SPDX 2.2

SPDX 2.2
SPDX 2.2
IRI:
Version IRI:
Current version:
2.2
Other visualisation:
Ontology source
Abstract
This specification describes the SPDX® language, defined as a dictionary of named properties and classes using W3C's RDF Technology.
SPDX® is a designed to allow the exchange of data about software packages. This information includes general information about the package, licensing information about the package as a whole, a manifest of files contained in the package and licensing information related to the contained files.
Known issues:
Table of Content
Classes
Object Properties
Data Properties
Named Individuals
Annotation Properties
General Axioms
Namespace Declarations
Classes
annotation
annotation type
any license info
byte offset pointer
checksum
checksum algorithm
compound pointer
conjunctive license set
creation info
disjunctive license set
external document ref
external ref
extracted licensing info
file
file type
license
license exception
line char pointer
listed license
offset pointer
or later operator
package
package verification code
pointer
reference category
reference type
relationship
relationship type
review
simple licensing info
single pointer
snippet
spdx document
spdx element
spdx item
start end pointer
with exception operator
annotation
back to
ToC
or
Class ToC
IRI:
An Annotation is a comment on an SpdxItem by an agent.
has super-classes
annotation type
op
exactly
annotation type
annotation date
dp
exactly
comment
dp
exactly
annotator
dp
exactly
is in domain of
annotation date
dp
annotation type
op
annotator
dp
date
dp
is in range of
annotation
op
is disjoint with
relationship
spdx element
annotation type
back to
ToC
or
Class ToC
IRI:
This type describes the type of annotation. Annotations are usually created when someone reviews the file, and if this is the case the annotation type should be REVIEW.
has members
annotation type other
ni
annotation type review
ni
any license info
back to
ToC
or
Class ToC
IRI:
is defined by
The AnyLicenseInfo class includes all resources that represent licensing information.
has sub-classes
conjunctive license set
disjunctive license set
or later operator
simple licensing info
with exception operator
is in range of
license declared
op
member
op
byte offset pointer
back to
ToC
or
Class ToC
IRI:
has super-classes
offset pointer
offset
dp
exactly
checksum
back to
ToC
or
Class ToC
IRI:
A Checksum is value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change its checksum. This class allows the results of a variety of checksum and cryptographic message digest algorithms to be represented.
has super-classes
checksum value
dp
exactly
algorithm
op
exactly
checksum algorithm
is in domain of
algorithm
op
checksum value
dp
is in range of
checksum
op
checksum algorithm
back to
ToC
or
Class ToC
IRI:
Algorighm for Checksums.
has members
checksum algorithm md2
ni
checksum algorithm md4
ni
checksum algorithm md5
ni
checksum algorithm md6
ni
checksum algorithm sha1
ni
checksum algorithm sha224
ni
checksum algorithm sha256
ni
checksum algorithm sha384
ni
checksum algorithm sha512
ni
compound pointer
back to
ToC
or
Class ToC
IRI:
has super-classes
pointer
has sub-classes
start end pointer
is in domain of
end pointer
op
start pointer
op
is in range of
range
op
conjunctive license set
back to
ToC
or
Class ToC
IRI:
A ConjunctiveLicenseSet represents a set of licensing information all of which apply.
has super-classes
any license info
container
member
op
min
any license info
creation info
back to
ToC
or
Class ToC
IRI:
One instance is required for each SPDX file produced. It provides the necessary information for forward and backward compatibility for processing tools.
has super-classes
creator
dp
min
comment
dp
max
created
dp
exactly
license list version
dp
max
is in domain of
created
dp
creator
dp
date
dp
license list version
dp
is in range of
creation info
op
disjunctive license set
back to
ToC
or
Class ToC
IRI:
A DisjunctiveLicenseSet represents a set of licensing information where only one license applies at a time. This class implies that the recipient gets to choose one of these licenses they would prefer to use.
has super-classes
any license info
container
member
op
min
any license info
external document ref
back to
ToC
or
Class ToC
IRI:
Information about an external SPDX document reference including the checksum. This allows for verification of the external references.
has super-classes
spdx document
op
exactly
spdx document
external document id
dp
exactly
checksum
op
exactly
checksum
is in domain of
external document id
dp
spdx document
op
external ref
back to
ToC
or
Class ToC
IRI:
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package.
has super-classes
comment
dp
max
reference locator
dp
exactly
reference category
op
exactly
reference category
reference type
op
exactly
reference type
is in domain of
reference category
op
reference locator
dp
reference type
op
is in range of
external ref
op
extracted licensing info
back to
ToC
or
Class ToC
IRI:
An ExtractedLicensingInfo represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a License rather than an ExtractedLicensingInfo.
has super-classes
simple licensing info
extracted text
dp
exactly
is in domain of
extracted text
dp
has extracted licensing info
op
file
back to
ToC
or
Class ToC
IRI:
A File represents a named sequence of information that is contained in a software package.
has super-classes
spdx item
checksum
op
min
checksum
notice text
dp
max
file name
dp
exactly
file dependency
op
min
file
file contributor
dp
min
file type
op
min
file type
artifact of
op
min
project
license info in file
op
min
any license info
is in domain of
file contributor
dp
file dependency
op
file name
dp
file type
op
license info in file
op
notice text
dp
is in range of
file dependency
op
has file
op
references file
op
snippet from file
op
is disjoint with
snippet
file type
back to
ToC
or
Class ToC
IRI:
Type of file.
has members
file type application
ni
file type archive
ni
file type audio
ni
file type binary
ni
file type documentation
ni
file type image
ni
file type other
ni
file type source
ni
file type spdx
ni
file type text
ni
file type video
ni
license
back to
ToC
or
Class ToC
IRI:
A License represents a copyright license. The SPDX license list website is annotated with these properties (using RDFa) to allow license data published there to be easily processed. The license list is populated in accordance with the License List fields guidelines. These guidelines are not normative and may change over time. SPDX tooling should not rely on values in the license list conforming to the current guidelines.
has super-classes
simple licensing info
is fsf libre
dp
max
standard license header template
dp
max
license text
dp
exactly
is deprecated license id
dp
max
standard license header
dp
max
standard license template
dp
max
is osi approved
dp
exactly
has sub-classes
listed license
is in domain of
is fsf libre
dp
is osi approved
dp
license text
dp
standard license header
dp
standard license template
dp
license exception
back to
ToC
or
Class ToC
IRI:
An exception to a license.
