This specification describes the SPDX® language, defined as a dictionary of named properties and classes using W3C's RDF Technology.
SPDX® is a designed to allow the exchange of data about software packages. This information includes general information about the package, licensing information about the package as a whole, a manifest of files contained in the package and licensing information related to the contained files.
Known issues:
IRI: http://spdx.org/rdf/terms#Annotation
IRI: http://spdx.org/rdf/terms#AnnotationType
This type describes the type of annotation. Annotations are usually created when someone reviews the file, and if this is the case the annotation type should be REVIEW.
IRI: http://spdx.org/rdf/terms#AnyLicenseInfo
The AnyLicenseInfo class includes all resources that represent licensing information.
IRI: http://www.w3.org/2009/pointers#ByteOffsetPointer
IRI: http://spdx.org/rdf/terms#Checksum
A Checksum is value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change its checksum. This class allows the results of a variety of checksum and cryptographic message digest algorithms to be represented.
IRI: http://spdx.org/rdf/terms#ChecksumAlgorithm
Algorighm for Checksums.
IRI: http://www.w3.org/2009/pointers#CompoundPointer
IRI: http://spdx.org/rdf/terms#ConjunctiveLicenseSet
A ConjunctiveLicenseSet represents a set of licensing information all of which apply.
IRI: http://spdx.org/rdf/terms#CreationInfo
One instance is required for each SPDX file produced. It provides the necessary information for forward and backward compatibility for processing tools.
IRI: http://spdx.org/rdf/terms#DisjunctiveLicenseSet
A DisjunctiveLicenseSet represents a set of licensing information where only one license applies at a time. This class implies that the recipient gets to choose one of these licenses they would prefer to use.
IRI: http://spdx.org/rdf/terms#ExternalDocumentRef
Information about an external SPDX document reference including the checksum. This allows for verification of the external references.
IRI: http://spdx.org/rdf/terms#ExternalRef
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package.
IRI: http://spdx.org/rdf/terms#ExtractedLicensingInfo
An ExtractedLicensingInfo represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a License rather than an ExtractedLicensingInfo.
IRI: http://spdx.org/rdf/terms#File
A File represents a named sequence of information that is contained in a software package.
IRI: http://spdx.org/rdf/terms#FileType
Type of file.
IRI: http://spdx.org/rdf/terms#License
A License represents a copyright license. The SPDX license list website is annotated with these properties (using RDFa) to allow license data published there to be easily processed. The license list is populated in accordance with the License List fields guidelines. These guidelines are not normative and may change over time. SPDX tooling should not rely on values in the license list conforming to the current guidelines.
IRI: http://spdx.org/rdf/terms#LicenseException
An exception to a license.
IRI: http://www.w3.org/2009/pointers#LineCharPointer
IRI: http://spdx.org/rdf/terms#ListedLicense
A license which is included in the SPDX License List (http://spdx.org/licenses).
IRI: http://www.w3.org/2009/pointers#OffsetPointer
IRI: http://spdx.org/rdf/terms#OrLaterOperator
A license with an or later operator indicating this license version or any later version of the license
IRI: http://spdx.org/rdf/terms#Package
A Package represents a collection of software files that are delivered as a single functional component.
IRI: http://spdx.org/rdf/terms#PackageVerificationCode
A manifest based verification code (the algorithm is defined in section 4.7 of the full specification) of the SPDX Item. This allows consumers of this data and/or database to determine if an SPDX item they have in hand is identical to the SPDX item from which the data was produced. This algorithm works even if the SPDX document is included in the SPDX item.
IRI: http://www.w3.org/2009/pointers#Pointer
IRI: http://spdx.org/rdf/terms#ReferenceCategory
Category used for ExternalRef
IRI: http://spdx.org/rdf/terms#ReferenceType
Types used to external reference identifiers.
IRI: http://spdx.org/rdf/terms#Relationship
A Relationship represents a relationship between two SpdxElements.
IRI: http://spdx.org/rdf/terms#RelationshipType
Type of relationship.
