diff --git a/model/Operations/Operations-classes-draft.md b/model/Operations/Operations-classes-draft.md new file mode 100644 index 000000000..365051f31 --- /dev/null +++ b/model/Operations/Operations-classes-draft.md @@ -0,0 +1,141 @@ +```mermaid +--- +title: SPDX Operations Profile +--- +classDiagram + Element <|-- Relationship + Element <|-- Agent + Element <|-- Artifact + Artifact <|-- CompliancePackage + Agent <|-- Organization + Agent <|-- Person + Agent <|-- Country + Relationship <|-- OperationsAssessmentRelationship + OperationsAssessmentRelationship <|-- ExportControlAssessmentRelationship + OperationsAssessmentRelationship <|-- ObligationsAssessmentRelationship + OperationsAssessmentRelationship <|-- ApplicationFactsAssessmentRelationship + OperationsAssessmentRelationship <|-- DeliverableFactsAssessmentRelationship + OperationsAssessmentRelationship <|-- SupplierDeliverableFactsAssessmentRelationship + + note for Organization "ID \naddress \nwebsite" + note for OperationsAssessmentRelationship "Inspired by VulnAssessmentRelationship" +namespace Core { + class Element{ + <> + } + class Relationship{ + <> + } + class Artifact{ + <> + } + class Agent{ + <> + } + class Organization{ + <> + } + class Person{ + <> + } +} +namespace OperationsClasses { + + class Country{ + + countryCode: CountryCode[1] + } + class CompliancePackage{ + + sourceCodeLink + } + class OperationsAssessmentRelationship{ + + Core/Relationship/to: Element[1] + + assessedElement: Element[0..1] + + suppliedBy: Agent[0..n] + + publishedTime: DateTime[0..1] + + modifiedTime: DateTime[0..1] + + withdrawnTime: DateTime[0..1] + } + class ExportControlAssessmentRelationship{ + + notRequired: Boolean[1] + + purpose: String[0..1] + + countryOfOrigin: Country[0..n] + + manufacturer: ?Agent/Organization?[0..n] + + Classification: ExportControlClassification[1..n] + + SpecialTechnology: SpecialTechnology[0..1] + + ExportControlQandA: QandA[0..n] + } + class ObligationsAssessmentRelationship{ + + Obligation: String [0..n] + } + + class ApplicationFactsAssessmentRelationship{ + + productOwner: Person[0..1] + + documentationLink + + productAccessURL + + applicationFactsComment: comment[0..n] + + distributionTarget + + distributedDeliverables + + technicalDeployment + + contact + + scope + + relationType + + supplyChainContext + + releaseCycles + + fossComplianceBundleProvision + + contractSetup + + fossTermsTowardsCustomer + + distributionTermsTowardsCustomer + + customerFossContact: Person[0..n] + } + class DeliverableFactsAssessmentRelationship{ + + swLanguage + + dependencyManager + + packageManager + + environmentFramework + + applicationCategory + + applicationType + + distributionMethod + + operatingSystem + + consistsOf + + developedBy + + contact + + linkToArchitecture + + osmConcept + + deliverableReview: QandA[0..n] + + deliverabelComment: comment[0..n] + } + class SupplierDeliverableFactsAssessmentRelationship{ + + supplierName + + deliverableFromSupplier + + fossTermsTowardsSupplier + + distributionTermsFromSupplier + + fossComplianceBundleConsumption + + supplierFossContact + + supplierDeliverableFactsComment: comment[0..n] + } +} +namespace OperationsNonElementClasses { + class QandA{ + + question: String[0..1] + + clarification: String[0..1] + } + class ExportControlClassification{ + + classificationSystem + + classificationValue + + classificationComment + } + class SpecialTechnology{ + + includesCrypto: Boolean[1] + + cryptoDetail: Crypto[0..n] + + externalServerCommunication: Boolean + + includesArtificialIntelligence: Boolean + } +} +namespace Enumerations { + class CountryCode{ + <> + } + class classificationSystem{ + <> + } +} \ No newline at end of file diff --git a/model/Operations/notes.md b/model/Operations/notes.md new file mode 100644 index 000000000..252f0fc2c --- /dev/null +++ b/model/Operations/notes.md @@ -0,0 +1,2 @@ +## ideas +- collaborate with Security profile for a common 'AssessmentRelationship' class \ No newline at end of file diff --git a/model/Operations/spdx_operations_profile_schema.json b/model/Operations/spdx_operations_profile_schema.json new file mode 100644 index 000000000..2c16da9b8 --- /dev/null +++ b/model/Operations/spdx_operations_profile_schema.json @@ -0,0 +1,367 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://foo.bar", + "title": "SPDX operations profile", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "applicationFacts": { + "type": "object", + "description": "Collection of facts about the product/project/service (may also be referred to as application in the following) described by the spdx-file. The product/project/service may consist of several deliverables.", + "properties": { + "productOwner": { + "description": "Name of the application or service owner", + "type": "string" + }, + "documentationLink": { + "description": "URL of existing product documentation", + "type": "string" + }, + "productAccessURL": { + "description": "URL to the Download-Location or to the Web-Access in case the application is available in the network. Field may be used to link to marketing product website in case of a device.", + "type": "string" + }, + "comment": { + "description": "Free comment about the product/project/service", + "type": "string" + }, + "distributionTarget": { + "description": "Specification where the application/service is distributed to / deployed. E.g. in the cloud or shipped as device.", + "type": "string" + }, + "distributedDeliverables": { + "description": "high-level overview list of the software deliverables that the product consists of (e.g. frontend + microservices etc.)", + "type": "string" + }, + "technicalDeployment": { + "description": "Entity in the supplychain that is technically deploying the application / distributing the