has super-classes
example
dp
max
see also
dp
min
comment
dp
exactly
license exception text
dp
exactly
name
dp
exactly
license exception id
dp
exactly
is in domain of
example
dp
license exception id
dp
license exception text
dp
is in range of
license exception
op
line char pointer
back to
ToC
or
Class ToC
IRI:
has super-classes
offset pointer
line number
dp
exactly
is in domain of
line number
dp
listed license
back to
ToC
or
Class ToC
IRI:
A license which is included in the SPDX License List (
).
has super-classes
license
is deprecated license id
dp
max
is in domain of
is deprecated license id
dp
standard license header template
dp
offset pointer
back to
ToC
or
Class ToC
IRI:
has super-classes
single pointer
has sub-classes
byte offset pointer
line char pointer
is in domain of
offset
dp
or later operator
back to
ToC
or
Class ToC
IRI:
A license with an or later operator indicating this license version or any later version of the license
has super-classes
any license info
member
op
exactly
simple licensing info
package
back to
ToC
or
Class ToC
IRI:
A Package represents a collection of software files that are delivered as a single functional component.
has super-classes
spdx item
description
dp
max
homepage
dp
max
package verification code
op
max
package verification code
package file name
dp
max
checksum
op
min
checksum
external ref
op
min
external ref
supplier
dp
max
has file
op
min
file
originator
dp
max
files analyzed
dp
max
version info
dp
max
download location
dp
exactly
source info
dp
max
summary
dp
max
license declared
op
value
noassertion
or
license declared
op
value
none
or
license declared
op
exactly
any license info
is in domain of
description
dp
download location
dp
external ref
op
files analyzed
dp
has file
op
homepage
dp
license info from files
op
originator
dp
package file name
dp
package name
dp
package verification code
op
source info
dp
summary
dp
supplier
dp
version info
dp
is in range of
describes package
op
package verification code
back to
ToC
or
Class ToC
IRI:
A manifest based verification code (the algorithm is defined in section 4.7 of the full specification) of the SPDX Item. This allows consumers of this data and/or database to determine if an SPDX item they have in hand is identical to the SPDX item from which the data was produced. This algorithm works even if the SPDX document is included in the SPDX item.
has super-classes
package verification code excluded file
dp
min
package verification code value
dp
exactly
is in domain of
package verification code excluded file
dp
package verification code value
dp
is in range of
package verification code
op
pointer
back to
ToC
or
Class ToC
IRI:
has sub-classes
compound pointer
single pointer
reference category
back to
ToC
or
Class ToC
IRI:
Category used for ExternalRef
has members
reference category other
ni
reference category package manager
ni
reference category persistent id
ni
reference category security
ni
reference type
back to
ToC
or
Class ToC
IRI:
Types used to external reference identifiers.
has super-classes
contextual example
dp
exactly
documentation
dp
exactly
external reference site
dp
exactly
is in domain of
contextual example
dp
documentation
dp
external reference site
dp
is in range of
reference type
op
relationship
back to
ToC
or
Class ToC
IRI:
A Relationship represents a relationship between two SpdxElements.
has super-classes
comment
dp
max
related spdx element
op
exactly
spdx element
relationship type
op
exactly
relationship type
is in domain of
related spdx element
op
relationship type
op
is in range of
relationship
op
is disjoint with
annotation
spdx element
relationship type
back to
ToC
or
Class ToC
IRI:
Type of relationship.
has members
relationship type amendment
ni
relationship type ancestor of
ni
relationship type build dependency of
ni
relationship type build tool of
ni
relationship type contained by
ni
relationship type contains
ni
relationship type copy of
ni
relationship type data file
ni
relationship type data file of
ni
relationship type dependency manifest of
ni
relationship type dependency of
ni
relationship type depends on
ni
relationship type descendant of
ni
relationship type described by
ni
relationship type describes
ni
relationship type dev dependency of
ni
relationship type dev tool of
ni
relationship type distribution artifact
ni
relationship type documentation
ni
relationship type dynamic link
ni
relationship type example of
ni
relationship type expanded from archive
ni
relationship type file added
ni
relationship type file deleted
ni
relationship type file modified
ni
relationship type generated from
ni
relationship type generates
ni
relationship type has prerequisite
ni
relationship type metafile of
ni
relationship type optional component of
ni
relationship type optional dependency of
ni
relationship type other
ni
relationship type package of
ni
relationship type patch applied
ni
relationship type patch for
ni
relationship type prerequisite for
ni
relationship type provided dependency of
ni
relationship type runtime dependency of
ni
relationship type static link
ni
relationship type test dependency of
ni
relationship type test of
ni
relationship type test tool of
ni
relationship type testcase of
ni
relationship type variant of
ni
review
back to
ToC
or
Class ToC
IRI:
has super-classes
review date
dp
exactly
comment
dp
max
reviewer
dp
max
is in domain of
review date
dp
reviewer
dp
is in range of
reviewed
op
simple licensing info
back to
ToC
or
Class ToC
IRI:
The SimpleLicenseInfo class includes all resources that represent simple, atomic, licensing information.
has super-classes
any license info
license id
dp
exactly
see also
dp
min
comment
dp
max
name
dp
exactly
has sub-classes
extracted licensing info
license
is in domain of
license id
dp
single pointer
back to
ToC
or
Class ToC
IRI:
has super-classes
pointer
reference
op
exactly
file
has sub-classes
offset pointer
is in domain of
reference
op
is in range of
end pointer
op
start pointer
op
snippet
back to
ToC
or
Class ToC
IRI:
The set of bytes in a file. The name of the snippet is the name of the file appended with the byte range in parenthesis (ie: "./file/name(2145:5532)")
has super-classes
spdx item
snippet from file
op
exactly
file
range
op
min
start end pointer
license info in snippet
op
min
any license info
is in domain of
license info in snippet
op
range
op
snippet from file
op
snippet name
dp
is disjoint with
file
spdx document
back to
ToC
or
Class ToC
IRI:
An SpdxDocument is a summary of the contents, provenance, ownership and licensing analysis of a specific software package. This is, effectively, the top level of SPDX information.
