + .addStandardName("SPDX Version 2.X and SPDX Version 3.0") + .setHomePage("https://github.com/spdx/tools-java") + .addOriginatedBy(new SpdxOrganization()) + .setSuppliedBy(new SpdxOrganization()) + .setSummary("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .addSupportLevel(SupportType.LIMITED_SUPPORT) + .setValidUntilTime(LocalDateTime.of(2027, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("c37ce759c3867780d55791a1804101d288fa921e77ed791e6c053fd5d7513d0d") + .build()) + .build(); + doc.getElements().add(pkg); + sBom.getElements().add(pkg); + sBom.getRootElements().add(pkg); + // File + SpdxFile sourceFile = doc.createSpdxFile(prefix + "example-source") + .setPrimaryPurpose(SoftwarePurpose.SOURCE) + .setContentType("text/plain") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setFileKind(FileKindType.FILE) + .setName("./examples/org/spdx/examples/FullSpdxV3Example.java") + .build(); + sBom.getElements().add(sourceFile); + doc.getElements().add(sourceFile); + // Relationships - declared license, concluded license, generated from + doc.getElements().add(doc.createRelationship(prefix + "example-source-to-pkg") + .setRelationshipType(RelationshipType.GENERATES) + .setFrom(sourceFile) + .addTo(pkg) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build()); + AnyLicenseInfo declared = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + AnyLicenseInfo concluded = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + doc.getElements().add(doc.createRelationship(prefix + "source-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(sourceFile) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.NO_ASSERTION) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "source-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(sourceFile) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(pkg) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.NO_ASSERTION) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(pkg) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + // Snippet + Snippet snippet = doc.createSnippet(prefix + "snippet") + .addAttributionText("Example code created by Gary O'Neall") + .setDescription("Main method for the FullSpdxV3Example.java") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setByteRange(doc.createPositiveIntegerRange(getNextAnonId()) + .setBeginIntegerRange(43) + .setEndIntegerRange(89) + .build()) + .setLineRange(doc.createPositiveIntegerRange(getNextAnonId()) + .setBeginIntegerRange(1548) + .setEndIntegerRange(3955) + .build()) + .setName("main(String[] args)") + .setSnippetFromFile(sourceFile) + .build(); + doc.getElements().add(snippet); + sBom.getElements().add(snippet); + doc.getElements().add(doc.createRelationship(prefix + "snippet-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(snippet) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "snippet-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(snippet) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + // SoftwareArtifact - Abstract + } + + private void addAIandDataClasses() throws InvalidSPDXAnalysisException { + Bom aiBom = doc.createBom(prefix + "aibom") + .setName("AI SBOM") + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.AI) + .addProfileConformance(ProfileIdentifierType.DATASET) + .build(); + doc.getElements().add(aiBom); + doc.getRootElements().add(aiBom); + // DatasetPackage + DatasetPackage dataset = doc.createDatasetPackage(prefix + "dataset") + .addAnonymizationMethodUsed("Perturbation") + .setConfidentialityLevel(ConfidentialityLevelType.GREEN) + .setDataCollectionProcess("WWW data under open licenses") + .setDataCollectionProcess("Crawler") + .addDataPreprocessing("Anonymization using perturbation of sensitive data") + .setDatasetAvailability(DatasetAvailabilityType.QUERY) + .setDatasetNoise("Includes data input by humans - subject to error") + .setDatasetSize(4000000) + .addDatasetType(DatasetType.TEXT) + .setDatasetUpdateMechanism("Automated crawler") + .setHasSensitivePersonalInformation(PresenceType.NO) + .setIntendedUse("LLM training") + .addKnownBias("Typical human bias representative from the global WWW") + .addSensor(doc.createDictionaryEntry(getNextAnonId()) + .setKey("crawler") + .setValue("webcrawler") + .build()) + .setBuiltTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .addOriginatedBy(doc.createOrganization(prefix + "dataorg") + .setName("Data Corp.") + .build()) + .setReleaseTime(LocalDateTime.of(2025, 10, 22, 8, 50) + .format(SPDX_DATE_FORMATTER)) + .setDownloadLocation("https://com.data-corp.data/mydata") + .setPrimaryPurpose(SoftwarePurpose.DATA) + .build(); + doc.getElements().add(dataset); + aiBom.getElements().add(dataset); + // AIPackage + AIPackage aiPackage = doc.createAIPackage(prefix + "aipackage") + .setAutonomyType(PresenceType.YES) + .addDomain("Automotive") + // EnergyConsumption + .setEnergyConsumption(doc.createEnergyConsumption(getNextAnonId()) + // EnergyConsumptionDescription + .addFinetuningEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(150.0) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .addInferenceEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(0.7) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .addTrainingEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(15000.3) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .build()) + .addHyperparameter(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Hidden layers") + .setValue("14") + .build()) + .setInformationAboutApplication("Used in self driving cars") + .setInformationAboutTraining("Trained from data collected from auto cameras, sensors and WWW") + .setLimitation("Limited by amount of situations encountered from autos used for training") + .addMetric(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Operator Interventions") + .setValue("432") + .build()) + .addMetricDecisionThreshold(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Operator Interventions") + .setValue("100") + .build()) + .addModelDataPreprocessing("1. data cleaning") + .addModelExplainability("Behaviors from the auto driving car when observed from a safety driver") + .setSafetyRiskAssessment(SafetyRiskAssessmentType.SERIOUS) + .addStandardCompliance("UL 4600") + .addTypeOfModel("LLM") + .setUseSensitivePersonalInformation(PresenceType.NO) + .build(); + doc.getElements().add(aiPackage); + aiBom.getElements().add(aiPackage); + Relationship usesData = doc.createRelationship(prefix + "usesdata") + .setRelationshipType(RelationshipType.TRAINED_ON) + .setFrom(dataset) + .addTo(aiPackage) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build(); + doc.getElements().add(usesData); + aiBom.getElements().add(usesData); + } + } + + /** + * @param args args[0] is the file path for the output serialized file + */ + public static void main(String[] args) throws Exception { + if (args.length != 1) { + usage(); + System.exit(1); + } + File outFile = new File(args[0]); + if (outFile.exists()) { + System.out.printf("%s already exists.\n", args[0]); + System.exit(1); + } + if (!outFile.createNewFile()) { + System.out.printf("Unable to create file %s\n", args[0]); + System.exit(1); + } + if (!outFile.canWrite()) { + System.out.printf("Can not write to file %s\n", args[0]); + System.exit(1); + } + SpdxModelFactory.init(); + IModelCopyManager copyManager = new ModelCopyManager(); + try (JsonLDStore modelStore = new JsonLDStore(new InMemSpdxStore())) { + modelStore.setUseExternalListedElements(true); + String defaultDocUri = "https://spdx.github.io/spdx-spec/v3.0.1/examples/full-example-eaa46bdcfa20"; + String prefix = defaultDocUri + "#"; + DefaultModelStore.initialize(modelStore, defaultDocUri, copyManager); + CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( + modelStore, prefix + "garyagent", "Gary O'Neall", + copyManager); + SpdxDocument doc = creationInfo.createSpdxDocument(prefix + "document") + .setDataLicense(LicenseInfoFactory.getListedLicenseById("CC0")) + .addNamespaceMap(creationInfo.createNamespaceMap(modelStore.getNextId(IModelStore.IdType.Anonymous)) + .setNamespace(prefix) + .setPrefix("example") + .build()) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.BUILD) + .addProfileConformance(ProfileIdentifierType.AI) + .addProfileConformance(ProfileIdentifierType.DATASET) + .addProfileConformance(ProfileIdentifierType.SECURITY) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.setIdPrefix(prefix); + ExampleBuilder builder = new ExampleBuilder(prefix, doc); + builder.build(); + List warnings = new ArrayList<>(); + // Add all the elements to the doc to make sure everything gets serialized + Collection docElements = doc.getElements(); + SpdxModelFactory.getSpdxObjects(modelStore, copyManager, null, null, prefix).forEach( + modelObject -> { + if (modelObject instanceof Element) { + Element element = (Element)modelObject; + if (!docElements.contains(element) && !element.equals(doc)) { + warnings.add("Element not in the document elements: " + element.getObjectUri()); + docElements.add(element); + } + } + } + ); + + // Verify using the SPDX Java Library + warnings.addAll(doc.verify()); + try (OutputStream outStream = new FileOutputStream(outFile)) { + modelStore.serialize(outStream, doc); + } + + // Validate using the schema + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); + JsonSchema schema; + try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { + schema = jsonSchemaFactory.getSchema(is); + } + JsonNode root; + try (InputStream is = new FileInputStream(outFile)) { + root = JSON_MAPPER.readTree(is); + } + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { + warnings.add(msg.toString()); + } + if (!warnings.isEmpty()) { + System.out.println("Generated document contains the following warnings:"); + for (String warning:warnings) { + System.out.print("\t"); + System.out.println(warning); + } + } + } + } + + private static void usage() { + System.out.println("Generates an SPDX JSON-LD file containing all of the supported classes."); + System.out.println("Usage: FullSpdxV3Example outputfile"); + } +} diff --git a/examples/org/spdx/examples/SpdxExtensionExample.java b/examples/org/spdx/examples/SpdxExtensionExample.java new file mode 100644 index 0000000..f75d8c9 --- /dev/null +++ b/examples/org/spdx/examples/SpdxExtensionExample.java @@ -0,0 +1,37 @@ +package org.spdx.examples; + +import org.spdx.core.IModelCopyManager; +import org.spdx.core.InvalidSPDXAnalysisException; +import org.spdx.library.model.v3_0_1.extension.Extension; +import org.spdx.storage.IModelStore; +import org.spdx.storage.PropertyDescriptor; + +import javax.annotation.Nullable; +import java.util.Optional; + +public class SpdxExtensionExample extends Extension { + + static final PropertyDescriptor EXTENSION_PROPERTY_DESCRIPTOR = new PropertyDescriptor("extensionProp", "https://my/extension/namespace/"); + + public SpdxExtensionExample(IModelStore modelStore, String objectUri, @Nullable IModelCopyManager copyManager, boolean create, String