software or the device containing the software.", + "type": "string" + }, + "contact": { + "description": "contact person of contact details for urgent incidents", + "type": "string" + }, + "scope": { + "description": "organization internal or external distribution/deployment", + "type": "string" + }, + "relationType": { + "description": "e.g. one-to-one or one-to-many", + "type": "string" + }, + "supplyChainContext": { + "description": "e.g. upstream/steward, tier2, tier1, OEM, …", + "type": "string" + }, + "releaseCycles": { + "description": "e.g. nightly, weekly,…", + "type": "string" + }, + "fossComplianceBundleProvision": { + "description": "Short summary in what way the FOSS Compliance Bundle is handed over downstream in the supply chain", + "type": "string" + }, + "contractSetup": { + "description": "e.g. B2B, B2C, …", + "type": "string" + }, + "fossTermsTowardsCustomer": { + "description": "e.g. special deny or allow lists", + "type": "string" + }, + "distributionTermsTowardsCustomer": { + "description": "e.g. weekly deliveries", + "type": "string" + }, + "customerFossContact": { + "description": "e.g. Open Source Office contact downstream the supplychain", + "type": "string" + } + }, + "required": [] + }, + "deliverableFacts": { + "type": "object", + "description": "Collection of facts about a deliverable that is used as part of product/project/service described by the spdx-file.", + "properties": { + "swLanguage": { + "description": "programming language used to implement the deliverable", + "type": "string" + }, + "dependencyManager": { + "description": "dependency manager used to build the deliverable (e.g. Maven, Gradle, …)", + "type": "string" + }, + "packageManager": { + "description": "package manager used with or to build the deliverable (e.g. dpkg, …)", + "type": "string" + }, + "environmentFramework": { + "description": "environment or framework used to implement the deliverable (e.g. NodeJS,…)", + "type": "string" + }, + "applicationCategory": { + "description": "intended way to distribute / deploy the application while development (e.g. hosted, distributed,...)", + "type": "string" + }, + "applicationType": { + "description": "intended business case the application is developed for (e.g. fat client, cloud service, ...)", + "type": "string" + }, + "distributionMethod": { + "description": "method how the developed deliverable is made available (e.g. docker container, ...)", + "type": "string" + }, + "operatingSystem": { + "description": "operating system that is used or the application is designed for", + "type": "string" + }, + "consistsOf": { + "description": "at least the URL to the source code repository, if necessary list intended additional external components and components from third party suppliers (hint: this field is meant to be populated in early or pre-development phase)", + "type": "string" + }, + "developedBy": { + "description": "(e.g. development team or external third party)", + "type": "string" + }, + "contact": { + "description": "(e.g. the chief developer or architect)", + "type": "string" + }, + "linkToArchitecture": { + "description": "link to architecture, if available", + "type": "string" + }, + "osmConcept": { + "description": "link to the used open source management concept used while development", + "type": "string" + }, + "reviews": { + "description": "link to the latest review reports (e.g. Open Source dependency review, snippet review, security review ,… ) each different review may be added as separate item", + "type": "array", + "items": { + "title": "review", + "type": "object", + "properties": { + "question": { + "description": "e.g. Link to the Open Source dependency review report", + "type": "string" + } + } + } + }, + "comment": { + "description": "Free comment about the deliverable", + "type": "string" + } + }, + "required": [] + }, + "supplierDeliverableFacts": { + "type": "object", + "description": "Collection of facts about a deliverable from suppliers that are used as part of product/project/service described by the spdx-file.", + "properties": { + "supplierName": { + "description": "name of the supplier", + "type": "string" + }, + "deliverableFromSupplier": { + "description": "name or identifier of the deliverable provided by the supplier", + "type": "string" + }, + "fossTermsTowardsSupplier": { + "description": "e.g. special deny or allow lists", + "type": "string" + }, + "distributionTermsFromSupplier": { + "description": "in case there are special project specific distribution conditions agreed that may impact the Open Source Components, please provide here", + "type": "string" + }, + "fossComplianceBundleConsumption": { + "description": "e.g. 'FOSS Compliance Bundle included in Installation File'", + "type": "string" + }, + "supplierFossContact": { + "description": "Contact person on supplier side in case urgent measures need to be taken", + "type": "string" + }, + "comment": { + "description": "Free comment about the supplier deliverable", + "type": "string" + } + }, + "required": [] + }, + "exportControl": { + "type": "object", + "description": "This is for export control data.", + "properties": { + "classifications": { + "type": "array", + "description": "export control classifications.", + "items": { + "description": "export control classification", + "type": "object", + "title": "export control classification", + "properties": { + "classificationSystem": { + "description": "referenced export control classification system (e.g. 