SpdxDocument
1
The describesPackage
property relates an SpdxDocument
to the package which it describes.
describesPackage
Package
1
Identifies the version of this specification that was used to produce this SPDX document.
sdpxVersion
The creationInfo
property relates an SpdxDocument
to a set of information about the creation of the SpdxDocument.
creationInfo
CreationInfo
1
The review
property relates a SpdxDocument
to the review history.
reviewed
Review
1
1
The name and, optionally, contact information of the person who performed the review.
reviewer
1
The date and time at which the SpdxDocument was reviewed.
reviewDate
UtcXsdDate
Licensing information that was discovered directly in the package. This is effectively a union of the licenseInfoInFile properties of all the files contained in the package.
licenseInfoFromFiles
License
1
A short name for the license that is made up of ascii characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', and '-'.
licenseId
LicenseSlug
1
File
1
1
1
1
1
The full text of the license.
licenseText
ExtractedLicensingInfo
1
1
Verbatim license or licensing notice text that was discovered.
extractedText
Checksum
1
1
The checksumValue
property provides a digest value produced using a specific algorithm.
checksumValue
Identifies the algorithm used to produce a checksum.
algorithm
1
1
The base name of the package filename. This will often included the package name, version information and archive/compression method. For example, zlib-1.2.5.tar.gz
.
packageFileName
The date and time at which the SpdxDocument was created.
created
The name of the file relative to the root of the package.
fileName
The URI at which this package is available for download. Private (ie, not publicly reachable) URIs are acceptable as values of this property.
downloadLocation
ConjunctiveLicenseSet
DisjunctiveLicenseSet
1
A license, or other licensing information, that is a member of the subject license set.
member
1
Indicates that a particular file belongs to a package.
hasFile
1
Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source.
sourceInfo
1
The name and, optionally, contact information of a person, organization or tool that created, or was used to create, the SpdxDocument.
creator
1
1
A manifest based hash of the package. This allows consumers of this dataset to determin if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX spec.
packageVerificationCode
1
The full name of the package including version information.
name
1
The licensing that the preparer of this SPDX document has concluded, based on the evidence, actual applies to the package.
licenseConcluded
The licensing that is declared by the authors of the package.
licenseDeclared
The checksum
property provides a digest of a File
or File
. This allows consumers of the SPDX document to verify that the content of the files or package has not changed.
checksum
1
1
The type of the file.
fileType
1
1
Licensing information that was discovered directly in the subject File.
licenseInfoInFile