has super-classes
spdx element
external document ref
op
min
external document ref
has extracted licensing info
op
min
extracted licensing info
spec version
dp
exactly
data license
op
value
c c0 1.0
data license
op
exactly
any license info
creation info
op
exactly
creation info
describes package
op
min
package
reviewed
op
min
review
is in domain of
creation info
op
data license
op
describes package
op
external document ref
op
has extracted licensing info
op
references file
op
reviewed
op
spec version
dp
is in range of
spdx document
op
spdx element
back to
ToC
or
Class ToC
IRI:
An SpdxElement is any thing described in SPDX, either a document or an SpdxItem. SpdxElements can be related to other SpdxElements.
has super-classes
relationship
op
min
relationship
name
dp
exactly
comment
dp
max
annotation
op
min
annotation
has sub-classes
spdx document
spdx item
is in domain of
annotation
op
artifact of
op
name
dp
relationship
op
is in range of
related spdx element
op
is disjoint with
annotation
relationship
spdx item
back to
ToC
or
Class ToC
IRI:
An SpdxItem is a potentially copyrightable work.
has super-classes
spdx element
attribution text
dp
min
license info from files
op
min
simple licensing info
copyright text
dp
exactly
license concluded
op
value
noassertion
or
license concluded
op
value
none
or
license concluded
op
exactly
any license info
license comments
dp
max
has sub-classes
file
package
snippet
is in domain of
attribution text
dp
copyright text
dp
license comments
dp
license concluded
op
license declared
op
start end pointer
back to
ToC
or
Class ToC
IRI:
has super-classes
compound pointer
end pointer
op
exactly
single pointer
start pointer
op
exactly
single pointer
with exception operator
back to
ToC
or
Class ToC
IRI:
Sometimes a set of license terms apply except under special circumstances. In this case, use the binary "WITH" operator to construct a new license expression to represent the special exception situation. A valid
is where the left operand is a
value and the right operand is a
that represents the special exception terms.
has super-classes
any license info
license exception
op
exactly
license exception
member
op
exactly
simple licensing info
is in domain of
license exception
op
Object Properties
algorithm
annotation
annotation type
artifact of
checksum
creation info
data license
describes package
end pointer
external document ref
external ref
file dependency
file type
has extracted licensing info
has file
license concluded
license declared
license exception
license info from files
license info in file
license info in snippet
member
package verification code
range
reference
reference category
reference type
references file
related spdx element
relationship
relationship type
reviewed
snippet from file
spdx document
start pointer
algorithm
op
back to
ToC
or
Object Property ToC
IRI:
Identifies the algorithm used to produce the subject Checksum. Currently, SHA-1 is the only supported algorithm. It is anticipated that other algorithms will be supported at a later time.
has domain
checksum
has range
algorithm
op
value
checksum algorithm md5
or
algorithm
op
value
checksum algorithm sha1
or
algorithm
op
value
checksum algorithm sha256
annotation
op
back to
ToC
or
Object Property ToC
IRI:
Provide additional information about an SpdxElement.
has domain
spdx element
has range
annotation
annotation type
op
back to
ToC
or
Object Property ToC
IRI:
Type of the annotation.
has domain
annotation
has range
annotation type
op
value
annotation type other
or
annotation type
op
value
annotation type review
artifact of
op
back to
ToC
or
Object Property ToC
IRI:
Indicates the project in which the SpdxElement originated. Tools must preserve doap:homepage and doap:name properties and the URI (if one is known) of doap:Project resources that are values of this property. All other properties of doap:Projects are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.
has domain
spdx element
has range
project
checksum
op
back to
ToC
or
Object Property ToC
IRI:
The checksum property provides a mechanism that can be used to verify that the contents of a File or Package have not changed.
has domain
file
or
package
has range
checksum
creation info
op
back to
ToC
or
Object Property ToC
IRI:
The creationInfo property relates an SpdxDocument to a set of information about the creation of the SpdxDocument.
has domain
spdx document
has range
creation info
data license
op
back to
ToC
or
Object Property ToC
IRI:
Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata"). The SPDX specification contains numerous fields where an SPDX document creator may provide relevant explanatory text in SPDX-Metadata. Without opining on the lawfulness of "database rights" (in jurisdictions where applicable), such explanatory text is copyrightable subject matter in most Berne Convention countries. By using the SPDX specification, or any portion hereof, you hereby agree that any copyright rights (as determined by your jurisdiction) in any SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the Creative Commons CC0 1.0 Universal license. For SPDX-Metadata not containing any copyright rights, you hereby agree and acknowledge that the SPDX-Metadata is provided to you "as-is" and without any representations or warranties of any kind concerning the SPDX-Metadata, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non-infringement, or the absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
has characteristics:
functional
has domain
spdx document
has range
data license
op
value
c c0 1.0
describes package
op
back to
ToC
or
Object Property ToC
IRI:
The describesPackage property relates an SpdxDocument to the package which it describes.
has domain
spdx document
has range
package
end pointer
op
back to
ToC
or
Object Property ToC
IRI:
has domain
compound pointer
has range
single pointer
external document ref
op
back to
ToC
or
Object Property ToC
IRI:
Identify any external SPDX documents referenced within this SPDX document.
has domain
spdx document
external ref
op
back to
ToC
or
Object Property ToC
IRI:
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package.
has domain
package
has range
external ref
file dependency
op
back to
ToC
or
Object Property ToC
IRI:
has domain
file
has range
file
file type
op
back to
ToC
or
Object Property ToC
IRI:
The type of the file.
has domain
file
has range
file type
op
value
file type archive
or
file type
op
value
file type binary
or
file type
op
value
file type other
or
file type
op
value
file type source
has extracted licensing info
op
back to
ToC
or
Object Property ToC
IRI:
Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument.
has domain
extracted licensing info
spdx document
has file
op
back to
ToC
or
Object Property ToC
IRI:
Indicates that a particular file belongs to a package.
has domain
package
has range
file
license concluded
op
back to
ToC
or
Object Property ToC
IRI:
The licensing that the preparer of this SPDX document has concluded, based on the evidence, actually applies to the package.
has characteristics:
functional
has domain
spdx item
has range
any license info
or
license concluded
op
value
noassertion
or
license concluded
op
value
none
license declared
op
back to
ToC
or
Object Property ToC
IRI:
The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist.
has domain
spdx item
has range
any license info
license exception
op
back to
ToC
or
Object Property ToC
IRI:
An exception to a license.
has domain
with exception operator
has range
license exception
license info from files
op
back to
ToC
or
Object Property ToC
IRI:
The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of alllicenseInfoInFile properties of all files contained in the package.