'ECCN' or 'EAR' for US, 'Ausfuhrlistennummer' for Germany ,...).", + "type": "string" + }, + "classificationValue": { + "description": "e.g. EAR99 ", + "type": "string" + }, + "comment": { + "type": "string" + } + } + } + }, + "notRequired": { + "$comment": "This could make sense to have a 'no export control context given' flag to avoid unnecessary parsing of details.", + "description": "Set this true, if no export control context is given.", + "type": "boolean" + }, + "qaQuestions": { + "description": "Individual, Q&A style queries not covered by any standard field.", + "type": "array", + "items": { + "title": "exportControlQuestion", + "type": "object", + "properties": { + "question": { + "description": "e.g. 'Was the software developed for specific (military) application and product areas?'", + "type": "string" + }, + "clarification": { + "minItems": 1, + "type": "string" + } + } + } + }, + "specialTechnology": { + "type": "object", + "properties": { + "includesCrypto?": { + "type": "string", + "enum": [ + "Yes", + "No", + "NOASSERTION" + ], + "default": "" + }, + "cryptoDetail": { + "description": "Cryptography/encryption technology used / encryption algorithm's strength.", + "type": "string" + }, + "externalServerCommunication?": { + "type": "string", + "enum": [ + "Yes", + "No", + "NOASSERTION" + ], + "default": "" + }, + "includesArtificialIntelligence?": { + "type": "string", + "enum": [ + "Yes", + "No", + "NOASSERTION" + ], + "default": "" + } + } + }, + "purpose": { + "type": "string", + "description": "Main purpose of this component." + }, + "countryOfOrigin": { + "type": "array", + "description": "country / countries of origin", + "items": { + "type": "string" + } + }, + "manufacturer": { + "type": "string" + }, + "manufacturerID": { + "type": "string", + "description": "ID/reference for original manufacturer dataset" + }, + "address": { + "type": "string", + "description": "Manufacturer Address", + "format": "textarea" + }, + "website": { + "type": "string" + } + } + }, + "otherBusiness": { + "type": "object", + "description": "Other information, that might impact business use.", + "properties": { + "sourceCodeProvision": { + "description": "Links for source provision for distribution. Links must be persistent!", + "type": "array", + "items": { + "type": "object", + "description": "", + "title": "Annotation", + "properties": { + "sourceLink": { + "type": "string" + }, + "relatedSpdxElement": { + "type": "string", + "description": "Reference to the respctive component in the SPDX document" + } + } + } + } + }, + "required": [] + }, + "obligations": { + "$comment": "Could be used to phrase simple instructions, 'do/don't', which would otherwise need an expert to read fom the data.", + "description": "Obligations that impact and/or confine the use of the component.", + "type": "array", + "items": { + "type": "object", + "description": "", + "title": "Obligation", + "properties": { + "obligation": { + "type": "string", + "description": "Conditions to follow." + }, + "source": { + "type": "string", + "description": "Origin of the obligation." + } + } + } + }, + "annotations": { + "description": "Any remarks that are not covered by provided fields.", + "type": "array", + "items": { + "type": "string", + "description": "", + "title": "Annotation" + } + } + }, + "required": [], + "additionalProperties": false +} \ No newline at end of file diff --git a/model/Operations/spdx_operations_profile_schema.md b/model/Operations/spdx_operations_profile_schema.md new file mode 100644 index 000000000..d51a2da98 --- /dev/null +++ b/model/Operations/spdx_operations_profile_schema.md @@ -0,0 +1,1005 @@ +# SPDX operations profile + +- [1. Property `SPDX operations profile > title`](#title) +- [2. Property `SPDX operations profile > applicationFacts`](#applicationFacts) + - [2.1. Property `SPDX operations profile > applicationFacts > productOwner`](#applicationFacts_productOwner) + - [2.2. Property `SPDX operations profile > applicationFacts > documentationLink`](#applicationFacts_documentationLink) + - [2.3. Property `SPDX operations profile > applicationFacts > productAccessURL`](#applicationFacts_productAccessURL) + - [2.4. Property `SPDX operations profile > applicationFacts > comment`](#applicationFacts_comment) + - [2.5. Property `SPDX operations profile > applicationFacts > distributionTarget`](#applicationFacts_distributionTarget) + - [2.6. Property `SPDX operations profile > applicationFacts > distributedDeliverables`](#applicationFacts_distributedDeliverables) + - [2.7. Property `SPDX operations profile > applicationFacts > technicalDeployment`](#applicationFacts_technicalDeployment) + - [2.8. Property `SPDX operations profile > applicationFacts > contact`](#applicationFacts_contact) + - [2.9. Property `SPDX operations profile > applicationFacts > scope`](#applicationFacts_scope) + - [2.10. Property `SPDX operations profile > applicationFacts > relationType`](#applicationFacts_relationType) + - [2.11. Property `SPDX operations profile > applicationFacts > supplyChainContext`](#applicationFacts_supplyChainContext) + - [2.12. Property `SPDX operations profile > applicationFacts > releaseCycles`](#applicationFacts_releaseCycles) + - [2.13. Property `SPDX operations profile > applicationFacts > fossComplianceBundleProvision`](#applicationFacts_fossComplianceBundleProvision) + - [2.14. Property `SPDX operations profile > applicationFacts > contractSetup`](#applicationFacts_contractSetup) + - [2.15. Property `SPDX operations profile > applicationFacts > fossTermsTowardsCustomer`](#applicationFacts_fossTermsTowardsCustomer) + - [2.16. Property `SPDX operations profile > applicationFacts > distributionTermsTowardsCustomer`](#applicationFacts_distributionTermsTowardsCustomer) + - [2.17. Property `SPDX operations profile > applicationFacts > customerFossContact`](#applicationFacts_customerFossContact) +- [3. Property `SPDX operations profile > deliverableFacts`](#deliverableFacts) + - [3.1. Property `SPDX operations profile > deliverableFacts > swLanguage`](#deliverableFacts_swLanguage) + - [3.2. Property `SPDX operations profile > deliverableFacts > dependencyManager`](#deliverableFacts_dependencyManager) + - [3.3. Property `SPDX operations profile > deliverableFacts > packageManager`](#deliverableFacts_packageManager) + - [3.4. Property `SPDX operations profile > deliverableFacts > environmentFramework`](#deliverableFacts_environmentFramework) + - [3.5. Property `SPDX operations profile > deliverableFacts > applicationCategory`](#deliverableFacts_applicationCategory) + - [3.6. Property `SPDX operations profile > deliverableFacts > applicationType`](#deliverableFacts_applicationType) + - [3.7. Property `SPDX operations profile > deliverableFacts > distributionMethod`](#deliverableFacts_distributionMethod) + - [3.8. Property `SPDX operations profile > deliverableFacts > operatingSystem`](#deliverableFacts_operatingSystem) + - [3.9. Property `SPDX operations profile > deliverableFacts > consistsOf`](#deliverableFacts_consistsOf) + - [3.10. Property `SPDX operations profile > deliverableFacts > developedBy`](#deliverableFacts_developedBy) + - [3.11. Property `SPDX operations profile > deliverableFacts > contact`](#deliverableFacts_contact) + - [3.12. Property `SPDX operations profile > deliverableFacts > linkToArchitecture`](#deliverableFacts_linkToArchitecture) + - [3.13. Property `SPDX operations profile > deliverableFacts > osmConcept`](#deliverableFacts_osmConcept) + - [3.14. Property `SPDX operations profile > deliverableFacts > reviews`](#deliverableFacts_reviews) + - [3.14.1. SPDX operations profile > deliverableFacts > reviews > review](#autogenerated_heading_2) + - [3.14.1.1. Property `SPDX operations profile > deliverableFacts > reviews > review > question`](#deliverableFacts_reviews_items_question) + - [3.15. Property `SPDX operations profile > deliverableFacts > comment`](#deliverableFacts_comment) +- [4. Property `SPDX operations profile > supplierDeliverableFacts`](#supplierDeliverableFacts) + - [4.1. Property `SPDX operations profile > supplierDeliverableFacts > supplierName`](#supplierDeliverableFacts_supplierName) + - [4.2. Property `SPDX operations profile > supplierDeliverableFacts > deliverableFromSupplier`](#supplierDeliverableFacts_deliverableFromSupplier) + - [4.3. Property `SPDX operations profile > supplierDeliverableFacts > fossTermsTowardsSupplier`](#supplierDeliverableFacts_fossTermsTowardsSupplier) + - [4.4. Property `SPDX operations profile > supplierDeliverableFacts > distributionTermsFromSupplier`](#supplierDeliverableFacts_distributionTermsFromSupplier) + - [4.5. Property `SPDX operations profile > supplierDeliverableFacts > fossComplianceBundleConsumption`](#supplierDeliverableFacts_fossComplianceBundleConsumption) + - [4.6. Property `SPDX operations profile > supplierDeliverableFacts > supplierFossContact`](#supplierDeliverableFacts_supplierFossContact) + - [4.7. Property `SPDX operations profile > supplierDeliverableFacts > comment`](#supplierDeliverableFacts_comment) +- [5. Property `SPDX operations profile > exportControl`](#exportControl) + - [5.1. Property `SPDX operations profile > exportControl > classifications`](#exportControl_classifications) + - [5.1.1. SPDX operations profile > exportControl > classifications > export control classification](#autogenerated_heading_3) + - [5.1.1.1. Property `SPDX operations profile > exportControl > classifications > export control classification > classificationSystem`](#exportControl_classifications_items_classificationSystem) + - [5.1.1.2. Property `SPDX operations profile > exportControl > classifications > export control classification > classificationValue`](#exportControl_classifications_items_classificationValue) + - [5.1.1.3. Property `SPDX operations profile > exportControl > classifications > export control classification > comment`](#exportControl_classifications_items_comment) + - [5.2. Property `SPDX operations profile > exportControl > notRequired`](#exportControl_notRequired) + - [5.3. Property `SPDX operations profile > exportControl > qaQuestions`](#exportControl_qaQuestions) + - [5.3.1. SPDX operations profile > exportControl > qaQuestions > exportControlQuestion](#autogenerated_heading_4) + - [5.3.1.1. Property `SPDX operations profile > exportControl > qaQuestions > exportControlQuestion > question`](#exportControl_qaQuestions_items_question) + - [5.3.1.2. Property `SPDX operations profile > exportControl > qaQuestions > exportControlQuestion > clarification`](#exportControl_qaQuestions_items_clarification) + - [5.4. Property `SPDX operations profile > exportControl > specialTechnology`](#exportControl_specialTechnology) + - [5.4.1. Property `SPDX operations profile > exportControl > specialTechnology > includesCrypto?`](#exportControl_specialTechnology_includesCrypto) + - [5.4.2. Property `SPDX operations profile > exportControl > specialTechnology > cryptoDetail`](#exportControl_specialTechnology_cryptoDetail) + - [5.4.3. Property `SPDX operations profile > exportControl > specialTechnology > externalServerCommunication?`](#exportControl_specialTechnology_externalServerCommunication) + - [5.4.4. Property `SPDX operations profile > exportControl > specialTechnology > includesArtificialIntelligence?