UtcXsdDate LicenseSlug SpdxDocument 1 describesPackage The describesPackage property relates an SpdxDocument to the package which it describes. Package creationInfo The creationInfo property relates an SpdxDocument to a set of information about the creation of the SpdxDocument. CreationInfo 1 1 sdpxVersion Identifies the version of this specification that was used to produce this SPDX document. reviewed The review property relates a SpdxDocument to the review history. Review 1 1 reviewDate The date and time at which the SpdxDocument was reviewed. 1 reviewer The name and, optionally, contact information of the person who performed the review. licenseInfoFromFiles Licensing information that was discovered directly in the package. This is effectively a union of the licenseInfoInFile properties of all the files contained in the package. License 1 licenseId A short name for the license that is made up of ascii characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', and '-'. 1 File 1 1 1 1 1 licenseText The full text of the license. ExtractedLicensingInfo 1 1 extractedText Verbatim license or licensing notice text that was discovered. checksum The checksum property provides a digest of a File or File. This allows consumers of the SPDX document to verify that the content of the files or package has not changed. Checksum 1 checksumValue The checksumValue property provides a digest value produced using a specific algorithm. 1 algorithm Identifies the algorithm used to produce a checksum. ConjunctiveLicenseSet DisjunctiveLicenseSet 1 member A license, or other licensing information, that is a member of the subject license set. 1 packageFileName The base name of the package filename. This will often included the package name, version information and archive/compression method. For example, zlib-1.2.5.tar.gz. 1 hasFile Indicates that a particular file belongs to a package. 1 1 fileName The name of the file relative to the root of the package. 1 name The full name of the package including version information. creator The name and, optionally, contact information of a person, organization or tool that created, or was used to create, the SpdxDocument. licenseInfoInFile Licensing information that was discovered directly in the subject File. licenseConcluded The licensing that the preparer of this SPDX document has concluded, based on the evidence, actual applies to the package. 1 sourceInfo Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source. 1 licenseDeclared The licensing that is declared by the authors of the package. fileType The type of the file. created The date and time at which the SpdxDocument was created. 1 1 downloadLocation The URI at which this package is available for download. Private (ie, not publicly reachable) URIs are acceptable as values of this property. 1 1 packageVerificationCode A manifest based hash of the package. This allows consumers of this dataset to determin if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX spec. 1 1