Welcome to mirror list, hosted at ThFree Co, Russian Federation.

cyclonedx_property_taxonomy.md « sec « development « doc - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/development/sec/cyclonedx_property_taxonomy.md
blob: 6d09529a194837447d63714d883b793eb3adc190 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

---
stage: Govern
group: Threat Insights
info: BEFORE MAKING CHANGES TO THIS FILE, PLEASE REACH OUT TO THE THREAT INSIGHTS ENGINEERING TEAM, @gitlab-org/govern/threat-insights.  To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---

# GitLab CycloneDX property taxonomy

This document defines the namespaces and properties used by the `gitlab` namespace
in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy).

## Where properties should be located

The `Property of` column describes what object a property may be attached to.

- Properties attached to the `metadata` apply to all objects in the document.
- Properties attached to an individual object apply to that object and any others nested underneath it.
- Objects which may nest themselves (such as `components`) may only have properties applied to the top-level object.

## `gitlab` namespace taxonomy

| Namespace             | Description |
| --------------------- | ----------- |
| `meta`                | Namespace for data about the property schema. |
| `dependency_scanning` | Namespace for data related to dependency scanning. |

## `gitlab:meta` namespace taxonomy

| Property                     | Description | Property of |
| ---------------------------- | ----------- | ----------- |
| `gitlab:meta:schema_version` | Used by GitLab to determine how to parse the properties in a report. Must be `1`. | `metadata` |

## `gitlab:dependency_scanning` namespace taxonomy

### Properties

| Property                                 | Description | Example values | Property of |
| ---------------------------------------- | ----------- | -------------- | ----------- |
| `gitlab:dependency_scanning:category`    | The name of the category or dependency group that the dependency belongs to. If no category is specified, `production` is used by default. | `production`, `development`, `test` | `components` |

### Namespaces

| Namespace                                    | Description |
| -------------------------------------------- | ----------- |
| `gitlab:dependency_scanning:input_file`      | Namespace for information about the input file analyzed to produce the dependency. |
| `gitlab:dependency_scanning:source_file`     | Namespace for information about the file you can edit to manage the dependency. |
| `gitlab:dependency_scanning:package_manager` | Namespace for information about the package manager associated with the dependency. |
| `gitlab:dependency_scanning:language`        | Namespace for information about the programming language associated with the dependency. |

## `gitlab:dependency_scanning:input_file` namespace taxonomy

| Property                                      | Description | Example values | Property of |
| --------------------------------------------- | ----------- | -------------- | ----------- |
| `gitlab:dependency_scanning:input_file:path` | The path, relative to the root of the repository, to the file analyzed to produce the dependency. Usually, the lock file. | `package-lock.json`, `Gemfile.lock`, `go.sum` | `metadata`, `component` |

## `gitlab:dependency_scanning:source_file` namespace taxonomy

| Property                                     | Description | Example values | Property of |
| -------------------------------------------- | ----------- | -------------- | ----------- |
| `gitlab:dependency_scanning:source_file:path` | The path, relative to the root of the repository, to the file you can edit to manage the dependency. | `package.json`, `Gemfile`, `go.mod` | `metadata`, `component` |

## `gitlab:dependency_scanning:package_manager` namespace taxonomy

| Property                                          | Description | Example values | Property of |
| ------------------------------------------------- | ----------- | -------------- | ----------- |
| `gitlab:dependency_scanning:package_manager:name` | The name of the package manager associated with the dependency | `npm`, `bundler`, `go` | `metadata`, `component` |

## `gitlab:dependency_scanning:language` namespace taxonomy

| Property                                   | Description | Example values | Property of |
| ------------------------------------------ | ----------- | -------------- | ----------- |
| `gitlab:dependency_scanning:language:name` | The name of the programming language associated with the dependency | `JavaScript`, `Ruby`, `Go` | `metadata`, `component` |
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 08:54:35 +0300