`](#exportControl_specialTechnology_includesArtificialIntelligence) + - [5.5. Property `SPDX operations profile > exportControl > purpose`](#exportControl_purpose) + - [5.6. Property `SPDX operations profile > exportControl > countryOfOrigin`](#exportControl_countryOfOrigin) + - [5.6.1. SPDX operations profile > exportControl > countryOfOrigin > countryOfOrigin items](#autogenerated_heading_5) + - [5.7. Property `SPDX operations profile > exportControl > manufacturer`](#exportControl_manufacturer) + - [5.8. Property `SPDX operations profile > exportControl > manufacturerID`](#exportControl_manufacturerID) + - [5.9. Property `SPDX operations profile > exportControl > address`](#exportControl_address) + - [5.10. Property `SPDX operations profile > exportControl > website`](#exportControl_website) +- [6. Property `SPDX operations profile > otherBusiness`](#otherBusiness) + - [6.1. Property `SPDX operations profile > otherBusiness > sourceCodeProvision`](#otherBusiness_sourceCodeProvision) + - [6.1.1. SPDX operations profile > otherBusiness > sourceCodeProvision > Annotation](#autogenerated_heading_6) + - [6.1.1.1. Property `SPDX operations profile > otherBusiness > sourceCodeProvision > Annotation > sourceLink`](#otherBusiness_sourceCodeProvision_items_sourceLink) + - [6.1.1.2. Property `SPDX operations profile > otherBusiness > sourceCodeProvision > Annotation > relatedSpdxElement`](#otherBusiness_sourceCodeProvision_items_relatedSpdxElement) +- [7. Property `SPDX operations profile > obligations`](#obligations) + - [7.1. SPDX operations profile > obligations > Obligation](#autogenerated_heading_7) + - [7.1.1. Property `SPDX operations profile > obligations > Obligation > obligation`](#obligations_items_obligation) + - [7.1.2. Property `SPDX operations profile > obligations > Obligation > source`](#obligations_items_source) +- [8. Property `SPDX operations profile > annotations`](#annotations) + - [8.1. SPDX operations profile > annotations > Annotation](#autogenerated_heading_8) + +**Title:** SPDX operations profile + +| | | +| ------------------------- | ------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Not allowed]](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------- | ------- | --------------- | ---------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| - [title](#title ) | No | string | No | - | - | +| - [applicationFacts](#applicationFacts ) | No | object | No | - | Collection of facts about the product/project/service (may also be referred to as application in the following) described by the spdx-file. The product/project/service may consist of several deliverables. | +| - [deliverableFacts](#deliverableFacts ) | No | object | No | - | Collection of facts about a deliverable that is used as part of product/project/service described by the spdx-file. | +| - [supplierDeliverableFacts](#supplierDeliverableFacts ) | No | object | No | - | Collection of facts about a deliverable from suppliers that are used as part of product/project/service described by the spdx-file. | +| - [exportControl](#exportControl ) | No | object | No | - | This is for export control data. | +| - [otherBusiness](#otherBusiness ) | No | object | No | - | Other information, that might impact business use. | +| - [obligations](#obligations ) | No | array of object | No | - | Obligations that impact and/or confine the use of the component. | +| - [annotations](#annotations ) | No | array of string | No | - | Any remarks that are not covered by provided fields. | + +## 1. Property `SPDX operations profile > title` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +## 2. Property `SPDX operations profile > applicationFacts` + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +**Description:** Collection of facts about the product/project/service (may also be referred to as application in the following) described by the spdx-file. The product/project/service may consist of several deliverables. + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| - [productOwner](#applicationFacts_productOwner ) | No | string | No | - | Name of the application or service owner | +| - [documentationLink](#applicationFacts_documentationLink ) | No | string | No | - | URL of existing product documentation | +| - [productAccessURL](#applicationFacts_productAccessURL ) | No | string | No | - | URL to the Download-Location or to the Web-Access in case the application is available in the network. Field may be used to link to marketing product website in case of a device. | +| - [comment](#applicationFacts_comment ) | No | string | No | - | Free comment about the product/project/service | +| - [distributionTarget](#applicationFacts_distributionTarget ) | No | string | No | - | Specification where the application/service is distributed to / deployed. E.g. in the cloud or shipped as device. | +| - [distributedDeliverables](#applicationFacts_distributedDeliverables ) | No | string | No | - | high-level overview list of the software deliverables that the product consists of (e.g. frontend + microservices etc.) | +| - [technicalDeployment](#applicationFacts_technicalDeployment ) | No | string | No | - | Entity in the supplychain that is technically deploying the application / distributing the software or the device containing the software. | +| - [contact](#applicationFacts_contact ) | No | string | No | - | contact person of contact details for urgent incidents | +| - [scope](#applicationFacts_scope ) | No | string | No | - | organization internal or external distribution/deployment | +| - [relationType](#applicationFacts_relationType ) | No | string | No | - | e.g. one-to-one or one-to-many | +| - [supplyChainContext](#applicationFacts_supplyChainContext ) | No | string | No | - | e.g. upstream/steward, tier2, tier1, OEM, … | +| - [releaseCycles](#applicationFacts_releaseCycles ) | No | string | No | - | e.g. nightly, weekly,… | +| - [fossComplianceBundleProvision](#applicationFacts_fossComplianceBundleProvision ) | No | string | No | - | Short summary in what way the FOSS Compliance Bundle is handed over downstream in the supply chain | +| - [contractSetup](#applicationFacts_contractSetup ) | No | string | No | - | e.g. B2B, B2C, … | +| - [fossTermsTowardsCustomer](#applicationFacts_fossTermsTowardsCustomer ) | No | string | No | - | e.g. special