hasExtractedLicensingInfo
Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument.
SpdxDocument
An SdpxDocument represents the results of a contents, provenance, ownership and licensing analysis of exactly one software package. This is, effectively, the top level of SPDX information.
testing
This specification describes the SPDX language, defined as a dictionary of named properties and classes using W3C's RDF Technology.
SPDX is a designed to allow the exchange of data about software packages. This information includes a manifest of files contained in the package, licensing information related to the contained files, and licensing information related to the package as a whole.
{{version}}
ExtractedLicensingInfo
An ExtractedLicensingInfo represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a License rather than and ExtractedLicensingInfo.
testing
testing
packageVerificationCodeExcludedFile
A file that was excluded when calculating the package verification code. This is usually be a file containg SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded from the package verification code. If this is not done each recalculation of the package verification code in one file will require the other to be recalculated to be valid which will require the original which will require the original file's be recalculated, ad infinitum.
PackageVerificationCode
A PackageVerificationCode is a value that allows authentication of the package. This differs from the Checksum in that it uses an algorithm that allows the the SPDX file to be embedded in the pacakge. This digest is produced using a cryptographic hash algorithm applied to a manifest of the package. Some files in the package (ie, the SPDX files) are explicitly excluded from the digest. This allows those files to not impact the verification code.
testing
testing
reviewed
The review property relates a SpdxDocument to the review history.
Review
A Review represents a signoff by an individual on the information in an SpdxDocument.
testing
testing
algorithm
Identifies the algorithm used to produce the subject Checksum.
Checksum
A Checksum is simple value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change it's checksum value.
testing
checksumAlgorithm_sha1
Indicates the algorithm used was SHA-1
testing
testing
artifactOf
Indicates the project in which the file originated.
Tools must preserve doap:hompage and doap:name properties and the URI (if one is known) of doap:Project resources that are values of this property. All other properties of doap:Projects are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.
File
A File represents a named sequence of information that is contained in a software package.
testing
testing
checksumValue
The checksumValue property provides a hex encoded digest value produced using a specific algorithm.
testing
created
The date and time at which the SpdxDocument was created. This value must in UTC and have 'Z' as its timezone indicator.
CreationInfo
A CreationInfo provides information about the individuals, organizations and tools involved in the creation of an SpdxDocument.
testing
testing
creationInfo
The creationInfo property relates an SpdxDocument to a set of information about the creation of the SpdxDocument.
testing
creator
The name and, optionally, contact information of a person, organization or tool that created, or was used to create, the SpdxDocument.
testing
describesPackage
The describesPackage property relates an SpdxDocument to the package which it describes.
Package
A Package represents a piece software that is delivered as a single unit.
testing
testing
description
Provides a detailed description of the package.
testing
downloadLocation
The URI at which this package is available for download. Private (ie, not publicly reachable) URIs are acceptable as values of this property.
testing
extractedText
Verbatim license or licensing notice text that was discovered.
testing
fileName
The name of the file relative to the root of the package.
testing
fileType
The type of the file.
fileType_source
Indicates the file is a source code file.
testing
fileType_archive
Indicates the file is a archive file.
testing
fileType_binary
Indicates the file is not a text file. spdx:filetype_archive is preferred for archive files even though they are binary.
testing
fileType_other
Indicates the file is not a source, archive or binary file.
testing
testing
hasFile
Indicates that a particular file belongs to a package.
testing
licenseDeclared
The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist.
AnyLicenseInfo
The AnyLicenseInfo class includes all resources that represent licensing information.
License
A License represents a software copyright license. This class is used by the SPDX license repository to represent standard license.
testing
ConjunctiveLicenseSet
A ConjunctiveLicenseSet represents a set of licensing information all of which apply.
testing
DisjunctiveLicenseSet
A DisjunctiveLicenseSet represents a set of licensing information only one of which applies. This class implies that the copier gets to choose which of these licenses they would prefer to use.
testing
testing
none
When this value is used as the object of a property it indicates that the preparer of the SpdxDocument believes that there is no value for the property. This value should only be used if there is sufficient evidence to support this contention.
testing
noassertion
Indicates that the preparer of the SPDX document is not making any assertion
regarding the value of this field.
testing
testing
licenseInfoFromFiles
Licensing information that was discovered directly in the package. There will be an instance of this property for each distinct value of all licenseInfoInFile properties of all files contained in the package.
SimpleLicenseInfo
The SimpleLicenseInfo class includes all resources that represent simple, atomic, licensing information.
testing
testing
licenseInfoInFile
Licensing information that was discovered directly in the subject file.
testing
licenseText
The full text of the license.
testing
name
The full name of the package including version information.
testing
packageFileName
The base name of the package file name. For example, zlib-1.2.5.tar.gz.
testing
packageVerificationCode
A manifest based digest (the algorithm is defined in section [link goes here]) of the package. This allows consumers of this dataset to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX spec.
testing
packageVerificationCodeValue
The actual package verification code as a hex encoded value.
testing
reviewDate
The date and time at which the SpdxDocument was reviewed. This value must be in UTC and have 'Z' as its timezone indicator.
testing
reviewer
The name and, optionally, contact information of the person who performed the review.
testing
sourceInfo
Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source.
testing
specVersion
Identifies the version of this specification that was used to produce this SPDX document. Currently the only supported value is SPDX-1.0.
testing
summary
Provides a short description of the package.
testing
checksum
The checksum property provides a digest of a File or Package. This allows consumers of the SPDX document to verify that the content of the files or package has not changed.
testing
copyrightText
The text of copyright declarations discovered in the Package or File.
testing
licenseComments
The licenseComments property allows the preparer of the SPDX document to describe why the licensing in spdx:licenseConcluded was chosen.
testing
licenseConcluded
The licensing that the preparer of this SPDX document has concluded, based on the evidence, actual applies to the package.
testing
licenseId
A short name for the license that is at least 3 characters long and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'. Formally, all licenseId values must match the regular expression: [-+_.a-zA-Z0-9]{3,}
testing
member
A license, or other licensing information, that is a member of the subject license set.
testing
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1