has sub-properties
license info in file
op
license info in snippet
op
has domain
package
has range
simple licensing info
or
license info from files
op
value
noassertion
or
license info from files
op
value
none
license info in file
op
back to
ToC
or
Object Property ToC
IRI:
Licensing information that was discovered directly in the subject file. This is also considered a declared license for the file.
has super-properties
license info from files
op
has domain
file
has range
simple licensing info
or
license info in file
op
value
noassertion
or
license info in file
op
value
none
license info in snippet
op
back to
ToC
or
Object Property ToC
IRI:
Licensing information that was discovered directly in the subject snippet. This is also considered a declared license for the snippet.
has super-properties
license info from files
op
has domain
snippet
has range
simple licensing info
or
license info in file
op
value
noassertion
or
license info in file
op
value
none
member
op
back to
ToC
or
Object Property ToC
IRI:
A license, or other licensing information, that is a member of the subject license set.
has domain
conjunctive license set
or
disjunctive license set
or
with exception operator
has range
any license info
package verification code
op
back to
ToC
or
Object Property ToC
IRI:
A manifest based verification code (the algorithm is defined in section 3.9.4 of the full specification) of the package. This allows consumers of this data and/or database to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package.
has domain
package
has range
package verification code
range
op
back to
ToC
or
Object Property ToC
IRI:
This field defines the byte range in the original host file (in X.2) that the snippet information applies to
has domain
snippet
has range
compound pointer
reference
op
back to
ToC
or
Object Property ToC
IRI:
has domain
single pointer
reference category
op
back to
ToC
or
Object Property ToC
IRI:
Category for the external reference
has domain
external ref
has range
reference category
op
value
reference category other
or
reference category
op
value
reference category package manager
or
reference category
op
value
reference category security
reference type
op
back to
ToC
or
Object Property ToC
IRI:
Type of the external reference. These are definined in an appendix in the SPDX specification.
has domain
external ref
has range
reference type
references file
op
back to
ToC
or
Object Property ToC
IRI:
Indicates that a particular file belongs as part of the set of analyzed files in the SpdxDocument.
has domain
spdx document
has range
file
related spdx element
op
back to
ToC
or
Object Property ToC
IRI:
A related SpdxElement.
has domain
relationship
has range
spdx element
relationship
op
back to
ToC
or
Object Property ToC
IRI:
Defines a relationship between two SPDX elements. The SPDX element may be a Package, File, or SpdxDocument.
has domain
spdx element
has range
relationship
relationship type
op
back to
ToC
or
Object Property ToC
IRI:
Describes the type of relationship between two SPDX elements.
has domain
relationship
has range
relationship type
op
value
relationship type amendment
or
relationship type
op
value
relationship type ancestor of
or
relationship type
op
value
relationship type build tool of
or
relationship type
op
value
relationship type contained by
or
relationship type
op
value
relationship type contains
or
relationship type
op
value
relationship type copy of
or
relationship type
op
value
relationship type data file
or
relationship type
op
value
relationship type data file of
or
relationship type
op
value
relationship type descendant of
or
relationship type
op
value
relationship type described by
or
relationship type
op
value
relationship type describes
or
relationship type
op
value
relationship type distribution artifact
or
relationship type
op
value
relationship type documentation
or
relationship type
op
value
relationship type dynamic link
or
relationship type
op
value
relationship type expanded from archive
or
relationship type
op
value
relationship type file added
or
relationship type
op
value
relationship type file deleted
or
relationship type
op
value
relationship type file modified
or
relationship type
op
value
relationship type generated from
or
relationship type
op
value
relationship type generates
or
relationship type
op
value
relationship type has prerequisite
or
relationship type
op
value
relationship type metafile of
or
relationship type
op
value
relationship type optional component of
or
relationship type
op
value
relationship type other
or
relationship type
op
value
relationship type package of
or
relationship type
op
value
relationship type patch applied
or
relationship type
op
value
relationship type patch for
or
relationship type
op
value
relationship type prerequisite for
or
relationship type
op
value
relationship type static link
or
relationship type
op
value
relationship type testcase of
or
relationship type
op
value
relationship type variant of
reviewed
op
back to
ToC
or
Object Property ToC
IRI:
Reviewed
has domain
spdx document
has range
review
is also defined as
named individual
snippet from file
op
back to
ToC
or
Object Property ToC
IRI:
File containing the SPDX element (e.g. the file contaning a snippet).
has domain
snippet
has range
file
spdx document
op
back to
ToC
or
Object Property ToC
IRI:
A propoerty containing an SPDX document.
has domain
external document ref
has range
spdx document
start pointer
op
back to
ToC
or
Object Property ToC
IRI:
has domain
compound pointer
has range
single pointer
Data Properties
annotation date
annotator
attribution text
checksum value
comment
contextual example
copyright text
created
creator
date
description
documentation
download location
example
external document id
external reference site
extracted text
file contributor
file name
files analyzed
homepage
is deprecated license id
is fsf libre
is osi approved
license comments
license exception id
license exception text
license id
license list version
license text
line number
name
notice text
offset
originator
package file name
package name
package verification code excluded file
package verification code value
reference locator
review date
reviewer
snippet name
source info
spec version
standard license header
standard license header template
standard license template
summary
supplier
version info
annotation date
dp
back to
ToC
or
Data Property ToC
IRI:
Identify when the comment was made. This is to be specified according to the combined date and time in the UTC format, as specified in the ISO 8601 standard.
has super-properties
date
dp
has domain
annotation
has range
date time
annotator
dp
back to
ToC
or
Data Property ToC
IRI:
This field identifies the person, organization or tool that has commented on a file, package, or the entire document.
has domain
annotation
has range
string
is also defined as
named individual
attribution text
dp
back to
ToC
or
Data Property ToC
IRI:
This field provides a place for the SPDX data creator to record acknowledgements that may be required to be communicated in some contexts. This is not meant to include theactual complete license text (see licenseConculded and licenseDeclared), and may or may not include copyright notices (see also copyrightText). The SPDX data creator may use this field to record other acknowledgements, such as particular clauses from license texts, which may be necessary or desirable to reproduce.
has domain
spdx item
has range
string
checksum value
dp
back to
ToC
or
Data Property ToC
IRI:
The checksumValue property provides a lower case hexidecimal encoded digest value produced using a specific algorithm.