IRI: http://spdx.org/rdf/terms#Review
IRI: http://spdx.org/rdf/terms#SimpleLicensingInfo
The SimpleLicenseInfo class includes all resources that represent simple, atomic, licensing information.
IRI: http://www.w3.org/2009/pointers#SinglePointer
IRI: http://spdx.org/rdf/terms#Snippet
The set of bytes in a file. The name of the snippet is the name of the file appended with the byte range in parenthesis (ie: "./file/name(2145:5532)")
IRI: http://spdx.org/rdf/terms#SpdxDocument
An SpdxDocument is a summary of the contents, provenance, ownership and licensing analysis of a specific software package. This is, effectively, the top level of SPDX information.
IRI: http://spdx.org/rdf/terms#SpdxElement
An SpdxElement is any thing described in SPDX, either a document or an SpdxItem. SpdxElements can be related to other SpdxElements.
IRI: http://spdx.org/rdf/terms#SpdxItem
An SpdxItem is a potentially copyrightable work.
IRI: http://www.w3.org/2009/pointers#StartEndPointer
IRI: http://spdx.org/rdf/terms#WithExceptionOperator
Sometimes a set of license terms apply except under special circumstances. In this case, use the binary "WITH" operator to construct a new license expression to represent the special exception situation. A valid
IRI: http://spdx.org/rdf/terms#algorithm
Identifies the algorithm used to produce the subject Checksum. Currently, SHA-1 is the only supported algorithm. It is anticipated that other algorithms will be supported at a later time.
IRI: http://spdx.org/rdf/terms#annotation
Provide additional information about an SpdxElement.
IRI: http://spdx.org/rdf/terms#annotationType
Type of the annotation.
IRI: http://spdx.org/rdf/terms#artifactOf
Indicates the project in which the SpdxElement originated. Tools must preserve doap:homepage and doap:name properties and the URI (if one is known) of doap:Project resources that are values of this property. All other properties of doap:Projects are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.
IRI: http://spdx.org/rdf/terms#checksum
The checksum property provides a mechanism that can be used to verify that the contents of a File or Package have not changed.
IRI: http://spdx.org/rdf/terms#creationInfo
The creationInfo property relates an SpdxDocument to a set of information about the creation of the SpdxDocument.
IRI: http://spdx.org/rdf/terms#dataLicense
Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata"). The SPDX specification contains numerous fields where an SPDX document creator may provide relevant explanatory text in SPDX-Metadata. Without opining on the lawfulness of "database rights" (in jurisdictions where applicable), such explanatory text is copyrightable subject matter in most Berne Convention countries. By using the SPDX specification, or any portion hereof, you hereby agree that any copyright rights (as determined by your jurisdiction) in any SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the Creative Commons CC0 1.0 Universal license. For SPDX-Metadata not containing any copyright rights, you hereby agree and acknowledge that the SPDX-Metadata is provided to you "as-is" and without any representations or warranties of any kind concerning the SPDX-Metadata, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non-infringement, or the absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
has characteristics: functional
IRI: http://spdx.org/rdf/terms#describesPackage
The describesPackage property relates an SpdxDocument to the package which it describes.
IRI: http://www.w3.org/2009/pointers#endPointer
IRI: http://spdx.org/rdf/terms#externalDocumentRef
Identify any external SPDX documents referenced within this SPDX document.
IRI: http://spdx.org/rdf/terms#externalRef
An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package.
IRI: http://spdx.org/rdf/terms#fileType
The type of the file.
IRI: http://spdx.org/rdf/terms#hasExtractedLicensingInfo
Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument.
IRI: http://spdx.org/rdf/terms#hasFile
Indicates that a particular file belongs to a package.
IRI: http://spdx.org/rdf/terms#licenseConcluded
The licensing that the preparer of this SPDX document has concluded, based on the evidence, actually applies to the package.
has characteristics: functional
IRI: http://spdx.org/rdf/terms#licenseDeclared
The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist.
IRI: http://spdx.org/rdf/terms#licenseException
An exception to a license.
IRI: http://spdx.org/rdf/terms#licenseInfoFromFiles
The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of alllicenseInfoInFile properties of all files contained in the package.