deny or allow lists | +| - [distributionTermsTowardsCustomer](#applicationFacts_distributionTermsTowardsCustomer ) | No | string | No | - | e.g. weekly deliveries | +| - [customerFossContact](#applicationFacts_customerFossContact ) | No | string | No | - | e.g. Open Source Office contact downstream the supplychain | + +### 2.1. Property `SPDX operations profile > applicationFacts > productOwner` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Name of the application or service owner + +### 2.2. Property `SPDX operations profile > applicationFacts > documentationLink` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** URL of existing product documentation + +### 2.3. Property `SPDX operations profile > applicationFacts > productAccessURL` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** URL to the Download-Location or to the Web-Access in case the application is available in the network. Field may be used to link to marketing product website in case of a device. + +### 2.4. Property `SPDX operations profile > applicationFacts > comment` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Free comment about the product/project/service + +### 2.5. Property `SPDX operations profile > applicationFacts > distributionTarget` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Specification where the application/service is distributed to / deployed. E.g. in the cloud or shipped as device. + +### 2.6. Property `SPDX operations profile > applicationFacts > distributedDeliverables` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** high-level overview list of the software deliverables that the product consists of (e.g. frontend + microservices etc.) + +### 2.7. Property `SPDX operations profile > applicationFacts > technicalDeployment` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Entity in the supplychain that is technically deploying the application / distributing the software or the device containing the software. + +### 2.8. Property `SPDX operations profile > applicationFacts > contact` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** contact person of contact details for urgent incidents + +### 2.9. Property `SPDX operations profile > applicationFacts > scope` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** organization internal or external distribution/deployment + +### 2.10. Property `SPDX operations profile > applicationFacts > relationType` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. one-to-one or one-to-many + +### 2.11. Property `SPDX operations profile > applicationFacts > supplyChainContext` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. upstream/steward, tier2, tier1, OEM, … + +### 2.12. Property `SPDX operations profile > applicationFacts > releaseCycles` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. nightly, weekly,… + +### 2.13. Property `SPDX operations profile > applicationFacts > fossComplianceBundleProvision` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Short summary in what way the FOSS Compliance Bundle is handed over downstream in the supply chain + +### 2.14. Property `SPDX operations profile > applicationFacts > contractSetup` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. B2B, B2C, … + +### 2.15. Property `SPDX operations profile > applicationFacts > fossTermsTowardsCustomer` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. special deny or allow lists + +### 2.16. Property `SPDX operations profile > applicationFacts > distributionTermsTowardsCustomer` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. weekly deliveries + +### 2.17. Property `SPDX operations profile > applicationFacts > customerFossContact` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. Open Source Office contact downstream the supplychain + +## 3. Property `SPDX operations profile > deliverableFacts` + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +**Description:** Collection of facts about a deliverable that is used as part of product/project/service described by the spdx-file. + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------------------- | ------- | --------------- | ---------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| - [swLanguage](#deliverableFacts_swLanguage ) | No | string | No | - | programming language used to implement the deliverable | +| - [dependencyManager](#deliverableFacts_dependencyManager ) | No | string | No | - | dependency manager used to build the deliverable (e.g. Maven, Gradle, …) | +| - [packageManager](#deliverableFacts_packageManager ) | No | string | No | - | package manager used with or to build the deliverable (e.g. dpkg, …) | +| - [environmentFramework](#deliverableFacts_environmentFramework ) | No | string | No | - | environment or framework used to implement the deliverable (e.g. NodeJS,…) | +| - [applicationCategory](#deliverableFacts_applicationCategory ) | No | string | No | - | intended way to distribute / deploy the application while development (e.g. hosted, distributed,...) | +| - [applicationType](#deliverableFacts_applicationType ) | No | string | No | - | intended business case the application is developed for (e.g. fat client, cloud service, ...) | +| - [distributionMethod](#deliverableFacts_distributionMethod ) | No | string | No | - | method how the developed deliverable is made available (e.g. docker container, ...) | +| - [operatingSystem](#deliverableFacts_operatingSystem ) | No | string | No | - | operating system that is used or the application is designed for | +| - [consistsOf](#deliverableFacts_consistsOf ) | No | string | No | - | at least the URL to the source code repository, if necessary list intended additional external components and components from third party suppliers (hint: this field is meant to be