has characteristics:
functional
has domain
checksum
has range
hex binary
comment
dp
back to
ToC
or
Data Property ToC
IRI:
has range
string
is also defined as
annotation property
contextual example
dp
back to
ToC
or
Data Property ToC
IRI:
Example for use of the external repository identifier
has domain
reference type
has range
string
copyright text
dp
back to
ToC
or
Data Property ToC
IRI:
The text of copyright declarations recited in the Package or File.
has domain
spdx item
has range
literal
string
created
dp
back to
ToC
or
Data Property ToC
IRI:
Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard. This field is distinct from the fields in section 8, which involves the addition of information during a subsequent review.
has super-properties
date
dp
has domain
creation info
has range
date time
creator
dp
back to
ToC
or
Data Property ToC
IRI:
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name. If the SPDX file was created on behalf of a company or organization, indicate the entity name. If the SPDX file was created using a software tool, indicate the name and version for that tool. If multiple participants or tools were involved, use multiple instances of this field. Person name or organization name may be designated as “anonymous” if appropriate.
has domain
creation info
has range
string
date
dp
back to
ToC
or
Data Property ToC
IRI:
A date-time stamp.
has sub-properties
annotation date
dp
created
dp
has domain
annotation
creation info
has range
date time
description
dp
back to
ToC
or
Data Property ToC
IRI:
Provides a detailed description of the package.
has domain
package
has range
string
documentation
dp
back to
ToC
or
Data Property ToC
IRI:
Website containing the documentation related to the repository identifier
has domain
reference type
has range
any u r i
download location
dp
back to
ToC
or
Data Property ToC
IRI:
The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are acceptable as values of this property. The values
and
may be used to specify that the package is not downloadable or that no attempt was made to determine its download location, respectively.
has domain
package
has range
any u r i
example
dp
back to
ToC
or
Data Property ToC
IRI:
Text for examples in describing an SPDX element.
has domain
license exception
has range
string
external document id
dp
back to
ToC
or
Data Property ToC
IRI:
externalDocumentId is a string containing letters, numbers, ., - and/or + which uniquely identifies an external document within this document.
has domain
external document ref
has range
string
external reference site
dp
back to
ToC
or
Data Property ToC
IRI:
Website for the maintainers of the external reference site
has domain
reference type
has range
any u r i
extracted text
dp
back to
ToC
or
Data Property ToC
IRI:
Verbatim license or licensing notice text that was discovered.
has domain
extracted licensing info
has range
string
file contributor
dp
back to
ToC
or
Data Property ToC
IRI:
This field provides a place for the SPDX file creator to record file contributors. Contributors could include names of copyright holders and/or authors who may not be copyright holders yet contributed to the file content.
has domain
file
has range
string
file name
dp
back to
ToC
or
Data Property ToC
IRI:
The name of the file relative to the root of the package.
has super-properties
name
dp
has domain
file
has range
string
files analyzed
dp
back to
ToC
or
Data Property ToC
IRI:
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document. If false indicates packages that represent metadata or URI references to a project, product, artifact, distribution or a component. If set to false, the package must not contain any files.
has domain
package
has range
boolean
homepage
dp
back to
ToC
or
Data Property ToC
IRI:
has domain
package
has range
any u r i
is deprecated license id
dp
back to
ToC
or
Data Property ToC
IRI:
has domain
listed license
has range
boolean
is fsf libre
dp
back to
ToC
or
Data Property ToC
IRI:
has domain
license
has range
boolean
is osi approved
dp
back to
ToC
or
Data Property ToC
IRI:
Indicates if the OSI has approved the license.
has domain
license
has range
boolean
license comments
dp
back to
ToC
or
Data Property ToC
IRI:
The licenseComments property allows the preparer of the SPDX document to describe why the licensing in spdx:licenseConcluded was chosen.
has domain
spdx item
has range
string
license exception id
dp
back to
ToC
or
Data Property ToC
IRI:
Short form license exception identifier in Appendix I.2 of the SPDX specification.
has domain
license exception
has range
string
license exception text
dp
back to
ToC
or
Data Property ToC
IRI:
Full text of the license exception.
has domain
license exception
has range
string
license id
dp
back to
ToC
or
Data Property ToC
IRI:
A human readable short form license identifier for a license. The license ID is iether on the standard license oist or the form "LicenseRef-"[idString] where [idString] is a unique string containing letters, numbers, ".", "-" or "+".
has domain
simple licensing info
has range
string
license list version
dp
back to
ToC
or
Data Property ToC
IRI:
An optional field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created.
has characteristics:
functional
has domain
creation info
has range
string
license text
dp
back to
ToC
or
Data Property ToC
IRI:
Full text of the license.
has domain
license
has range
string
line number
dp
back to
ToC
or
Data Property ToC
IRI:
has domain
line char pointer
has range
positive integer
name
dp
back to
ToC
or
Data Property ToC
IRI:
Identify name of this SpdxElement.
has sub-properties
file name
dp
package name
dp
snippet name
dp
has domain
spdx element
has range
string
notice text
dp
back to
ToC
or
Data Property ToC
IRI:
This field provides a place for the SPDX file creator to record potential legal notices found in the file. This may or may not include copyright statements.
has domain
file
has range
string
offset
dp
back to
ToC
or
Data Property ToC
IRI:
has domain
offset pointer
has range
positive integer
originator
dp
back to
ToC
or
Data Property ToC
IRI:
The name and, optionally, contact information of the person or organization that originally created the package. Values of this property must conform to the agent and tool syntax.
has domain
package
has range
string
package file name
dp
back to
ToC
or
Data Property ToC
IRI:
The base name of the package file name. For example, zlib-1.2.5.tar.gz.
has domain
package
has range
string
package name
dp
back to
ToC
or
Data Property ToC
IRI:
Identify the full name of the package as given by Package Originator.
has super-properties
name
dp
has domain
package
has range
string
package verification code excluded file
dp
back to
ToC
or
Data Property ToC
IRI:
A file that was excluded when calculating the package verification code. This is usually a file containing SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded from the package verification code. If this is not done it would be impossible to correctly calculate the verification codes in both files.
has domain
package verification code
has range
string
package verification code value
dp
back to
ToC
or
Data Property ToC
IRI:
The actual package verification code as a hex encoded value.
has domain
package verification code
has range
hex binary
reference locator
dp
back to
ToC
or
Data Property ToC
IRI:
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location. The format of the locator is subject to constraints defined by the
has domain
external ref
has range
string
review date
dp
back to
ToC
or
Data Property ToC
IRI:
The date and time at which the SpdxDocument was reviewed. This value must be in UTC and have 'Z' as its timezone indicator.