IRI: http://spdx.org/rdf/terms#licenseInfoInFile
Licensing information that was discovered directly in the subject file. This is also considered a declared license for the file.
IRI: http://spdx.org/rdf/terms#licenseInfoInSnippet
Licensing information that was discovered directly in the subject snippet. This is also considered a declared license for the snippet.
IRI: http://spdx.org/rdf/terms#member
A license, or other licensing information, that is a member of the subject license set.
IRI: http://spdx.org/rdf/terms#packageVerificationCode
A manifest based verification code (the algorithm is defined in section 3.9.4 of the full specification) of the package. This allows consumers of this data and/or database to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package.
IRI: http://spdx.org/rdf/terms#range
This field defines the byte range in the original host file (in X.2) that the snippet information applies to
IRI: http://www.w3.org/2009/pointers#reference
IRI: http://spdx.org/rdf/terms#referenceCategory
Category for the external reference
IRI: http://spdx.org/rdf/terms#referenceType
Type of the external reference. These are definined in an appendix in the SPDX specification.
IRI: http://spdx.org/rdf/terms#referencesFile
Indicates that a particular file belongs as part of the set of analyzed files in the SpdxDocument.
IRI: http://spdx.org/rdf/terms#relatedSpdxElement
A related SpdxElement.
IRI: http://spdx.org/rdf/terms#relationship
Defines a relationship between two SPDX elements. The SPDX element may be a Package, File, or SpdxDocument.
IRI: http://spdx.org/rdf/terms#relationshipType
Describes the type of relationship between two SPDX elements.
IRI: http://spdx.org/rdf/terms#reviewed
Reviewed
IRI: http://spdx.org/rdf/terms#snippetFromFile
File containing the SPDX element (e.g. the file contaning a snippet).
IRI: http://spdx.org/rdf/terms#spdxDocument
A propoerty containing an SPDX document.
IRI: http://www.w3.org/2009/pointers#startPointer
IRI: http://spdx.org/rdf/terms#annotationDate
Identify when the comment was made. This is to be specified according to the combined date and time in the UTC format, as specified in the ISO 8601 standard.
IRI: http://spdx.org/rdf/terms#annotator
This field identifies the person, organization or tool that has commented on a file, package, or the entire document.
IRI: http://spdx.org/rdf/terms#attributionText
This field provides a place for the SPDX data creator to record acknowledgements that may be required to be communicated in some contexts. This is not meant to include theactual complete license text (see licenseConculded and licenseDeclared), and may or may not include copyright notices (see also copyrightText). The SPDX data creator may use this field to record other acknowledgements, such as particular clauses from license texts, which may be necessary or desirable to reproduce.
IRI: http://spdx.org/rdf/terms#checksumValue
The checksumValue property provides a lower case hexidecimal encoded digest value produced using a specific algorithm.
has characteristics: functional
IRI: http://www.w3.org/2000/01/rdf-schema#comment
IRI: http://spdx.org/rdf/terms#contextualExample
Example for use of the external repository identifier
IRI: http://spdx.org/rdf/terms#copyrightText
The text of copyright declarations recited in the Package or File.
IRI: http://spdx.org/rdf/terms#created
Identify when the SPDX file was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard. This field is distinct from the fields in section 8, which involves the addition of information during a subsequent review.
IRI: http://spdx.org/rdf/terms#creator
Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an individual, indicate the person's name. If the SPDX file was created on behalf of a company or organization, indicate the entity name. If the SPDX file was created using a software tool, indicate the name and version for that tool. If multiple participants or tools were involved, use multiple instances of this field. Person name or organization name may be designated as “anonymous” if appropriate.
IRI: http://spdx.org/rdf/terms#date
A date-time stamp.
IRI: http://spdx.org/rdf/terms#description
Provides a detailed description of the package.
IRI: http://spdx.org/rdf/terms#documentation
Website containing the documentation related to the repository identifier
IRI: http://spdx.org/rdf/terms#downloadLocation
The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are acceptable as values of this property. The values http://spdx.org/rdf/terms#none and http://spdx.org/rdf/terms#noassertion may be used to specify that the package is not downloadable or that no attempt was made to determine its download location, respectively.