idPrefix) throws InvalidSPDXAnalysisException { + super(modelStore, objectUri, copyManager, create, idPrefix); + } + + public SpdxExtensionExample(IModelStore modelStore, String objectUri, @Nullable IModelCopyManager copyManager, boolean create, String specVersion, String idPrefix) throws InvalidSPDXAnalysisException { + super(modelStore, objectUri, copyManager, create, idPrefix); + } + + public SpdxExtensionExample setExtensionProperty(String value) throws InvalidSPDXAnalysisException { + setPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR, value); + return this; + } + + public Optional getExtensionProperty() throws InvalidSPDXAnalysisException { + return getStringPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR); + } + + @Override + public String getType() { + return "Extension.example"; + } +} diff --git a/pom.xml b/pom.xml index 262e74c..e49e0af 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.2-SNAPSHOT + 2.0.6-SNAPSHOT jar tools-java @@ -43,19 +43,12 @@ Github Actions https://github.com/spdx/tools-java/actions - - - ossrh - spdx-spdx-tools - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - UTF-8 https://sonarcloud.io spdx tools-java - 8.4.3 + 12.2.0 11 -Xdoclint:none @@ -67,7 +60,7 @@ org.apache.maven.plugins maven-source-plugin - 3.2.1 + 3.4.0 attach-sources @@ -81,7 +74,7 @@ org.apache.maven.plugins maven-gpg-plugin - 1.6 + 3.2.8 sign-artifacts @@ -104,17 +97,17 @@ commons-io commons-io - 2.16.1 + 2.21.0 org.apache.commons commons-compress - 1.27.1 + 1.28.0 org.apache.ws.xmlschema xmlschema-core - 2.3.1 + 2.3.2 junit @@ -125,37 +118,37 @@ org.spdx java-spdx-library - 2.0.0 + 2.0.3 org.spdx spdx-jackson-store - 2.0.2 + 2.0.5 org.spdx spdx-rdf-store - 2.0.0 + 2.0.3 org.spdx spdx-spreadsheet-store - 2.0.0 + 2.0.3 org.spdx spdx-tagvalue-store - 2.0.0 + 2.0.3 org.spdx spdx-v3jsonld-store - 1.0.0 + 1.0.4 com.networknt json-schema-validator - 1.5.6 + 1.5.9 org.slf4j @@ -163,18 +156,6 @@ 2.0.17 true - - org.apache.poi - poi - 5.4.1 - compile - - - org.apache.jena - jena-core - 5.2.0 - compile - @@ -221,6 +202,15 @@ + + org.sonatype.central + central-publishing-maven-plugin + 0.10.0 + true + + central + + org.owasp dependency-check-maven @@ -232,7 +222,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.2.1 + 3.6.2 enforce-java @@ -252,7 +242,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.11.0 + 3.15.0 ${project.build.sourceEncoding} true @@ -263,19 +253,15 @@ org.apache.maven.plugins maven-javadoc-plugin - 2.9.1 + 3.12.0 true - 8 - ${env.JAVA_HOME}/bin/javadoc - -Xdoclint:none + true + all,-missing attach-javadocs - - ${javadoc.opts} - jar @@ -328,7 +314,7 @@ org.spdx spdx-maven-plugin - 1.0.2 + 1.0.3 build-spdx @@ -368,13 +354,18 @@ org.apache.maven.plugins maven-release-plugin - 3.0.1 + 3.3.1 v@{project.version} release deploy + + org.sonarsource.scanner.maven + sonar-maven-plugin + 5.5.0.6356 + diff --git a/resources/spdx-schema-v3.0.1.json b/resources/spdx-schema-v3.0.1.json index 5a030b4..bd7a3b5 100644 --- a/resources/spdx-schema-v3.0.1.json +++ b/resources/spdx-schema-v3.0.1.json @@ -10,42 +10,56 @@ }, "required": ["@context"], - "oneOf": [ - { - "type": "object", - "properties": { - "@graph": { - "description": "Top level container for JSON-LD objects", - "type": "array", - "items": { - "type": "object", - "$ref": "#/$defs/AnyClass", - "unevaluatedProperties": false - } + "if": { + "type": "object", + "required": ["@graph"] + }, + "then": { + "type": "object", + "properties": { + "@graph": { + "description": "Top level container for JSON-LD objects", + "type": "array", + "items": { + "type": "object", + "$ref": "#/$defs/AnyClass", + "unevaluatedProperties": false } - }, - "required": ["@graph"] + } }, - { "$ref": "#/$defs/AnyClass" } - ], + "required": ["@graph"] + }, + "else": { + "$ref": "#/$defs/AnyClass" + }, "unevaluatedProperties": false, "$defs": { "ai_EnergyConsumption": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyConsumption" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyConsumption" } }, - { "$ref": "#/$defs/ai_EnergyConsumption_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyConsumption_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyConsumption" + } }, "ai_EnergyConsumption_derived": { "anyOf": [ @@ -66,7 +80,7 @@ "type": "object", "properties": { "ai_finetuningEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -76,7 +90,7 @@ ] }, "ai_inferenceEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -86,7 +100,7 @@ ] }, "ai_trainingEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -100,29 +114,39 @@ ] }, "prop_ai_EnergyConsumption_ai_finetuningEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_inferenceEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_trainingEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "ai_EnergyConsumptionDescription": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyConsumptionDescription" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyConsumptionDescription" } }, - { "$ref": "#/$defs/ai_EnergyConsumptionDescription_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyConsumptionDescription_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyConsumptionDescription" + } }, "ai_EnergyConsumptionDescription_derived": { "anyOf": [ @@ -157,38 +181,48 @@ ] }, "prop_ai_EnergyConsumptionDescription_ai_energyQuantity": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_ai_EnergyConsumptionDescription_ai_energyUnit": { - "enum": [ - "kilowattHour", - "megajoule", - "other" - ] + "enum": [ + "kilowattHour", + "megajoule", + "other" + ] }, "ai_EnergyUnitType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyUnitType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyUnitType" } }, - { "$ref": "#/$defs/ai_EnergyUnitType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyUnitType_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyUnitType" + } }, "ai_EnergyUnitType_derived": { "anyOf": [ @@ -216,20 +250,30 @@ ] }, "ai_SafetyRiskAssessmentType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_SafetyRiskAssessmentType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_SafetyRiskAssessmentType" } }, - { "$ref": "#/$defs/ai_SafetyRiskAssessmentType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_SafetyRiskAssessmentType_props" } + ] + }, + "else": { + "const": "Not a ai_SafetyRiskAssessmentType" + } }, "ai_SafetyRiskAssessmentType_derived": { "anyOf": [ @@ -258,20 +302,30 @@ ] }, "AnnotationType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "AnnotationType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "AnnotationType" } }, - { "$ref": "#/$defs/AnnotationType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/AnnotationType_props" } + ] + }, + "else": { + "const": "Not a AnnotationType" + } }, "AnnotationType_derived": { "anyOf": [ @@ -298,20 +352,30 @@ ] }, "CreationInfo": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "CreationInfo" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "CreationInfo" } }, - { "$ref": "#/$defs/CreationInfo_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/CreationInfo_props" } + ] + }, + "else": { + "const": "Not a CreationInfo" + } }, "CreationInfo_derived": { "anyOf": [ @@ -338,7 +402,7 @@ "$ref": "#/$defs/prop_CreationInfo_created" }, "createdBy": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -349,7 +413,7 @@ ] }, "createdUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -371,44 +435,54 @@ ] }, "prop_CreationInfo_comment": { - "type": "string" + "type": "string" }, "prop_CreationInfo_created": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_CreationInfo_createdBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_CreationInfo_createdUsing": { - "$ref": "#/$defs/Tool_derived" + "$ref": "#/$defs/Tool_derived" }, "prop_CreationInfo_specVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "DictionaryEntry": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "DictionaryEntry" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "DictionaryEntry" } }, - { "$ref": "#/$defs/DictionaryEntry_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/DictionaryEntry_props" } + ] + }, + "else": { + "const": "Not a DictionaryEntry" + } }, "DictionaryEntry_derived": { "anyOf": [ @@ -442,10 +516,10 @@ ] }, "prop_DictionaryEntry_key": { - "type": "string" + "type": "string" }, "prop_DictionaryEntry_value": { - "type": "string" + "type": "string" }, "Element_derived": { "anyOf": [ @@ -520,7 +594,17 @@ "$ref": "#/$defs/prop_Element_description" }, "extension": { - "oneOf": [ + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/$defs/prop_Element_extension" + } + } + ] + }, + "extension": { + "anyOf": [ { "type": "array", "items": { @@ -530,7 +614,7 @@ ] }, "externalIdentifier": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -540,7 +624,7 @@ ] }, "externalRef": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -556,7 +640,7 @@ "$ref": "#/$defs/prop_Element_summary" }, "verifiedUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -573,31 +657,34 @@ ] }, "prop_Element_comment": { - "type": "string" + "type": "string" }, "prop_Element_creationInfo": { - "$ref": "#/$defs/CreationInfo_derived" + "$ref": "#/$defs/CreationInfo_derived" }, "prop_Element_description": { - "type": "string" + "type": "string" + }, + "prop_Element_extension": { + "$ref": "#/$defs/extension_Extension_derived" }, "prop_Element_extension": { - "$ref": "#/$defs/extension_Extension_derived" + "$ref": "#/$defs/extension_Extension_derived" }, "prop_Element_externalIdentifier": { - "$ref": "#/$defs/ExternalIdentifier_derived" + "$ref": "#/$defs/ExternalIdentifier_derived" }, "prop_Element_externalRef": { - "$ref": "#/$defs/ExternalRef_derived" + "$ref": "#/$defs/ExternalRef_derived" }, "prop_Element_name": { - "type": "string" + "type": "string" }, "prop_Element_summary": { - "type": "string" + "type": "string" }, "prop_Element_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ElementCollection_derived": { "anyOf": [ @@ -621,7 +708,7 @@ "type": "object", "properties": { "element": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -631,7 +718,7 @@ ] }, "profileConformance": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -641,7 +728,7 @@ ] }, "rootElement": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -655,40 +742,50 @@ ] }, "prop_ElementCollection_element": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_ElementCollection_profileConformance": { - "enum": [ - "ai", - "build", - "core", - "dataset", - "expandedLicensing", - "extension", - "lite", - "security", - "simpleLicensing", - "software" - ] + "enum": [ + "ai", + "build", + "core", + "dataset", + "expandedLicensing", + "extension", + "lite", + "security", + "simpleLicensing", + "software" + ] }, "prop_ElementCollection_rootElement": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "ExternalIdentifier": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalIdentifier" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalIdentifier" } }, - { "$ref": "#/$defs/ExternalIdentifier_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalIdentifier_props" } + ] + }, + "else": { + "const": "Not