has domain
review
has range
date time
reviewer
dp
back to
ToC
or
Data Property ToC
IRI:
The name and, optionally, contact information of the person who performed the review. Values of this property must conform to the agent and tool syntax.
has domain
review
has range
string
snippet name
dp
back to
ToC
or
Data Property ToC
IRI:
Identify a specific snippet in a human convenient manner.
has super-properties
name
dp
has domain
snippet
has range
string
source info
dp
back to
ToC
or
Data Property ToC
IRI:
Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source.
has domain
package
has range
string
spec version
dp
back to
ToC
or
Data Property ToC
IRI:
Provide a reference number that can be used to understand how to parse and interpret the rest of the file. It will enable both future changes to the specification and to support backward compatibility. The version number consists of a major and minor version indicator. The major field will be incremented when incompatible changes between versions are made (one or more sections are created, modified or deleted). The minor field will be incremented when backwards compatible changes are made.
has domain
spdx document
has range
string
standard license header
dp
back to
ToC
or
Data Property ToC
IRI:
License author's preferred text to indicated that a file is covered by the license.
has domain
license
has range
string
standard license header template
dp
back to
ToC
or
Data Property ToC
IRI:
License template which describes sections of the license header which can be varied. See License Template section of the specification for format information.
has domain
listed license
has range
string
standard license template
dp
back to
ToC
or
Data Property ToC
IRI:
License template which describes sections of the license which can be varied. See License Template section of the specification for format information.
has domain
license
has range
string
summary
dp
back to
ToC
or
Data Property ToC
IRI:
Provides a short description of the package.
has domain
package
has range
string
supplier
dp
back to
ToC
or
Data Property ToC
IRI:
The name and, optionally, contact information of the person or organization who was the immediate supplier of this package to the recipient. The supplier may be different than originator when the software has been repackaged. Values of this property must conform to the agent and tool syntax.
has domain
package
has range
string
version info
dp
back to
ToC
or
Data Property ToC
IRI:
Provides an indication of the version of the package that is described by this SpdxDocument.
has domain
package
has range
string
Named Individuals
annotation type other
annotation type review
annotator
checksum algorithm md2
checksum algorithm md4
checksum algorithm md5
checksum algorithm md6
checksum algorithm sha1
checksum algorithm sha224
checksum algorithm sha256
checksum algorithm sha384
checksum algorithm sha512
file type application
file type archive
file type audio
file type binary
file type documentation
file type image
file type other
file type source
file type spdx
file type text
file type video
noassertion
none
reference category other
reference category package manager
reference category persistent id
reference category security
relationship type amendment
relationship type ancestor of
relationship type build dependency of
relationship type build tool of
relationship type contained by
relationship type contains
relationship type copy of
relationship type data file
relationship type data file of
relationship type dependency manifest of
relationship type dependency of
relationship type depends on
relationship type descendant of
relationship type described by
relationship type describes
relationship type dev dependency of
relationship type dev tool of
relationship type distribution artifact
relationship type documentation
relationship type dynamic link
relationship type example of
relationship type expanded from archive
relationship type file added
relationship type file deleted
relationship type file modified
relationship type generated from
relationship type generates
relationship type has prerequisite
relationship type metafile of
relationship type optional component of
relationship type optional dependency of
relationship type other
relationship type package of
relationship type patch applied
relationship type patch for
relationship type prerequisite for
relationship type provided dependency of
relationship type runtime dependency of
relationship type static link
relationship type test dependency of
relationship type test of
relationship type test tool of
relationship type testcase of
relationship type variant of
reviewed
annotation type other
ni
back to
ToC
or
Named Individual ToC
IRI:
Type of annotation which does not fit in any of the pre-defined annotation types.
belongs to
annotation type
has facts
comment
dp
"Type of annotation which does not fit in any of the pre-defined annotation types."@en
annotation type review
ni
back to
ToC
or
Named Individual ToC
IRI:
A Review represents an audit and signoff by an individual, organization or tool on the information for an SpdxElement.
belongs to
annotation type
has facts
comment
dp
"A Review represents an audit and signoff by an individual, organization or tool on the information for an SpdxElement."@en
annotator
ni
back to
ToC
or
Named Individual ToC
IRI:
This field identifies the person, organization or tool that has commented on a file, package, or the entire document.
has facts
comment
dp
"This field identifies the person, organization or tool that has commented on a file, package, or the entire document."
is also defined as
data property
checksum algorithm md2
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was MD2
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was MD2"
checksum algorithm md4
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was MD4
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was MD4"
checksum algorithm md5
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was MD5
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was MD5"@en
checksum algorithm md6
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was MD6
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was MD6"@en
checksum algorithm sha1
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was SHA-1
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was SHA-1"
checksum algorithm sha224
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was SHA224
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was SHA224"@en
checksum algorithm sha256
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was SHA256
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was SHA256"@en
checksum algorithm sha384
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was SHA384
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was SHA384"@en
checksum algorithm sha512
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the algorithm used was SHA512
belongs to
checksum algorithm
has facts
comment
dp
"Indicates the algorithm used was SHA512"@en
file type application
ni
back to
ToC
or
Named Individual ToC
IRI:
The file is associated with a specific application type (MIME type of application/* )
belongs to
file type
has facts
comment
dp
" The file is associated with a specific application type (MIME type of application/* )"@en
file type archive
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the file is an archive file.
belongs to
file type
has facts
comment
dp
"Indicates the file is an archive file."@en
file type audio
ni
back to
ToC
or
Named Individual ToC
IRI:
The file is associated with an audio file (MIME type of audio/
, ie. .mp3 );
IMAGE if the file is assoicated with an picture image file (MIME type of image/
, ie. .jpg, .gif )
belongs to
file type
has facts
comment
dp
"The file is associated with an audio file (MIME type of audio/* , ie. .mp3 );
IMAGE if the file is assoicated with an picture image file (MIME type of image/*, ie. .jpg, .gif )"@en
file type binary
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the file is not a text file. spdx:filetype_archive is preferred for archive files even though they are binary.
belongs to
file type
has facts
comment
dp
"Indicates the file is not a text file. spdx:filetype_archive is preferred for archive files even though they are binary."@en
file type documentation
ni
back to
ToC
or
Named Individual ToC
IRI:
The file serves as documentation.