IRI: http://spdx.org/rdf/terms#example
Text for examples in describing an SPDX element.
IRI: http://spdx.org/rdf/terms#externalDocumentId
externalDocumentId is a string containing letters, numbers, ., - and/or + which uniquely identifies an external document within this document.
IRI: http://spdx.org/rdf/terms#externalReferenceSite
Website for the maintainers of the external reference site
IRI: http://spdx.org/rdf/terms#extractedText
Verbatim license or licensing notice text that was discovered.
IRI: http://spdx.org/rdf/terms#fileContributor
This field provides a place for the SPDX file creator to record file contributors. Contributors could include names of copyright holders and/or authors who may not be copyright holders yet contributed to the file content.
IRI: http://spdx.org/rdf/terms#fileName
The name of the file relative to the root of the package.
IRI: http://spdx.org/rdf/terms#filesAnalyzed
Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document. If false indicates packages that represent metadata or URI references to a project, product, artifact, distribution or a component. If set to false, the package must not contain any files.
IRI: http://usefulinc.com/ns/doap#homepage
IRI: http://spdx.org/rdf/terms#isDeprecatedLicenseId
IRI: http://spdx.org/rdf/terms#isFsfLibre
IRI: http://spdx.org/rdf/terms#isOsiApproved
Indicates if the OSI has approved the license.
IRI: http://spdx.org/rdf/terms#licenseComments
The licenseComments property allows the preparer of the SPDX document to describe why the licensing in spdx:licenseConcluded was chosen.
IRI: http://spdx.org/rdf/terms#licenseExceptionId
Short form license exception identifier in Appendix I.2 of the SPDX specification.
IRI: http://spdx.org/rdf/terms#licenseExceptionText
Full text of the license exception.
IRI: http://spdx.org/rdf/terms#licenseId
A human readable short form license identifier for a license. The license ID is iether on the standard license oist or the form "LicenseRef-"[idString] where [idString] is a unique string containing letters, numbers, ".", "-" or "+".
IRI: http://spdx.org/rdf/terms#licenseListVersion
An optional field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created.
has characteristics: functional
IRI: http://spdx.org/rdf/terms#licenseText
Full text of the license.
IRI: http://www.w3.org/2009/pointers#lineNumber
IRI: http://spdx.org/rdf/terms#name
Identify name of this SpdxElement.
IRI: http://spdx.org/rdf/terms#noticeText
This field provides a place for the SPDX file creator to record potential legal notices found in the file. This may or may not include copyright statements.
IRI: http://www.w3.org/2009/pointers#offset
IRI: http://spdx.org/rdf/terms#originator
The name and, optionally, contact information of the person or organization that originally created the package. Values of this property must conform to the agent and tool syntax.
IRI: http://spdx.org/rdf/terms#packageFileName
The base name of the package file name. For example, zlib-1.2.5.tar.gz.
IRI: http://spdx.org/rdf/terms#packageName
Identify the full name of the package as given by Package Originator.
IRI: http://spdx.org/rdf/terms#packageVerificationCodeExcludedFile
A file that was excluded when calculating the package verification code. This is usually a file containing SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded from the package verification code. If this is not done it would be impossible to correctly calculate the verification codes in both files.
IRI: http://spdx.org/rdf/terms#packageVerificationCodeValue
The actual package verification code as a hex encoded value.
IRI: http://spdx.org/rdf/terms#referenceLocator
The unique string with no spaces necessary to access the package-specific information, metadata, or content within the target location. The format of the locator is subject to constraints defined by the
IRI: http://spdx.org/rdf/terms#reviewDate
The date and time at which the SpdxDocument was reviewed. This value must be in UTC and have 'Z' as its timezone indicator.
IRI: http://spdx.org/rdf/terms#reviewer
The name and, optionally, contact information of the person who performed the review. Values of this property must conform to the agent and tool syntax.