populated in early or pre-development phase) | +| - [developedBy](#deliverableFacts_developedBy ) | No | string | No | - | (e.g. development team or external third party) | +| - [contact](#deliverableFacts_contact ) | No | string | No | - | (e.g. the chief developer or architect) | +| - [linkToArchitecture](#deliverableFacts_linkToArchitecture ) | No | string | No | - | link to architecture, if available | +| - [osmConcept](#deliverableFacts_osmConcept ) | No | string | No | - | link to the used open source management concept used while development | +| - [reviews](#deliverableFacts_reviews ) | No | array of object | No | - | link to the latest review reports (e.g. Open Source dependency review, snippet review, security review ,… ) each different review may be added as separate item | +| - [comment](#deliverableFacts_comment ) | No | string | No | - | Free comment about the deliverable | + +### 3.1. Property `SPDX operations profile > deliverableFacts > swLanguage` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** programming language used to implement the deliverable + +### 3.2. Property `SPDX operations profile > deliverableFacts > dependencyManager` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** dependency manager used to build the deliverable (e.g. Maven, Gradle, …) + +### 3.3. Property `SPDX operations profile > deliverableFacts > packageManager` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** package manager used with or to build the deliverable (e.g. dpkg, …) + +### 3.4. Property `SPDX operations profile > deliverableFacts > environmentFramework` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** environment or framework used to implement the deliverable (e.g. NodeJS,…) + +### 3.5. Property `SPDX operations profile > deliverableFacts > applicationCategory` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** intended way to distribute / deploy the application while development (e.g. hosted, distributed,...) + +### 3.6. Property `SPDX operations profile > deliverableFacts > applicationType` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** intended business case the application is developed for (e.g. fat client, cloud service, ...) + +### 3.7. Property `SPDX operations profile > deliverableFacts > distributionMethod` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** method how the developed deliverable is made available (e.g. docker container, ...) + +### 3.8. Property `SPDX operations profile > deliverableFacts > operatingSystem` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** operating system that is used or the application is designed for + +### 3.9. Property `SPDX operations profile > deliverableFacts > consistsOf` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** at least the URL to the source code repository, if necessary list intended additional external components and components from third party suppliers (hint: this field is meant to be populated in early or pre-development phase) + +### 3.10. Property `SPDX operations profile > deliverableFacts > developedBy` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** (e.g. development team or external third party) + +### 3.11. Property `SPDX operations profile > deliverableFacts > contact` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** (e.g. the chief developer or architect) + +### 3.12. Property `SPDX operations profile > deliverableFacts > linkToArchitecture` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** link to architecture, if available + +### 3.13. Property `SPDX operations profile > deliverableFacts > osmConcept` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** link to the used open source management concept used while development + +### 3.14. Property `SPDX operations profile > deliverableFacts > reviews` + +| | | +| ------------ | ----------------- | +| **Type** | `array of object` | +| **Required** | No | + +**Description:** link to the latest review reports (e.g. Open Source dependency review, snippet review, security review ,… ) each different review may be added as separate item + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| ----------------------------------------- | ----------- | +| [review](#deliverableFacts_reviews_items) | - | + +#### 3.14.1. SPDX operations profile > deliverableFacts > reviews > review + +**Title:** review + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------------------------------------------- | +| - [question](#deliverableFacts_reviews_items_question ) | No | string | No | - | e.g. Link to the Open Source dependency review report | + +##### 3.14.1.1. Property `SPDX operations profile > deliverableFacts > reviews > review > question` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. Link to the Open Source dependency review report + +### 3.15. Property `SPDX operations profile > deliverableFacts > comment` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Free comment about the deliverable + +## 4. Property `SPDX operations profile > supplierDeliverableFacts` + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +**Description:** Collection of facts about a deliverable from suppliers that are used as part of product/project/service described by the spdx-file. + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| - [supplierName](#supplierDeliverableFacts_supplierName ) | No | string | No | - | name of the supplier | +| - [deliverableFromSupplier](#supplierDeliverableFacts_deliverableFromSupplier ) | No | string | No | - | name or identifier of the deliverable provided by the supplier | +| - [fossTermsTowardsSupplier](#supplierDeliverableFacts_fossTermsTowardsSupplier ) | No | string | No | - | e.g. special deny or allow lists | +| - [distributionTermsFromSupplier](#supplierDeliverableFacts_distributionTermsFromSupplier ) | No | string | No | - | in case there are special project specific distribution conditions agreed that may impact the Open Source Components, please provide here | +| - [fossComplianceBundleConsumption](#supplierDeliverableFacts_fossComplianceBundleConsumption ) | No | string | No | - | e.g. 