a ExternalIdentifier" + } }, "ExternalIdentifier_derived": { "anyOf": [ @@ -718,7 +815,7 @@ "$ref": "#/$defs/prop_ExternalIdentifier_identifier" }, "identifierLocator": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -739,47 +836,57 @@ ] }, "prop_ExternalIdentifier_comment": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_externalIdentifierType": { - "enum": [ - "cpe22", - "cpe23", - "cve", - "email", - "gitoid", - "other", - "packageUrl", - "securityOther", - "swhid", - "swid", - "urlScheme" - ] + "enum": [ + "cpe22", + "cpe23", + "cve", + "email", + "gitoid", + "other", + "packageUrl", + "securityOther", + "swhid", + "swid", + "urlScheme" + ] }, "prop_ExternalIdentifier_identifier": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_identifierLocator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalIdentifier_issuingAuthority": { - "type": "string" + "type": "string" }, "ExternalIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalIdentifierType" } }, - { "$ref": "#/$defs/ExternalIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalIdentifierType_props" } + ] + }, + "else": { + "const": "Not a ExternalIdentifierType" + } }, "ExternalIdentifierType_derived": { "anyOf": [ @@ -815,20 +922,30 @@ ] }, "ExternalMap": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalMap" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalMap" } }, - { "$ref": "#/$defs/ExternalMap_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalMap_props" } + ] + }, + "else": { + "const": "Not a ExternalMap" + } }, "ExternalMap_derived": { "anyOf": [ @@ -858,7 +975,7 @@ "$ref": "#/$defs/prop_ExternalMap_locationHint" }, "verifiedUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -875,32 +992,42 @@ ] }, "prop_ExternalMap_definingArtifact": { - "$ref": "#/$defs/Artifact_derived" + "$ref": "#/$defs/Artifact_derived" }, "prop_ExternalMap_externalSpdxId": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_locationHint": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ExternalRef": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalRef" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalRef" } }, - { "$ref": "#/$defs/ExternalRef_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalRef_props" } + ] + }, + "else": { + "const": "Not a ExternalRef" + } }, "ExternalRef_derived": { "anyOf": [ @@ -930,7 +1057,7 @@ "$ref": "#/$defs/prop_ExternalRef_externalRefType" }, "locator": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -944,80 +1071,90 @@ ] }, "prop_ExternalRef_comment": { - "type": "string" + "type": "string" }, "prop_ExternalRef_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_ExternalRef_externalRefType": { - "enum": [ - "altDownloadLocation", - "altWebPage", - "binaryArtifact", - "bower", - "buildMeta", - "buildSystem", - "certificationReport", - "chat", - "componentAnalysisReport", - "cwe", - "documentation", - "dynamicAnalysisReport", - "eolNotice", - "exportControlAssessment", - "funding", - "issueTracker", - "license", - "mailingList", - "mavenCentral", - "metrics", - "npm", - "nuget", - "other", - "privacyAssessment", - "productMetadata", - "purchaseOrder", - "qualityAssessmentReport", - "releaseHistory", - "releaseNotes", - "riskAssessment", - "runtimeAnalysisReport", - "secureSoftwareAttestation", - "securityAdversaryModel", - "securityAdvisory", - "securityFix", - "securityOther", - "securityPenTestReport", - "securityPolicy", - "securityThreatModel", - "socialMedia", - "sourceArtifact", - "staticAnalysisReport", - "support", - "vcs", - "vulnerabilityDisclosureReport", - "vulnerabilityExploitabilityAssessment" - ] + "enum": [ + "altDownloadLocation", + "altWebPage", + "binaryArtifact", + "bower", + "buildMeta", + "buildSystem", + "certificationReport", + "chat", + "componentAnalysisReport", + "cwe", + "documentation", + "dynamicAnalysisReport", + "eolNotice", + "exportControlAssessment", + "funding", + "issueTracker", + "license", + "mailingList", + "mavenCentral", + "metrics", + "npm", + "nuget", + "other", + "privacyAssessment", + "productMetadata", + "purchaseOrder", + "qualityAssessmentReport", + "releaseHistory", + "releaseNotes", + "riskAssessment", + "runtimeAnalysisReport", + "secureSoftwareAttestation", + "securityAdversaryModel", + "securityAdvisory", + "securityFix", + "securityOther", + "securityPenTestReport", + "securityPolicy", + "securityThreatModel", + "socialMedia", + "sourceArtifact", + "staticAnalysisReport", + "support", + "vcs", + "vulnerabilityDisclosureReport", + "vulnerabilityExploitabilityAssessment" + ] }, "prop_ExternalRef_locator": { - "type": "string" + "type": "string" }, "ExternalRefType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalRefType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalRefType" } }, - { "$ref": "#/$defs/ExternalRefType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalRefType_props" } + ] + }, + "else": { + "const": "Not a ExternalRefType" + } }, "ExternalRefType_derived": { "anyOf": [ @@ -1088,20 +1225,30 @@ ] }, "HashAlgorithm": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "HashAlgorithm" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "HashAlgorithm" } }, - { "$ref": "#/$defs/HashAlgorithm_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/HashAlgorithm_props" } + ] + }, + "else": { + "const": "Not a HashAlgorithm" + } }, "HashAlgorithm_derived": { "anyOf": [ @@ -1148,21 +1295,31 @@ ] }, "IndividualElement": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "IndividualElement" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "IndividualElement" + } }, - { "$ref": "#/$defs/IndividualElement_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/IndividualElement_props" } + ] + }, + "else": { + "const": "Not a IndividualElement" + } }, "IndividualElement_derived": { "anyOf": [ @@ -1216,23 +1373,33 @@ ] }, "prop_IntegrityMethod_comment": { - "type": "string" + "type": "string" }, "LifecycleScopeType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "LifecycleScopeType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "LifecycleScopeType" } }, - { "$ref": "#/$defs/LifecycleScopeType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/LifecycleScopeType_props" } + ] + }, + "else": { + "const": "Not a LifecycleScopeType" + } }, "LifecycleScopeType_derived": { "anyOf": [ @@ -1263,20 +1430,30 @@ ] }, "NamespaceMap": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "NamespaceMap" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "NamespaceMap" } }, - { "$ref": "#/$defs/NamespaceMap_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/NamespaceMap_props" } + ] + }, + "else": { + "const": "Not a NamespaceMap" + } }, "NamespaceMap_derived": { "anyOf": [ @@ -1311,26 +1488,36 @@ ] }, "prop_NamespaceMap_namespace": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_NamespaceMap_prefix": { - "type": "string" + "type": "string" }, "PackageVerificationCode": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PackageVerificationCode" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PackageVerificationCode" } }, - { "$ref": "#/$defs/PackageVerificationCode_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PackageVerificationCode_props" } + ] + }, + "else": { + "const": "Not a PackageVerificationCode" + } }, "PackageVerificationCode_derived": { "anyOf": [ @@ -1357,7 +1544,7 @@ "$ref": "#/$defs/prop_PackageVerificationCode_hashValue" }, "packageVerificationCodeExcludedFile": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1375,52 +1562,62 @@ ] }, "prop_PackageVerificationCode_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_PackageVerificationCode_hashValue": { - "type": "string" + "type": "string" }, "prop_PackageVerificationCode_packageVerificationCodeExcludedFile": { - "type": "string" + "type": "string" }, "PositiveIntegerRange": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PositiveIntegerRange" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PositiveIntegerRange" } }, - { "$ref": "#/$defs/PositiveIntegerRange_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PositiveIntegerRange_props" } + ] + }, + "else": { + "const": "Not a PositiveIntegerRange" + } }, "PositiveIntegerRange_derived": { "anyOf": [ @@ -1455,28 +1652,38 @@ ] }, "prop_PositiveIntegerRange_beginIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "prop_PositiveIntegerRange_endIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "PresenceType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PresenceType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PresenceType" } }, - { "$ref": "#/$defs/PresenceType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PresenceType_props" } + ] + }, + "else": { + "const": "Not a PresenceType" + } }, "PresenceType_derived": { "anyOf": [ @@ -1504,20 +1711,30 @@ ] }, "ProfileIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ProfileIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ProfileIdentifierType" } }, - { "$ref": "#/$defs/ProfileIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ProfileIdentifierType_props" } + ] + }, + "else": { + "const": "Not a ProfileIdentifierType" + } }, "ProfileIdentifierType_derived": { "anyOf": [ @@ -1552,21 +1769,31 @@ ] }, "Relationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Relationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Relationship" + } }, - { "$ref": "#/$defs/Relationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Relationship_props" } + ] + }, + "else": { + "const": "Not a Relationship" + } }, "Relationship_derived": { "anyOf": [ @@ -1613,7 +1840,7 @@ "$ref": "#/$defs/prop_Relationship_startTime" }, "to": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -1633,118 +1860,128 @@ ] }, "prop_Relationship_completeness": { - "enum": [ - "complete", - "incomplete", - "noAssertion" - ] + "enum": [ + "complete", + "incomplete", + "noAssertion" + ] }, "prop_Relationship_endTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_from_": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_Relationship_relationshipType": { - "enum": [ - "affects", - "amendedBy", - "ancestorOf", - "availableFrom", - "configures", - "contains", - "coordinatedBy", - "copiedTo", - "delegatedTo", - "dependsOn", - "descendantOf", - "describes", - "doesNotAffect", - "expandsTo", - "exploitCreatedBy", - "fixedBy", - "fixedIn", - "foundBy", - "generates", - "hasAddedFile", - "hasAssessmentFor", - "hasAssociatedVulnerability", - "hasConcludedLicense", - "hasDataFile", - "hasDeclaredLicense", - "hasDeletedFile", - "hasDependencyManifest", - "hasDistributionArtifact", - "hasDocumentation", - "hasDynamicLink", - "hasEvidence", - "hasExample", - "hasHost", - "hasInput", - "hasMetadata", - "hasOptionalComponent", - "hasOptionalDependency", - "hasOutput", - "hasPrerequisite", - "hasProvidedDependency", - "hasRequirement", - "hasSpecification", - "hasStaticLink", - "hasTest", - "hasTestCase", - "hasVariant", - "invokedBy", - "modifiedBy", - "other", - "packagedBy", - "patchedBy", - "publishedBy", - "reportedBy", - "republishedBy", - "serializedInArtifact", - "testedOn", - "trainedOn", - "underInvestigationFor", - "usesTool" - ] + "enum": [ + "affects", + "amendedBy", + "ancestorOf", + "availableFrom", + "configures", + "contains", + "coordinatedBy", + "copiedTo", + "delegatedTo", + "dependsOn", + "descendantOf", + "describes", + "doesNotAffect", + "expandsTo", + "exploitCreatedBy", + "fixedBy", + "fixedIn", + "foundBy", + "generates", + "hasAddedFile", + "hasAssessmentFor", + "hasAssociatedVulnerability", + "hasConcludedLicense", + "hasDataFile", + "hasDeclaredLicense", + "hasDeletedFile", + "hasDependencyManifest", + "hasDistributionArtifact", + "hasDocumentation", + "hasDynamicLink", + "hasEvidence", + "hasExample", + "hasHost", + "hasInput", + "hasMetadata", + "hasOptionalComponent", + "hasOptionalDependency", + "hasOutput", + "hasPrerequisite", + "hasProvidedDependency", + "hasRequirement", + "hasSpecification", + "hasStaticLink", + "hasTest", + "hasTestCase", + "hasVariant", + "invokedBy", + "modifiedBy", + "other", + "packagedBy", + "patchedBy", + "publishedBy", + "reportedBy", + "republishedBy", + "serializedInArtifact", + "testedOn", + "trainedOn", + "underInvestigationFor", + "usesTool" + ] }, "prop_Relationship_startTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_to": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "RelationshipCompleteness": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "RelationshipCompleteness" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "RelationshipCompleteness" } }, - { "$ref": "#/$defs/RelationshipCompleteness_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/RelationshipCompleteness_props" } + ] + }, + "else": { + "const": "Not a RelationshipCompleteness" + } }, "RelationshipCompleteness_derived": { "anyOf": [ @@ -1772,20 +2009,30 @@ ] }, "RelationshipType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "RelationshipType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "RelationshipType" } }, - { "$ref": "#/$defs/RelationshipType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/RelationshipType_props" } + ] + }, + "else": { + "const": "Not a RelationshipType" + } }, "RelationshipType_derived": { "anyOf": [ @@ -1869,21 +2116,31 @@ ] }, "SpdxDocument": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "SpdxDocument" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "SpdxDocument" + } }, - { "$ref": "#/$defs/SpdxDocument_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/SpdxDocument_props" } + ] + }, + "else": { + "const": "Not a SpdxDocument" + } }, "SpdxDocument_derived": { "anyOf": [ @@ -1907,7 +2164,7 @@ "$ref": "#/$defs/prop_SpdxDocument_dataLicense" }, "import": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1917,7 +2174,7 @@ ] }, "namespaceMap": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1931,29 +2188,39 @@ ] }, "prop_SpdxDocument_dataLicense": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "prop_SpdxDocument_import_": { - "$ref": "#/$defs/ExternalMap_derived" + "$ref": "#/$defs/ExternalMap_derived" }, "prop_SpdxDocument_namespaceMap": { - "$ref": "#/$defs/NamespaceMap_derived" + "$ref": "#/$defs/NamespaceMap_derived" }, "SupportType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "SupportType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "SupportType" } }, - { "$ref": "#/$defs/SupportType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/SupportType_props" } + ] + }, + "else": { + "const": "Not a SupportType" + } }, "SupportType_derived": { "anyOf": [ @@ -1985,21 +2252,31 @@ ] }, "Tool": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Tool" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Tool" + } }, - { "$ref": "#/$defs/Tool_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Tool_props" } + ] + }, + "else": { + "const": "Not a Tool" + } }, "Tool_derived": { "anyOf": [ @@ -2024,20 +2301,30 @@ ] }, "dataset_ConfidentialityLevelType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_ConfidentialityLevelType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_ConfidentialityLevelType" } }, - { "$ref": "#/$defs/dataset_ConfidentialityLevelType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_ConfidentialityLevelType_props" } + ] + }, + "else": { + "const": "Not a dataset_ConfidentialityLevelType" + } }, "dataset_ConfidentialityLevelType_derived": { "anyOf": [ @@ -2066,20 +2353,30 @@ ] }, "dataset_DatasetAvailabilityType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetAvailabilityType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetAvailabilityType" } }, - { "$ref": "#/$defs/dataset_DatasetAvailabilityType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_DatasetAvailabilityType_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetAvailabilityType" + } }, "dataset_DatasetAvailabilityType_derived": { "anyOf": [ @@ -2109,20 +2406,30 @@ ] }, "dataset_DatasetType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetType" } }, - { "$ref": "#/$defs/dataset_DatasetType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_DatasetType_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetType" + } }, "dataset_DatasetType_derived": { "anyOf": [ @@ -2192,7 +2499,7 @@ "$ref": "#/$defs/prop_expandedlicensing_LicenseAddition_expandedlicensing_obsoletedBy" }, "expandedlicensing_seeAlso": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -2212,39 +2519,49 @@ ] }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_additionText": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_isDeprecatedAdditionId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_standardAdditionTemplate": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicenseException": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ListedLicenseException" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ListedLicenseException" + } }, - { "$ref": "#/$defs/expandedlicensing_ListedLicenseException_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ListedLicenseException_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ListedLicenseException" + } }, "expandedlicensing_ListedLicenseException_derived": { "anyOf": [ @@ -2275,26 +2592,36 @@ ] }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "extension_CdxPropertyEntry": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "extension_CdxPropertyEntry" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "extension_CdxPropertyEntry" } }, - { "$ref": "#/$defs/extension_CdxPropertyEntry_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_CdxPropertyEntry_props" } + ] + }, + "else": { + "const": "Not a extension_CdxPropertyEntry" + } }, "extension_CdxPropertyEntry_derived": { "anyOf": [ @@ -2328,28 +2655,40 @@ ] }, "prop_extension_CdxPropertyEntry_extension_cdxPropName": { - "type": "string" + "type": "string" }, "prop_extension_CdxPropertyEntry_extension_cdxPropValue": { - "type": "string" + "type": "string" }, "extension_Extension": { - "allOf": [ - { - "type": "object", - "unevaluatedProperties": true, - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "allOf": [ - { "$ref": "#/$defs/IRI" }, - { "not": { "const": "extension_Extension" } } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "allOf": [ + { "$ref": "#/$defs/IRI" }, + { "not": { "const": "extension_Extension" } } + ] } }, - { "$ref": "#/$defs/extension_Extension_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "unevaluatedProperties": true, + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_Extension_props" } + ] + }, + "else": { + "const": "Not a extension_Extension" + } }, "extension_Extension_derived": { "anyOf": [ @@ -2374,20 +2713,30 @@ ] }, "security_CvssSeverityType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssSeverityType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssSeverityType" } }, - { "$ref": "#/$defs/security_CvssSeverityType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_CvssSeverityType_props" } + ] + }, + "else": { + "const": "Not a security_CvssSeverityType" + } }, "security_CvssSeverityType_derived": { "anyOf": [ @@ -2417,20 +2766,30 @@ ] }, "security_ExploitCatalogType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_ExploitCatalogType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_ExploitCatalogType" } }, - { "$ref": "#/$defs/security_ExploitCatalogType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_ExploitCatalogType_props" } + ] + }, + "else": { + "const": "Not a security_ExploitCatalogType" + } }, "security_ExploitCatalogType_derived": { "anyOf": [ @@ -2457,20 +2816,30 @@ ] }, "security_SsvcDecisionType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_SsvcDecisionType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_SsvcDecisionType" } }, - { "$ref": "#/$defs/security_SsvcDecisionType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_SsvcDecisionType_props" } + ] + }, + "else": { + "const": "Not a security_SsvcDecisionType" + } }, "security_SsvcDecisionType_derived": { "anyOf": [ @@ -2499,20 +2868,30 @@ ] }, "security_VexJustificationType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_VexJustificationType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexJustificationType" } }, - { "$ref": "#/$defs/security_VexJustificationType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_VexJustificationType_props" } + ] + }, + "else": { + "const": "Not a security_VexJustificationType" + } }, "security_VexJustificationType_derived": { "anyOf": [ @@ -2588,43 +2967,43 @@ ] }, "prop_security_VulnAssessmentRelationship_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_security_VulnAssessmentRelationship_security_assessedElement": { - "$ref": "#/$defs/software_SoftwareArtifact_derived" + "$ref": "#/$defs/software_SoftwareArtifact_derived" }, "prop_security_VulnAssessmentRelationship_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "simplelicensing_AnyLicenseInfo_derived": { "anyOf": [ @@ -2658,21 +3037,31 @@ ] }, "simplelicensing_LicenseExpression": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "simplelicensing_LicenseExpression" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "simplelicensing_LicenseExpression" + } }, - { "$ref": "#/$defs/simplelicensing_LicenseExpression_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/simplelicensing_LicenseExpression_props" } + ] + }, + "else": { + "const": "Not a simplelicensing_LicenseExpression" + } }, "simplelicensing_LicenseExpression_derived": { "anyOf": [ @@ -2693,7 +3082,7 @@ "type": "object", "properties": { "simplelicensing_customIdToUri": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -2716,31 +3105,41 @@ ] }, "prop_simplelicensing_LicenseExpression_simplelicensing_customIdToUri": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseExpression": { - "type": "string" + "type": "string" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseListVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "simplelicensing_SimpleLicensingText": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "simplelicensing_SimpleLicensingText" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "simplelicensing_SimpleLicensingText" + } }, - { "$ref": "#/$defs/simplelicensing_SimpleLicensingText_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/simplelicensing_SimpleLicensingText_props" } + ] + }, + "else": { + "const": "Not a simplelicensing_SimpleLicensingText" + } }, "simplelicensing_SimpleLicensingText_derived": { "anyOf": [ @@ -2771,23 +3170,33 @@ ] }, "prop_simplelicensing_SimpleLicensingText_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "software_ContentIdentifier": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_ContentIdentifier" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_ContentIdentifier" } }, - { "$ref": "#/$defs/software_ContentIdentifier_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_ContentIdentifier_props" } + ] + }, + "else": { + "const": "Not a software_ContentIdentifier" + } }, "software_ContentIdentifier_derived": { "anyOf": [ @@ -2822,29 +3231,39 @@ ] }, "prop_software_ContentIdentifier_software_contentIdentifierType": { - "enum": [ - "gitoid", - "swhid" - ] + "enum": [ + "gitoid", + "swhid" + ] }, "prop_software_ContentIdentifier_software_contentIdentifierValue": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "software_ContentIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_ContentIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_ContentIdentifierType" } }, - { "$ref": "#/$defs/software_ContentIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_ContentIdentifierType_props" } + ] + }, + "else": { + "const": "Not a software_ContentIdentifierType" + } }, "software_ContentIdentifierType_derived": { "anyOf": [ @@ -2871,20 +3290,30 @@ ] }, "software_FileKindType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_FileKindType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_FileKindType" } }, - { "$ref": "#/$defs/software_FileKindType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_FileKindType_props" } + ] + }, + "else": { + "const": "Not a software_FileKindType" + } }, "software_FileKindType_derived": { "anyOf": [ @@ -2911,20 +3340,30 @@ ] }, "software_SbomType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_SbomType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_SbomType" } }, - { "$ref": "#/$defs/software_SbomType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_SbomType_props" } + ] + }, + "else": { + "const": "Not a software_SbomType" + } }, "software_SbomType_derived": { "anyOf": [ @@ -2955,20 +3394,30 @@ ] }, "software_SoftwarePurpose": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_SoftwarePurpose" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_SoftwarePurpose" } }, - { "$ref": "#/$defs/software_SoftwarePurpose_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_SoftwarePurpose_props" } + ] + }, + "else": { + "const": "Not a software_SoftwarePurpose" + } }, "software_SoftwarePurpose_derived": { "anyOf": [ @@ -3022,21 +3471,31 @@ ] }, "build_Build": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "build_Build" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "build_Build" + } }, - { "$ref": "#/$defs/build_Build_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/build_Build_props" } + ] + }, + "else": { + "const": "Not a build_Build" + } }, "build_Build_derived": { "anyOf": [ @@ -3069,7 +3528,7 @@ "$ref": "#/$defs/prop_build_Build_build_buildType" }, "build_configSourceDigest": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3079,7 +3538,7 @@ ] }, "build_configSourceEntrypoint": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3089,7 +3548,7 @@ ] }, "build_configSourceUri": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3099,7 +3558,7 @@ ] }, "build_environment": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3109,7 +3568,7 @@ ] }, "build_parameter": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3126,64 +3585,74 @@ ] }, "prop_build_Build_build_buildEndTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_build_Build_build_buildId": { - "type": "string" + "type": "string" }, "prop_build_Build_build_buildStartTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] - }, - "prop_build_Build_build_buildType": { - "$ref": "#/$defs/anyURI" - }, - "prop_build_Build_build_configSourceDigest": { - "$ref": "#/$defs/Hash_derived" - }, - "prop_build_Build_build_configSourceEntrypoint": { - "type": "string" + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] + }, + "prop_build_Build_build_buildType": { + "$ref": "#/$defs/anyURI" + }, + "prop_build_Build_build_configSourceDigest": { + "$ref": "#/$defs/Hash_derived" + }, + "prop_build_Build_build_configSourceEntrypoint": { + "type": "string" }, "prop_build_Build_build_configSourceUri": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_build_Build_build_environment": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_build_Build_build_parameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "Agent": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Agent" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Agent" + } }, - { "$ref": "#/$defs/Agent_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Agent_props" } + ] + }, + "else": { + "const": "Not a Agent" + } }, "Agent_derived": { "anyOf": [ @@ -3212,21 +3681,31 @@ ] }, "Annotation": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Annotation" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Annotation" + } }, - { "$ref": "#/$defs/Annotation_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Annotation_props" } + ] + }, + "else": { + "const": "Not a Annotation" + } }, "Annotation_derived": { "anyOf": [ @@ -3267,20 +3746,20 @@ ] }, "prop_Annotation_annotationType": { - "enum": [ - "other", - "review" - ] + "enum": [ + "other", + "review" + ] }, "prop_Annotation_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_Annotation_statement": { - "type": "string" + "type": "string" }, "prop_Annotation_subject": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "Artifact_derived": { "anyOf": [ @@ -3309,7 +3788,7 @@ "$ref": "#/$defs/prop_Artifact_builtTime" }, "originatedBy": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3322,7 +3801,7 @@ "$ref": "#/$defs/prop_Artifact_releaseTime" }, "standardName": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3335,7 +3814,7 @@ "$ref": "#/$defs/prop_Artifact_suppliedBy" }, "supportLevel": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3352,75 +3831,85 @@ ] }, "prop_Artifact_builtTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_originatedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_releaseTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_standardName": { - "type": "string" + "type": "string" }, "prop_Artifact_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_supportLevel": { - "enum": [ - "deployed", - "development", - "endOfSupport", - "limitedSupport", - "noAssertion", - "noSupport", - "support" - ] + "enum": [ + "deployed", + "development", + "endOfSupport", + "limitedSupport", + "noAssertion", + "noSupport", + "support" + ] }, "prop_Artifact_validUntilTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] - }, - "Bundle": { + "type": "string", "allOf": [ { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Bundle" } - ] - } - }, - "required": ["spdxId"] + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" }, - { "$ref": "#/$defs/Bundle_props" } + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } ] }, + "Bundle": { + "if": { + "type": "object", + "properties": { + "type": { + "const": "Bundle" + } + }, + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Bundle_props" } + ] + }, + "else": { + "const": "Not a Bundle" + } + }, "Bundle_derived": { "anyOf": [ { @@ -3449,23 +3938,33 @@ ] }, "prop_Bundle_context": { - "type": "string" + "type": "string" }, "Hash": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "Hash" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "Hash" } }, - { "$ref": "#/$defs/Hash_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/Hash_props" } + ] + }, + "else": { + "const": "Not a Hash" + } }, "Hash_derived": { "anyOf": [ @@ -3500,50 +3999,60 @@ ] }, "prop_Hash_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_Hash_hashValue": { - "type": "string" + "type": "string" }, "LifecycleScopedRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "LifecycleScopedRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "LifecycleScopedRelationship" + } }, - { "$ref": "#/$defs/LifecycleScopedRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/LifecycleScopedRelationship_props" } + ] + }, + "else": { + "const": "Not a LifecycleScopedRelationship" + } }, "LifecycleScopedRelationship_derived": { "anyOf": [ @@ -3571,31 +4080,41 @@ ] }, "prop_LifecycleScopedRelationship_scope": { - "enum": [ - "build", - "design", - "development", - "other", - "runtime", - "test" - ] + "enum": [ + "build", + "design", + "development", + "other", + "runtime", + "test" + ] }, "Organization": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Organization" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Organization" + } }, - { "$ref": "#/$defs/Organization_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Organization_props" } + ] + }, + "else": { + "const": "Not a Organization" + } }, "Organization_derived": { "anyOf": [ @@ -3621,21 +4140,31 @@ ] }, "Person": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Person" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Person" + } }, - { "$ref": "#/$defs/Person_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Person_props" } + ] + }, + "else": { + "const": "Not a Person" + } }, "Person_derived": { "anyOf": [ @@ -3660,21 +4189,31 @@ ] }, "SoftwareAgent": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "SoftwareAgent" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "SoftwareAgent" + } }, - { "$ref": "#/$defs/SoftwareAgent_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/SoftwareAgent_props" } + ] + }, + "else": { + "const": "Not a SoftwareAgent" + } }, "SoftwareAgent_derived": { "anyOf": [ @@ -3699,21 +4238,31 @@ ] }, "expandedlicensing_ConjunctiveLicenseSet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ConjunctiveLicenseSet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ConjunctiveLicenseSet" + } }, - { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ConjunctiveLicenseSet" + } }, "expandedlicensing_ConjunctiveLicenseSet_derived": { "anyOf": [ @@ -3734,7 +4283,7 @@ "type": "object", "properties": { "expandedlicensing_member": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 2, @@ -3752,24 +4301,34 @@ ] }, "prop_expandedlicensing_ConjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_CustomLicenseAddition": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_CustomLicenseAddition" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_CustomLicenseAddition" + } }, - { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_CustomLicenseAddition" + } }, "expandedlicensing_CustomLicenseAddition_derived": { "anyOf": [ @@ -3794,21 +4353,31 @@ ] }, "expandedlicensing_DisjunctiveLicenseSet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_DisjunctiveLicenseSet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_DisjunctiveLicenseSet" + } }, - { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_DisjunctiveLicenseSet" + } }, "expandedlicensing_DisjunctiveLicenseSet_derived": { "anyOf": [ @@ -3829,7 +4398,7 @@ "type": "object", "properties": { "expandedlicensing_member": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 2, @@ -3847,7 +4416,7 @@ ] }, "prop_expandedlicensing_DisjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_ExtendableLicense_derived": { "anyOf": [ @@ -3874,21 +4443,31 @@ ] }, "expandedlicensing_IndividualLicensingInfo": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_IndividualLicensingInfo" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_IndividualLicensingInfo" + } }, - { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_IndividualLicensingInfo" + } }, "expandedlicensing_IndividualLicensingInfo_derived": { "anyOf": [ @@ -3949,7 +4528,7 @@ "$ref": "#/$defs/prop_expandedlicensing_License_expandedlicensing_obsoletedBy" }, "expandedlicensing_seeAlso": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3975,48 +4554,58 @@ ] }, "prop_expandedlicensing_License_expandedlicensing_isDeprecatedLicenseId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isFsfLibre": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isOsiApproved": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseHeader": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseTemplate": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicense": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ListedLicense" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ListedLicense" + } }, - { "$ref": "#/$defs/expandedlicensing_ListedLicense_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ListedLicense_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ListedLicense" + } }, "expandedlicensing_ListedLicense_derived": { "anyOf": [ @@ -4047,27 +4636,37 @@ ] }, "prop_expandedlicensing_ListedLicense_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicense_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "expandedlicensing_OrLaterOperator": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_OrLaterOperator" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_OrLaterOperator" + } }, - { "$ref": "#/$defs/expandedlicensing_OrLaterOperator_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_OrLaterOperator_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_OrLaterOperator" + } }, "expandedlicensing_OrLaterOperator_derived": { "anyOf": [ @@ -4098,24 +4697,34 @@ ] }, "prop_expandedlicensing_OrLaterOperator_expandedlicensing_subjectLicense": { - "$ref": "#/$defs/expandedlicensing_License_derived" + "$ref": "#/$defs/expandedlicensing_License_derived" }, "expandedlicensing_WithAdditionOperator": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_WithAdditionOperator" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_WithAdditionOperator" + } }, - { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_WithAdditionOperator" + } }, "expandedlicensing_WithAdditionOperator_derived": { "anyOf": [ @@ -4150,26 +4759,36 @@ ] }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectAddition": { - "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" + "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectExtendableLicense": { - "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" + "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" }, "extension_CdxPropertiesExtension": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "extension_CdxPropertiesExtension" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "extension_CdxPropertiesExtension" } }, - { "$ref": "#/$defs/extension_CdxPropertiesExtension_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_CdxPropertiesExtension_props" } + ] + }, + "else": { + "const": "Not a extension_CdxPropertiesExtension" + } }, "extension_CdxPropertiesExtension_derived": { "anyOf": [ @@ -4190,7 +4809,7 @@ "type": "object", "properties": { "extension_cdxProperty": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -4208,24 +4827,34 @@ ] }, "prop_extension_CdxPropertiesExtension_extension_cdxProperty": { - "$ref": "#/$defs/extension_CdxPropertyEntry_derived" + "$ref": "#/$defs/extension_CdxPropertyEntry_derived" }, "security_CvssV2VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV2VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV2VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV2VulnAssessmentRelationship" + } }, "security_CvssV2VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4260,35 +4889,45 @@ ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV3VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV3VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV3VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV3VulnAssessmentRelationship" + } }, "security_CvssV3VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4327,44 +4966,54 @@ ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV4VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV4VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV4VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV4VulnAssessmentRelationship" + } }, "security_CvssV4VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4403,44 +5052,54 @@ ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_EpssVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_EpssVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_EpssVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_EpssVulnAssessmentRelationship" + } }, "security_EpssVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4475,44 +5134,54 @@ ] }, "prop_security_EpssVulnAssessmentRelationship_security_percentile": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_EpssVulnAssessmentRelationship_security_probability": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] - }, - "security_ExploitCatalogVulnAssessmentRelationship": { - "allOf": [ + "anyOf": [ { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_ExploitCatalogVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "type": "number" }, - { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship_props" } + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } ] }, + "security_ExploitCatalogVulnAssessmentRelationship": { + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_ExploitCatalogVulnAssessmentRelationship" + } + }, + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_ExploitCatalogVulnAssessmentRelationship" + } + }, "security_ExploitCatalogVulnAssessmentRelationship_derived": { "anyOf": [ { @@ -4550,33 +5219,43 @@ ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_catalogType": { - "enum": [ - "kev", - "other" - ] + "enum": [ + "kev", + "other" + ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_exploited": { - "type": "boolean" + "type": "boolean" }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_locator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "security_SsvcVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_SsvcVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_SsvcVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_SsvcVulnAssessmentRelationship" + } }, "security_SsvcVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4607,12 +5286,12 @@ ] }, "prop_security_SsvcVulnAssessmentRelationship_security_decisionType": { - "enum": [ - "act", - "attend", - "track", - "trackStar" - ] + "enum": [ + "act", + "attend", + "track", + "trackStar" + ] }, "security_VexVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4646,27 +5325,37 @@ ] }, "prop_security_VexVulnAssessmentRelationship_security_statusNotes": { - "type": "string" + "type": "string" }, "prop_security_VexVulnAssessmentRelationship_security_vexVersion": { - "type": "string" + "type": "string" }, "security_Vulnerability": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_Vulnerability" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_Vulnerability" + } }, - { "$ref": "#/$defs/security_Vulnerability_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_Vulnerability_props" } + ] + }, + "else": { + "const": "Not a security_Vulnerability" + } }, "security_Vulnerability_derived": { "anyOf": [ @@ -4700,37 +5389,37 @@ ] }, "prop_security_Vulnerability_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "software_SoftwareArtifact_derived": { "anyOf": [ @@ -4755,7 +5444,7 @@ "type": "object", "properties": { "software_additionalPurpose": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4765,7 +5454,7 @@ ] }, "software_attributionText": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4775,7 +5464,7 @@ ] }, "software_contentIdentifier": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4795,96 +5484,106 @@ ] }, "prop_software_SoftwareArtifact_software_additionalPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "prop_software_SoftwareArtifact_software_attributionText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_contentIdentifier": { - "$ref": "#/$defs/software_ContentIdentifier_derived" + "$ref": "#/$defs/software_ContentIdentifier_derived" }, "prop_software_SoftwareArtifact_software_copyrightText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_primaryPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "Bom": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Bom" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Bom" + } }, - { "$ref": "#/$defs/Bom_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Bom_props" } + ] + }, + "else": { + "const": "Not a Bom" + } }, "Bom_derived": { "anyOf": [ @@ -4910,21 +5609,31 @@ ] }, "expandedlicensing_CustomLicense": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_CustomLicense" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_CustomLicense" + } }, - { "$ref": "#/$defs/expandedlicensing_CustomLicense_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_CustomLicense_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_CustomLicense" + } }, "expandedlicensing_CustomLicense_derived": { "anyOf": [ @@ -4949,21 +5658,31 @@ ] }, "security_VexAffectedVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexAffectedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexAffectedVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexAffectedVulnAssessmentRelationship" + } }, "security_VexAffectedVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4997,36 +5716,46 @@ ] }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatement": { - "type": "string" + "type": "string" }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] - }, - "security_VexFixedVulnAssessmentRelationship": { + "type": "string", "allOf": [ { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexFixedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" }, - { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship_props" } + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } ] }, + "security_VexFixedVulnAssessmentRelationship": { + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexFixedVulnAssessmentRelationship" + } + }, + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexFixedVulnAssessmentRelationship" + } + }, "security_VexFixedVulnAssessmentRelationship_derived": { "anyOf": [ { @@ -5050,21 +5779,31 @@ ] }, "security_VexNotAffectedVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexNotAffectedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexNotAffectedVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexNotAffectedVulnAssessmentRelationship" + } }, "security_VexNotAffectedVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5098,44 +5837,54 @@ ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatement": { - "type": "string" + "type": "string" }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_justificationType": { - "enum": [ - "componentNotPresent", - "inlineMitigationsAlreadyExist", - "vulnerableCodeCannotBeControlledByAdversary", - "vulnerableCodeNotInExecutePath", - "vulnerableCodeNotPresent" - ] + "enum": [ + "componentNotPresent", + "inlineMitigationsAlreadyExist", + "vulnerableCodeCannotBeControlledByAdversary", + "vulnerableCodeNotInExecutePath", + "vulnerableCodeNotPresent" + ] }, "security_VexUnderInvestigationVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexUnderInvestigationVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexUnderInvestigationVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexUnderInvestigationVulnAssessmentRelationship" + } }, "security_VexUnderInvestigationVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5160,21 +5909,31 @@ ] }, "software_File": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_File" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_File" + } }, - { "$ref": "#/$defs/software_File_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_File_props" } + ] + }, + "else": { + "const": "Not a software_File" + } }, "software_File_derived": { "anyOf": [ @@ -5205,31 +5964,41 @@ ] }, "prop_software_File_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_software_File_software_fileKind": { - "enum": [ - "directory", - "file" - ] + "enum": [ + "directory", + "file" + ] }, "software_Package": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Package" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Package" + } }, - { "$ref": "#/$defs/software_Package_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Package_props" } + ] + }, + "else": { + "const": "Not a software_Package" + } }, "software_Package_derived": { "anyOf": [ @@ -5271,36 +6040,46 @@ ] }, "prop_software_Package_software_downloadLocation": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_homePage": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageUrl": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageVersion": { - "type": "string" + "type": "string" }, "prop_software_Package_software_sourceInfo": { - "type": "string" + "type": "string" }, "software_Sbom": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Sbom" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Sbom" + } }, - { "$ref": "#/$defs/software_Sbom_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Sbom_props" } + ] + }, + "else": { + "const": "Not a software_Sbom" + } }, "software_Sbom_derived": { "anyOf": [ @@ -5321,7 +6100,7 @@ "type": "object", "properties": { "software_sbomType": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5335,31 +6114,41 @@ ] }, "prop_software_Sbom_software_sbomType": { - "enum": [ - "analyzed", - "build", - "deployed", - "design", - "runtime", - "source" - ] + "enum": [ + "analyzed", + "build", + "deployed", + "design", + "runtime", + "source" + ] }, "software_Snippet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Snippet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Snippet" + } }, - { "$ref": "#/$defs/software_Snippet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Snippet_props" } + ] + }, + "else": { + "const": "Not a software_Snippet" + } }, "software_Snippet_derived": { "anyOf": [ @@ -5396,30 +6185,40 @@ ] }, "prop_software_Snippet_software_byteRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_lineRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_snippetFromFile": { - "$ref": "#/$defs/software_File_derived" + "$ref": "#/$defs/software_File_derived" }, "ai_AIPackage": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "ai_AIPackage" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_AIPackage" + } }, - { "$ref": "#/$defs/ai_AIPackage_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/ai_AIPackage_props" } + ] + }, + "else": { + "const": "Not a ai_AIPackage" + } }, "ai_AIPackage_derived": { "anyOf": [ @@ -5443,7 +6242,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_autonomyType" }, "ai_domain": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5456,7 +6255,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_energyConsumption" }, "ai_hyperparameter": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5475,7 +6274,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_limitation" }, "ai_metric": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5485,7 +6284,7 @@ ] }, "ai_metricDecisionThreshold": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5495,7 +6294,7 @@ ] }, "ai_modelDataPreprocessing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5505,7 +6304,7 @@ ] }, "ai_modelExplainability": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5518,7 +6317,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_safetyRiskAssessment" }, "ai_standardCompliance": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5528,7 +6327,7 @@ ] }, "ai_typeOfModel": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5545,79 +6344,89 @@ ] }, "prop_ai_AIPackage_ai_autonomyType": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_ai_AIPackage_ai_domain": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_energyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumption_derived" + "$ref": "#/$defs/ai_EnergyConsumption_derived" }, "prop_ai_AIPackage_ai_hyperparameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_informationAboutApplication": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_informationAboutTraining": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_limitation": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_metric": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_metricDecisionThreshold": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_modelDataPreprocessing": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_modelExplainability": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_safetyRiskAssessment": { - "enum": [ - "high", - "low", - "medium", - "serious" - ] + "enum": [ + "high", + "low", + "medium", + "serious" + ] }, "prop_ai_AIPackage_ai_standardCompliance": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_typeOfModel": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_useSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "dataset_DatasetPackage": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetPackage" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetPackage" + } }, - { "$ref": "#/$defs/dataset_DatasetPackage_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/dataset_DatasetPackage_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetPackage" + } }, "dataset_DatasetPackage_derived": { "anyOf": [ @@ -5638,7 +6447,7 @@ "type": "object", "properties": { "dataset_anonymizationMethodUsed": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5654,7 +6463,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_dataCollectionProcess" }, "dataset_dataPreprocessing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5673,7 +6482,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_datasetSize" }, "dataset_datasetType": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -5693,7 +6502,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_intendedUse" }, "dataset_knownBias": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5703,7 +6512,7 @@ ] }, "dataset_sensor": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5720,74 +6529,74 @@ ] }, "prop_dataset_DatasetPackage_dataset_anonymizationMethodUsed": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_confidentialityLevel": { - "enum": [ - "amber", - "clear", - "green", - "red" - ] + "enum": [ + "amber", + "clear", + "green", + "red" + ] }, "prop_dataset_DatasetPackage_dataset_dataCollectionProcess": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_dataPreprocessing": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetAvailability": { - "enum": [ - "clickthrough", - "directDownload", - "query", - "registration", - "scrapingScript" - ] + "enum": [ + "clickthrough", + "directDownload", + "query", + "registration", + "scrapingScript" + ] }, "prop_dataset_DatasetPackage_dataset_datasetNoise": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetSize": { - "type": "integer", - "minimum": 0 + "type": "integer", + "minimum": 0 }, "prop_dataset_DatasetPackage_dataset_datasetType": { - "enum": [ - "audio", - "categorical", - "graph", - "image", - "noAssertion", - "numeric", - "other", - "sensor", - "structured", - "syntactic", - "text", - "timeseries", - "timestamp", - "video" - ] + "enum": [ + "audio", + "categorical", + "graph", + "image", + "noAssertion", + "numeric", + "other", + "sensor", + "structured", + "syntactic", + "text", + "timeseries", + "timestamp", + "video" + ] }, "prop_dataset_DatasetPackage_dataset_datasetUpdateMechanism": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_hasSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_dataset_DatasetPackage_dataset_intendedUse": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_knownBias": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_sensor": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "IRI": { "type": "string", @@ -5798,7 +6607,7 @@ "pattern": "^_:.