IRI: http://spdx.org/rdf/terms#snippetName
Identify a specific snippet in a human convenient manner.
IRI: http://spdx.org/rdf/terms#sourceInfo
Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source.
IRI: http://spdx.org/rdf/terms#specVersion
Provide a reference number that can be used to understand how to parse and interpret the rest of the file. It will enable both future changes to the specification and to support backward compatibility. The version number consists of a major and minor version indicator. The major field will be incremented when incompatible changes between versions are made (one or more sections are created, modified or deleted). The minor field will be incremented when backwards compatible changes are made.
IRI: http://spdx.org/rdf/terms#standardLicenseHeader
License author's preferred text to indicated that a file is covered by the license.
IRI: http://spdx.org/rdf/terms#standardLicenseHeaderTemplate
License template which describes sections of the license header which can be varied. See License Template section of the specification for format information.
IRI: http://spdx.org/rdf/terms#standardLicenseTemplate
License template which describes sections of the license which can be varied. See License Template section of the specification for format information.
IRI: http://spdx.org/rdf/terms#summary
Provides a short description of the package.
IRI: http://spdx.org/rdf/terms#supplier
The name and, optionally, contact information of the person or organization who was the immediate supplier of this package to the recipient. The supplier may be different than originator when the software has been repackaged. Values of this property must conform to the agent and tool syntax.
IRI: http://spdx.org/rdf/terms#versionInfo
Provides an indication of the version of the package that is described by this SpdxDocument.
IRI: http://spdx.org/rdf/terms#annotationType_other
Type of annotation which does not fit in any of the pre-defined annotation types.
IRI: http://spdx.org/rdf/terms#annotationType_review
A Review represents an audit and signoff by an individual, organization or tool on the information for an SpdxElement.
IRI: http://spdx.org/rdf/terms#annotator
This field identifies the person, organization or tool that has commented on a file, package, or the entire document.
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_md2
Indicates the algorithm used was MD2
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_md4
Indicates the algorithm used was MD4
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_md5
Indicates the algorithm used was MD5
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_md6
Indicates the algorithm used was MD6
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_sha1
Indicates the algorithm used was SHA-1
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_sha224
Indicates the algorithm used was SHA224
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_sha256
Indicates the algorithm used was SHA256
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_sha384
Indicates the algorithm used was SHA384
IRI: http://spdx.org/rdf/terms#checksumAlgorithm_sha512
Indicates the algorithm used was SHA512
IRI: http://spdx.org/rdf/terms#fileType_application
The file is associated with a specific application type (MIME type of application/* )
IRI: http://spdx.org/rdf/terms#fileType_archive
Indicates the file is an archive file.
IRI: http://spdx.org/rdf/terms#fileType_audio
The file is associated with an audio file (MIME type of audio/ , ie. .mp3 ); IMAGE if the file is assoicated with an picture image file (MIME type of image/, ie. .jpg, .gif )
IRI: http://spdx.org/rdf/terms#fileType_binary
Indicates the file is not a text file. spdx:filetype_archive is preferred for archive files even though they are binary.
IRI: http://spdx.org/rdf/terms#fileType_documentation
The file serves as documentation.
IRI: http://spdx.org/rdf/terms#fileType_image
The file is assoicated with an picture image file (MIME type of image/*, ie. .jpg, .gif ).
IRI: http://spdx.org/rdf/terms#fileType_other
Indicates the file is not a source, archive or binary file.
IRI: http://spdx.org/rdf/terms#fileType_source
Indicates the file is a source code file.
IRI: http://spdx.org/rdf/terms#fileType_spdx
The file is an SPDX document.
IRI: http://spdx.org/rdf/terms#fileType_text
The file is human readable text file (MIME type of text/*).
IRI: http://spdx.org/rdf/terms#fileType_video
The file is associated with a video file type (MIME type of video/*).
IRI: http://spdx.org/rdf/terms#noassertion
Individual to indiate the creator of the SPDX document does not assert any value for the object.
IRI: http://spdx.org/rdf/terms#none
Individual to indicate that no value is applicable for the Object.