belongs to
file type
has facts
comment
dp
"The file serves as documentation."@en
file type image
ni
back to
ToC
or
Named Individual ToC
IRI:
The file is assoicated with an picture image file (MIME type of image/*, ie. .jpg, .gif ).
belongs to
file type
has facts
comment
dp
"The file is assoicated with an picture image file (MIME type of image/*, ie. .jpg, .gif )."@en
file type other
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the file is not a source, archive or binary file.
belongs to
file type
has facts
comment
dp
"Indicates the file is not a source, archive or binary file."@en
file type source
ni
back to
ToC
or
Named Individual ToC
IRI:
Indicates the file is a source code file.
belongs to
file type
has facts
comment
dp
"Indicates the file is a source code file."@en
file type spdx
ni
back to
ToC
or
Named Individual ToC
IRI:
The file is an SPDX document.
belongs to
file type
has facts
comment
dp
"The file is an SPDX document."@en
file type text
ni
back to
ToC
or
Named Individual ToC
IRI:
The file is human readable text file (MIME type of text/*).
belongs to
file type
has facts
comment
dp
"The file is human readable text file (MIME type of text/*)."@en
file type video
ni
back to
ToC
or
Named Individual ToC
IRI:
The file is associated with a video file type (MIME type of video/*).
belongs to
file type
has facts
comment
dp
"The file is associated with a video file type (MIME type of video/*)."@en
noassertion
ni
back to
ToC
or
Named Individual ToC
IRI:
Individual to indiate the creator of the SPDX document does not assert any value for the object.
has facts
comment
dp
"Individual to indiate the creator of the SPDX document does not assert any value for the object."
none
ni
back to
ToC
or
Named Individual ToC
IRI:
Individual to indicate that no value is applicable for the Object.
has facts
comment
dp
"Individual to indicate that no value is applicable for the Object."
reference category other
ni
back to
ToC
or
Named Individual ToC
IRI:
belongs to
reference category
reference category package manager
ni
back to
ToC
or
Named Individual ToC
IRI:
belongs to
reference category
reference category persistent id
ni
back to
ToC
or
Named Individual ToC
IRI:
These point to objects present in the Software Heritage archive by the means of persistent identifiers that are guaranteed to remain stable (persistent) over time.
belongs to
reference category
has facts
comment
dp
"These point to objects present in the Software Heritage archive by the means of persistent identifiers that are guaranteed to remain stable (persistent) over time."@en
reference category security
ni
back to
ToC
or
Named Individual ToC
IRI:
belongs to
reference category
relationship type amendment
ni
back to
ToC
or
Named Individual ToC
IRI:
To be used when SPDXRef-A amends the SPDX information in SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"To be used when SPDXRef-A amends the SPDX information in SPDXRef-B."@en
relationship type ancestor of
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_ancestorOf expresses that an SPDXElement is an ancestor of (same lineage but pre-dates) the relatedSPDXElement. For example, an upstream File is an ancestor of a modified downstream File
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_ancestorOf expresses that an SPDXElement is an ancestor of (same lineage but pre-dates) the relatedSPDXElement. For example, an upstream File is an ancestor of a modified downstream File"@en
relationship type build dependency of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a build dependency of SPDXRef-B."@en
relationship type build tool of
ni
back to
ToC
or
Named Individual ToC
IRI:
To be used when SPDXRef-A is used to to build SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"To be used when SPDXRef-A is used to to build SPDXRef-B."@en
relationship type contained by
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_containedBy expresses that an SPDXElement is contained by the relatedSPDXElement. For example, a File contained by a Package.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_containedBy expresses that an SPDXElement is contained by the relatedSPDXElement. For example, a File contained by a Package. "@en
relationship type contains
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_contains expresses that an SPDXElement contains the relatedSPDXElement. For example, a Package contains a File. (relationshipType_contains introduced in SPDX 2.0 deprecates property 'hasFile' from SPDX 1.2)
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_contains expresses that an SPDXElement contains the relatedSPDXElement. For example, a Package contains a File. (relationshipType_contains introduced in SPDX 2.0 deprecates property 'hasFile' from SPDX 1.2)"@en
relationship type copy of
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_copyOf expresses that the SPDXElement is an exact copy of the relatedSDPXElement. For example, a downstream distribution of a binary library which was copied from the upstream package.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_copyOf expresses that the SPDXElement is an exact copy of the relatedSDPXElement. For example, a downstream distribution of a binary library which was copied from the upstream package."@en
relationship type data file
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a data file used in SPDXRef-B. Replaced by relationshipType_dataFileOf
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a data file used in SPDXRef-B. Replaced by relationshipType_dataFileOf"@en
relationship type data file of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a data file used in SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a data file used in SPDXRef-B."@en
relationship type dependency manifest of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B."@en
relationship type dependency of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is dependency of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is dependency of SPDXRef-B."@en
relationship type depends on
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A depends on SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A depends on SPDXRef-B."@en
relationship type descendant of
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_descendantOf expresses that an SPDXElement is a descendant of (same lineage but post-dates) the relatedSPDXElement. For example, an downstream File that was modified is a descendant of an upstream File
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_descendantOf expresses that an SPDXElement is a descendant of (same lineage but post-dates) the relatedSPDXElement. For example, an downstream File that was modified is a descendant of an upstream File"@en
relationship type described by
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used an SPDXRef-A is described by SPDXRef-Document.