+" }, "BlankNodeOrIRI": { - "oneOf": [ + "anyOf": [ { "$ref": "#/$defs/IRI" }, { "$ref": "#/$defs/BlankNode" } ] @@ -5810,7 +6619,7 @@ "type": "object", "properties": { "type": { - "oneOf": [ + "anyOf": [ { "$ref": "#/$defs/IRI" }, { "enum": [ diff --git a/src/main/java/org/spdx/tools/CONTRIBUTING.md b/src/main/java/org/spdx/tools/CONTRIBUTING.md deleted file mode 100644 index a41d4ff..0000000 --- a/src/main/java/org/spdx/tools/CONTRIBUTING.md +++ /dev/null @@ -1,27 +0,0 @@ -Contributing -============ - -Thank you for your interest in `Spdx-Java-Library`. The project is open-source software, and bug reports, suggestions, and most especially patches are welcome. - -Issues ------- - -`Spdx-Java-Library` has a [project page on GitHub](https://github.com/spdx/Spdx-Java-Library) where you can [create an issue](https://github.com/spdx/Spdx-Java-Library/issues/new/choose) to report a bug, make a suggestion, or propose a substantial change or improvement that you might like to make. You may also wish to contact the SPDX working group technical team through its mailing list, [spdx-tech@lists.spdx.org](mailto:spdx-tech@lists.spdx.org). - -If you would like to work on a fix for any issue, please assign the issue to yourself prior to creating a Pull Request. - -Pull Requests -------- - -The source code for `Spdx-Java-Library` is hosted on [github.com/spdx/Spdx-Java-Library](https://github.com/spdx/Spdx-Java-Library). Please review [open pull requests](https://github.com/spdx/Spdx-Java-Library/pulls) and [active branches](https://github.com/spdx/Spdx-Java-Library/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. - -To submit a pull request via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. - -To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.0"). - -Once implemented, submit a pull request with `spec/X.X` branch as the parent branch. - -Licensing ---------- - -However you choose to contribute, please sign-off in each of your commits that you license your contributions under the terms of [the Developer Certificate of Origin](https://developercertificate.org/). Git has utilities for signing off on commits: `git commit -s` signs a current commit, and `git rebase --signoff ` retroactively signs a range of past commits. diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index 4c37030..59ab84e 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -58,6 +58,9 @@ */ public class SpdxToolsHelper { + /** + * Supported serialization file types + */ public enum SerFileType { JSON, RDFXML, XML, XLS, XLSX, YAML, TAG, RDFTTL, JSONLD } @@ -67,6 +70,7 @@ public enum SerFileType { static Map EXT_TO_FILETYPE; static { HashMap temp = new HashMap<>(); + temp.put("spdx3.json", SerFileType.JSONLD); temp.put("jsonld.json", SerFileType.JSONLD); temp.put("jsonld", SerFileType.JSONLD); temp.put("json", SerFileType.JSON); @@ -84,6 +88,9 @@ public enum SerFileType { } /** + * Determine the appropriate in memory based model store which supports + * serialization for the fileType + * * @param fileType * file type for the store * @return the appropriate in memory based model store which supports @@ -129,6 +136,8 @@ public static ISerializableModelStore fileTypeToStore(SerFileType fileType) } /** + * Determine the file type based on the file name and extension + * * @param file * @return the file type based on the file name and file extension * @throws InvalidFileNameException @@ -151,10 +160,14 @@ public static SerFileType fileToFileType(File file) if (fileName.endsWith("rdf.ttl")) { ext = "rdf.ttl"; } - }if ("json".equals(ext)) { + } + if ("json".equals(ext)) { if (fileName.endsWith("jsonld.json")) { ext = "jsonld.json"; } + if (fileName.endsWith("spdx3.json")) { + ext = "spdx3.json"; + } } SerFileType retval = EXT_TO_FILETYPE.get(ext); if (SerFileType.JSON.equals(retval)) { @@ -188,6 +201,8 @@ public static SerFileType fileToFileType(File file) } /** + * Determine the file type based on the file extension or string + * * @param str * @return the file type based on the file extension or string */ @@ -197,6 +212,9 @@ public static SerFileType strToFileType(String str) { } /** + * Deserializes an SPDX document from a file, + * compatible with SPDX version 2 + * * @param file * file containing an SPDX document with the standard file * extension for the serialization formats @@ -215,6 +233,9 @@ public static SpdxDocument deserializeDocumentCompatV2(File file) return readDocumentFromFileCompatV2(store, file); } /** + * Deserializes an SPDX document from a file, + * compatible with SPDX version 2 + * * @param file * file containing an SPDX document in one of the supported * SerFileTypes @@ -235,6 +256,8 @@ public static SpdxDocument deserializeDocumentCompatV2(File file, } /** + * Deserializes an SPDX document from a file + * * @param file * file containing an SPDX document with the standard file * extension for the serialization formats @@ -253,6 +276,8 @@ public static org.spdx.library.model.v3_0_1.core.SpdxDocument deserializeDocumen return readDocumentFromFileV3(store, file); } /** + * Deserializes an SPDX document from a file + * * @param file * file containing an SPDX document in one of the supported * SerFileTypes @@ -308,6 +333,8 @@ public static void deserializeFile(ISerializableModelStore store, File file) thr } /** + * Is the store supporting SPDX version 3 + * * @param store model store * @return true of the model store support SPDX spec version 3 */ @@ -316,6 +343,8 @@ public static boolean supportsV3(ISerializableModelStore store) { } /** + * Is the store supporting SPDX version 2 + * * @param store model store * @return true of the model store support SPDX spec version 2 */ @@ -358,7 +387,9 @@ public static CoreModelObject readDocumentFromFile(ISerializableModelStore store } /** - * Reads an SPDX Document from a file + * Reads an SPDX Document from a file, + * compatible with SPDX version 2 + * * @param store Store where the document is to be stored * @param file File to read the store from * @return SPDX Document from the store @@ -375,6 +406,8 @@ public static SpdxDocument readDocumentFromFileCompatV2(ISerializableModelStore } /** + * Gets an SPDX document from the model store + * * @param store model store * @return returns a document if a single document is found in the model store * @throws InvalidSPDXAnalysisException @@ -389,12 +422,15 @@ public static org.spdx.library.model.v3_0_1.core.SpdxDocument getDocFromStore(IS throw new InvalidSPDXAnalysisException("No SPDX version 3 documents in model store"); } if (docs.size() > 1) { - throw new InvalidSPDXAnalysisException("Multiple SPDX version 3 documents in modelSTore. There can only be one SPDX document."); + throw new InvalidSPDXAnalysisException("Multiple SPDX version 3 documents in modelStore. There can only be one SPDX document."); } return docs.get(0); } /** + * Gets an SPDX document from the model store, + * compatible with SPDX version 2 + * * @param store model store * @return returns a document if a single document is found in the model store * @throws InvalidSPDXAnalysisException diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index 0942914..00ff30e 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -2,13 +2,13 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + *
* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + *
* https://www.apache.org/licenses/LICENSE-2.0 - * + *
* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -40,6 +40,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; + import com.networknt.schema.JsonSchema; import com.networknt.schema.JsonSchemaFactory; import com.networknt.schema.SpecVersion.VersionFlag; @@ -54,9 +55,9 @@ public class Verify { static final int MIN_ARGS = 1; static final int MAX_ARGS = 2; static final int ERROR_STATUS = 1; - private static final String JSON_SCHEMA_RESOURCE_V2_3 = "resources/spdx-schema-v2.3.json"; - private static final String JSON_SCHEMA_RESOURCE_V2_2 = "resources/spdx-schema-v2.2.json"; - private static final String JSON_SCHEMA_RESOURCE_V3 = "resources/spdx-schema-v3.0.1.json"; + public static final String JSON_SCHEMA_RESOURCE_V2_3 = "resources/spdx-schema-v2.3.json"; + public static final String JSON_SCHEMA_RESOURCE_V2_2 = "resources/spdx-schema-v2.2.json"; + public static final String JSON_SCHEMA_RESOURCE_V3 = "resources/spdx-schema-v3.0.1.json"; static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); @@ -70,7 +71,7 @@ public static void main(String[] args) { System.exit(ERROR_STATUS); } if (args.length > MAX_ARGS) { - System.out.printf("Warning: Extra arguments will be ignored"); + System.out.println("Warning: Extra arguments will be ignored"); } SpdxToolsHelper.initialize(); List verify = null; @@ -104,20 +105,20 @@ public static void main(String[] args) { errors.add(verifyMsg); } } - if (errors.size() > 0) { + if (!errors.isEmpty()) { System.out.println("This SPDX Document is not valid due to:"); for (String errorMsg:errors) { System.out.print("\t" + errorMsg+"\n"); } } - if (warnings.size() > 0) { + if (!warnings.isEmpty()) { System.out.println("Warning: Deprecated license identifiers were found that should no longer be used.\n" + "References to the following deprecated license ID's should be updated:"); for (String warningMsg:warnings) { System.out.print("\t" + warningMsg+"\n"); } } - if (errors.size() == 0) { + if (errors.isEmpty()) { System.out.println("This SPDX Document is valid."); } else { System.exit(ERROR_STATUS); @@ -127,10 +128,7 @@ public static void main(String[] args) { /** * Verify a an SPDX file * @param filePath File path to the SPDX file to be verified - * @param fileType * @return A list of verification errors - if empty, the SPDX file is valid - * @throws InvalidFileNameException on invalid file name or file not found - * @throws IOException on IO error * @throws SpdxVerificationException where the SPDX file can not be parsed or the filename is invalid */ public static List verify(String filePath, SerFileType fileType) throws SpdxVerificationException { diff --git a/src/main/java/org/spdx/tools/compare/PackageSheet.java b/src/main/java/org/spdx/tools/compare/PackageSheet.java index 67a6159..f0c5c5e 100644 --- a/src/main/java/org/spdx/tools/compare/PackageSheet.java +++ b/src/main/java/org/spdx/tools/compare/PackageSheet.java @@ -296,7 +296,7 @@ private void addPackageToSheet(SpdxPackageComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/src/main/java/org/spdx/tools/compare/SnippetSheet.java b/src/main/java/org/spdx/tools/compare/SnippetSheet.java index 6f50d6c..d7ea26d 100644 --- a/src/main/java/org/spdx/tools/compare/SnippetSheet.java +++ b/src/main/java/org/spdx/tools/compare/SnippetSheet.java @@ -196,7 +196,7 @@ private void addSnippetToSheet(SpdxSnippetComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/testResources/sourcefiles/PackageSheet.java b/testResources/sourcefiles/PackageSheet.java index c99e9f8..fddb1f0 100644 --- a/testResources/sourcefiles/PackageSheet.java +++ b/testResources/sourcefiles/PackageSheet.java @@ -294,7 +294,7 @@ private void addPackageToSheet(SpdxPackageComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/testResources/sourcefiles/SnippetSheet.java b/testResources/sourcefiles/SnippetSheet.java index e9a0c45..ebf81c6 100644 --- a/testResources/sourcefiles/SnippetSheet.java +++ b/testResources/sourcefiles/SnippetSheet.java @@ -196,7 +196,7 @@ private void addSnippetToSheet(SpdxSnippetComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/tools-java.iml b/tools-java.iml new file mode 100644 index 0000000..ae72666 --- /dev/null +++ b/tools-java.iml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file