IRI: http://spdx.org/rdf/terms#referenceCategory_other
IRI: http://spdx.org/rdf/terms#referenceCategory_packageManager
IRI: http://spdx.org/rdf/terms#referenceCategory_persistentId
These point to objects present in the Software Heritage archive by the means of persistent identifiers that are guaranteed to remain stable (persistent) over time.
IRI: http://spdx.org/rdf/terms#referenceCategory_security
IRI: http://spdx.org/rdf/terms#relationshipType_amendment
To be used when SPDXRef-A amends the SPDX information in SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_ancestorOf
A Relationship of relationshipType_ancestorOf expresses that an SPDXElement is an ancestor of (same lineage but pre-dates) the relatedSPDXElement. For example, an upstream File is an ancestor of a modified downstream File
IRI: http://spdx.org/rdf/terms#relationshipType_buildDependencyOf
Is to be used when SPDXRef-A is a build dependency of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_buildToolOf
To be used when SPDXRef-A is used to to build SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_containedBy
A Relationship of relationshipType_containedBy expresses that an SPDXElement is contained by the relatedSPDXElement. For example, a File contained by a Package.
IRI: http://spdx.org/rdf/terms#relationshipType_contains
A Relationship of relationshipType_contains expresses that an SPDXElement contains the relatedSPDXElement. For example, a Package contains a File. (relationshipType_contains introduced in SPDX 2.0 deprecates property 'hasFile' from SPDX 1.2)
IRI: http://spdx.org/rdf/terms#relationshipType_copyOf
A Relationship of relationshipType_copyOf expresses that the SPDXElement is an exact copy of the relatedSDPXElement. For example, a downstream distribution of a binary library which was copied from the upstream package.
IRI: http://spdx.org/rdf/terms#relationshipType_dataFile
Is to be used when SPDXRef-A is a data file used in SPDXRef-B. Replaced by relationshipType_dataFileOf
IRI: http://spdx.org/rdf/terms#relationshipType_dataFileOf
Is to be used when SPDXRef-A is a data file used in SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_dependencyManifestOf
Is to be used when SPDXRef-A is a manifest file that lists a set of dependencies for SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_dependencyOf
Is to be used when SPDXRef-A is dependency of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_dependsOn
Is to be used when SPDXRef-A depends on SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_descendantOf
A Relationship of relationshipType_descendantOf expresses that an SPDXElement is a descendant of (same lineage but post-dates) the relatedSPDXElement. For example, an downstream File that was modified is a descendant of an upstream File
IRI: http://spdx.org/rdf/terms#relationshipType_describedBy
Is to be used an SPDXRef-A is described by SPDXRef-Document.
IRI: http://spdx.org/rdf/terms#relationshipType_describes
Is to be used when SPDXRef-DOCUMENT describes SPDXRef-A.
IRI: http://spdx.org/rdf/terms#relationshipType_devDependencyOf
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_devToolOf
Is to be used when SPDXRef-A is a development dependency of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_distributionArtifact
A Relationship of relationshipType_distributionArtifact expresses that distributing the SPDXElement requires that the relatedSPDXElement also be distributed. For example, distributing a binary File may require that a source tarball (another File) be made available with the distribuiton.
IRI: http://spdx.org/rdf/terms#relationshipType_documentation
To be used when SPDXRef-A provides documentation of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_dynamicLink
Is to be used when SPDXRef-A dynamically links to SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_exampleOf
Is to be used when SPDXRef-A is an example of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_expandedFromArchive
A Relationship of relationshipType_expandedFromArchive expresses that the SPDXElement is a file which was epanded from a relatedSPDXElement file. For example, if there is an archive file xyz.tar.gz containing a file foo.c the archive file was expanded in a directory arch/xyz, the file arch/xyz/foo.c would have a relationshipType_expandedFromArchive with the file xyz.tar.gz.
IRI: http://spdx.org/rdf/terms#relationshipType_fileAdded
A Relationship of relationshipType_fileAdded expresses that the SPDXElement is a file which has been added to the relatedSPDXElement package. For example, a package (the relatedSPDXElement) has been patched to remove a file (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present.