belongs to
relationship type
has facts
comment
dp
"Is to be used an SPDXRef-A is described by SPDXRef-Document."@en
relationship type describes
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A."@en
relationship type dev dependency of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a development dependency of SPDXRef-B."@en
relationship type dev tool of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a development dependency of SPDXRef-B."@en
relationship type distribution artifact
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_distributionArtifact expresses that distributing the SPDXElement requires that the relatedSPDXElement also be distributed. For example, distributing a binary File may require that a source tarball (another File) be made available with the distribuiton.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_distributionArtifact expresses that distributing the SPDXElement requires that the relatedSPDXElement also be distributed. For example, distributing a binary File may require that a source tarball (another File) be made available with the distribuiton. "@en
relationship type documentation
ni
back to
ToC
or
Named Individual ToC
IRI:
To be used when SPDXRef-A provides documentation of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"To be used when SPDXRef-A provides documentation of SPDXRef-B."@en
relationship type dynamic link
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A dynamically links to SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A dynamically links to SPDXRef-B."@en
relationship type example of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is an example of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is an example of SPDXRef-B."@en
relationship type expanded from archive
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_expandedFromArchive expresses that the SPDXElement is a file which was epanded from a relatedSPDXElement file. For example, if there is an archive file xyz.tar.gz containing a file foo.c the archive file was expanded in a directory arch/xyz, the file arch/xyz/foo.c would have a relationshipType_expandedFromArchive with the file xyz.tar.gz.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_expandedFromArchive expresses that the SPDXElement is a file which was epanded from a relatedSPDXElement file. For example, if there is an archive file xyz.tar.gz containing a file foo.c the archive file was expanded in a directory arch/xyz, the file arch/xyz/foo.c would have a relationshipType_expandedFromArchive with the file xyz.tar.gz."@en
relationship type file added
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_fileAdded expresses that the SPDXElement is a file which has been added to the relatedSPDXElement package. For example, a package (the relatedSPDXElement) has been patched to remove a file (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_fileAdded expresses that the SPDXElement is a file which has been added to the relatedSPDXElement package. For example, a package (the relatedSPDXElement) has been patched to remove a file (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present."@en
relationship type file deleted
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_fileDeleted expresses that the SPDXElement is a package where the relatedSPDXElement file has been removed. For example, a package has been patched to remove a file a file (the relatedSPDXElement resulting in the patched package (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_fileDeleted expresses that the SPDXElement is a package where the relatedSPDXElement file has been removed. For example, a package has been patched to remove a file a file (the relatedSPDXElement resulting in the patched package (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present."@en
relationship type file modified
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_fileModified expresses that the SPDXElement is a file which is a modified version of the relatedSPDXElement file. For example, a file (the SPDXElement) has been patched to modify the contents of the original file (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_fileModified expresses that the SPDXElement is a file which is a modified version of the relatedSPDXElement file. For example, a file (the SPDXElement) has been patched to modify the contents of the original file (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present."@en
relationship type generated from
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_generatedFrom expresses that an SPDXElement was generated from the relatedSPDXElement. For example, a binary File might have been generated from a source File.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_generatedFrom expresses that an SPDXElement was generated from the relatedSPDXElement. For example, a binary File might have been generated from a source File."@en
relationship type generates
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_generates expresses that an SPDXElement generates the relatedSPDXElement. For example, a source File generates a binary File.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_generates expresses that an SPDXElement generates the relatedSPDXElement. For example, a source File generates a binary File."@en
relationship type has prerequisite
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B."@en
relationship type metafile of
ni
back to
ToC
or
Named Individual ToC
IRI:
To be used when SPDXRef-A is a metafile of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"To be used when SPDXRef-A is a metafile of SPDXRef-B."@en
relationship type optional component of
ni
back to
ToC
or
Named Individual ToC
IRI:
To be used when SPDXRef-A is an optional component of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"To be used when SPDXRef-A is an optional component of SPDXRef-B."@en
relationship type optional dependency of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B."@en
relationship type other
ni
back to
ToC
or
Named Individual ToC
IRI:
to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field.
belongs to
relationship type
has facts
comment
dp
"to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field."@en
relationship type package of
ni
back to
ToC
or
Named Individual ToC
IRI:
To be used when SPDXRef-A is used as a package as part of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"To be used when SPDXRef-A is used as a package as part of SPDXRef-B."@en
relationship type patch applied
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_patchApplied expresses that the SPDXElement is a 'patchfile' that was applied and produced the relatedSPDXElement. For example, a .diff File relates to a specific file where the diff was applied.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_patchApplied expresses that the SPDXElement is a 'patchfile' that was applied and produced the relatedSPDXElement. For example, a .diff File relates to a specific file where the diff was applied."@en
relationship type patch for
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_patchFor expresses that the SPDXElement is a 'patchfile' that is designed to patch (apply modifications to) the relatedSPDXElement. For example, relationship from a .diff File to a Package it is designed to patch.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_patchFor expresses that the SPDXElement is a 'patchfile' that is designed to patch (apply modifications to) the relatedSPDXElement. For example, relationship from a .diff File to a Package it is designed to patch. "@en
relationship type prerequisite for
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B"@en
relationship type provided dependency of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B."@en
relationship type runtime dependency of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B."@en
relationship type static link
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A statically links to SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A statically links to SPDXRef-B."@en
relationship type test dependency of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a test dependency of SPDXRef-B."@en
relationship type test of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is used for testing SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is used for testing SPDXRef-B."@en
relationship type test tool of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B."@en
relationship type testcase of
ni
back to
ToC
or
Named Individual ToC
IRI:
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B.
belongs to
relationship type
has facts
comment
dp
"Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B."@en
relationship type variant of
ni
back to
ToC
or
Named Individual ToC
IRI:
A Relationship of relationshipType_variantOf expresses that an SPDXElement is a variant of the relatedSPDXElement, but it is not clear which came first. For example, if the content of two Files differs by some edit, but there is no way to tell which came first (no reliable date information), then one File is a variant of the other File.
belongs to
relationship type
has facts
comment
dp
"A Relationship of relationshipType_variantOf expresses that an SPDXElement is a variant of the relatedSPDXElement, but it is not clear which came first. For example, if the content of two Files differs by some edit, but there is no way to tell which came first (no reliable date information), then one File is a variant of the other File."@en
reviewed
ni
back to
ToC
or
Named Individual ToC
IRI:
Reviewed
has facts
comment
dp
"Reviewed"
is also defined as
object property
Annotation Properties
comment
deprecated class
deprecated property
qualified cardinality
term status
comment
ap
back to
ToC
or
Annotation Property ToC
IRI:
is also defined as
data property
deprecated class
ap
back to
ToC
or
Annotation Property ToC
IRI:
deprecated property
ap
back to
ToC
or
Annotation Property ToC
IRI:
qualified cardinality
ap
back to
ToC
or
Annotation Property ToC
IRI:
term status
ap
back to
ToC
or
Annotation Property ToC
IRI:
is defined by
General Axioms
All Disjoint Classes
back to
ToC
annotation
relationship
spdx element
Namespace Declarations
back to
ToC
default namespace
doap
licenses
ns
owl
pointers
rdf
rdfs
xsd
This HTML document was obtained by processing the OWL ontology source code through
LODE
Live OWL Documentation Environment
, developed by
Silvio Peroni