IRI: http://spdx.org/rdf/terms#relationshipType_fileDeleted
A Relationship of relationshipType_fileDeleted expresses that the SPDXElement is a package where the relatedSPDXElement file has been removed. For example, a package has been patched to remove a file a file (the relatedSPDXElement resulting in the patched package (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present.
IRI: http://spdx.org/rdf/terms#relationshipType_fileModified
A Relationship of relationshipType_fileModified expresses that the SPDXElement is a file which is a modified version of the relatedSPDXElement file. For example, a file (the SPDXElement) has been patched to modify the contents of the original file (the SPDXElement). This relationship is typically used to express the result of a patched package when the actual patchfile is not present.
IRI: http://spdx.org/rdf/terms#relationshipType_generatedFrom
A Relationship of relationshipType_generatedFrom expresses that an SPDXElement was generated from the relatedSPDXElement. For example, a binary File might have been generated from a source File.
IRI: http://spdx.org/rdf/terms#relationshipType_generates
A Relationship of relationshipType_generates expresses that an SPDXElement generates the relatedSPDXElement. For example, a source File generates a binary File.
IRI: http://spdx.org/rdf/terms#relationshipType_hasPrerequisite
Is to be used when SPDXRef-A has as a prerequisite SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_metafileOf
To be used when SPDXRef-A is a metafile of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_optionalComponentOf
To be used when SPDXRef-A is an optional component of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_optionalDependencyOf
Is to be used when SPDXRef-A is an optional dependency of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_other
to be used for a relationship which has not been defined in the formal SPDX specification. A description of the relationship should be included in the Relationship comments field.
IRI: http://spdx.org/rdf/terms#relationshipType_packageOf
To be used when SPDXRef-A is used as a package as part of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_patchApplied
A Relationship of relationshipType_patchApplied expresses that the SPDXElement is a 'patchfile' that was applied and produced the relatedSPDXElement. For example, a .diff File relates to a specific file where the diff was applied.
IRI: http://spdx.org/rdf/terms#relationshipType_patchFor
A Relationship of relationshipType_patchFor expresses that the SPDXElement is a 'patchfile' that is designed to patch (apply modifications to) the relatedSPDXElement. For example, relationship from a .diff File to a Package it is designed to patch.
IRI: http://spdx.org/rdf/terms#relationshipType_prerequisiteFor
Is to be used when SPDXRef-A is a prerequisite for SPDXRef-B
IRI: http://spdx.org/rdf/terms#relationshipType_providedDependencyOf
Is to be used when SPDXRef-A is a to be provided dependency of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_runtimeDependencyOf
Is to be used when SPDXRef-A is a dependency required for the execution of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_staticLink
Is to be used when SPDXRef-A statically links to SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_testDependencyOf
Is to be used when SPDXRef-A is a test dependency of SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_testOf
Is to be used when SPDXRef-A is used for testing SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_testToolOf
Is to be used when SPDXRef-A is used as a test tool for SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_testcaseOf
Is to be used when SPDXRef-A is a test case used in testing SPDXRef-B.
IRI: http://spdx.org/rdf/terms#relationshipType_variantOf
A Relationship of relationshipType_variantOf expresses that an SPDXElement is a variant of the relatedSPDXElement, but it is not clear which came first. For example, if the content of two Files differs by some edit, but there is no way to tell which came first (no reliable date information), then one File is a variant of the other File.
IRI: http://spdx.org/rdf/terms#reviewed
Reviewed
IRI: http://www.w3.org/2000/01/rdf-schema#comment
IRI: http://www.w3.org/2002/07/owl#deprecatedClass
IRI: http://www.w3.org/2002/07/owl#deprecatedProperty
IRI: http://www.w3.org/2002/07/owl#qualifiedCardinality
IRI: http://www.w3.org/2003/06/sw-vocab-status/ns#term_status
This HTML document was obtained by processing the OWL ontology source code through LODE, Live OWL Documentation Environment, developed by Silvio Peroni.
An Annotation is a comment on an SpdxItem by an agent.