'FOSS Compliance Bundle included in Installation File' | +| - [supplierFossContact](#supplierDeliverableFacts_supplierFossContact ) | No | string | No | - | Contact person on supplier side in case urgent measures need to be taken | +| - [comment](#supplierDeliverableFacts_comment ) | No | string | No | - | Free comment about the supplier deliverable | + +### 4.1. Property `SPDX operations profile > supplierDeliverableFacts > supplierName` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** name of the supplier + +### 4.2. Property `SPDX operations profile > supplierDeliverableFacts > deliverableFromSupplier` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** name or identifier of the deliverable provided by the supplier + +### 4.3. Property `SPDX operations profile > supplierDeliverableFacts > fossTermsTowardsSupplier` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. special deny or allow lists + +### 4.4. Property `SPDX operations profile > supplierDeliverableFacts > distributionTermsFromSupplier` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** in case there are special project specific distribution conditions agreed that may impact the Open Source Components, please provide here + +### 4.5. Property `SPDX operations profile > supplierDeliverableFacts > fossComplianceBundleConsumption` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. 'FOSS Compliance Bundle included in Installation File' + +### 4.6. Property `SPDX operations profile > supplierDeliverableFacts > supplierFossContact` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Contact person on supplier side in case urgent measures need to be taken + +### 4.7. Property `SPDX operations profile > supplierDeliverableFacts > comment` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Free comment about the supplier deliverable + +## 5. Property `SPDX operations profile > exportControl` + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +**Description:** This is for export control data. + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------- | ------- | --------------- | ---------- | ---------- | ---------------------------------------------------------------- | +| - [classifications](#exportControl_classifications ) | No | array of object | No | - | export control classifications. | +| - [notRequired](#exportControl_notRequired ) | No | boolean | No | - | Set this true, if no export control context is given. | +| - [qaQuestions](#exportControl_qaQuestions ) | No | array of object | No | - | Individual, Q&A style queries not covered by any standard field. | +| - [specialTechnology](#exportControl_specialTechnology ) | No | object | No | - | - | +| - [purpose](#exportControl_purpose ) | No | string | No | - | Main purpose of this component. | +| - [countryOfOrigin](#exportControl_countryOfOrigin ) | No | array of string | No | - | country / countries of origin | +| - [manufacturer](#exportControl_manufacturer ) | No | string | No | - | - | +| - [manufacturerID](#exportControl_manufacturerID ) | No | string | No | - | ID/reference for original manufacturer dataset | +| - [address](#exportControl_address ) | No | string | No | - | Manufacturer Address | +| - [website](#exportControl_website ) | No | string | No | - | - | + +### 5.1. Property `SPDX operations profile > exportControl > classifications` + +| | | +| ------------ | ----------------- | +| **Type** | `array of object` | +| **Required** | No | + +**Description:** export control classifications. + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| --------------------------------------------------------------------- | ----------------------------- | +| [export control classification](#exportControl_classifications_items) | export control classification | + +#### 5.1.1. SPDX operations profile > exportControl > classifications > export control classification + +**Title:** export control classification + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +**Description:** export control classification + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------------------ | ------- | ------ | ---------- | ---------- | ---------------------------------------------------------------------------------------------------------------------- | +| - [classificationSystem](#exportControl_classifications_items_classificationSystem ) | No | string | No | - | referenced export control classification system (e.g. 'ECCN' or 'EAR' for US, 'Ausfuhrlistennummer' for Germany ,...). | +| - [classificationValue](#exportControl_classifications_items_classificationValue ) | No | string | No | - | e.g. EAR99 | +| - [comment](#exportControl_classifications_items_comment ) | No | string | No | - | - | + +##### 5.1.1.1. Property `SPDX operations profile > exportControl > classifications > export control classification > classificationSystem` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** referenced export control classification system (e.g. 'ECCN' or 'EAR' for US, 'Ausfuhrlistennummer' for Germany ,...). + +##### 5.1.1.2. Property `SPDX operations profile > exportControl > classifications > export control classification > classificationValue` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. EAR99 + +##### 5.1.1.3. Property `SPDX operations profile > exportControl > classifications > export control classification > comment` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +### 5.2. Property `SPDX operations profile > exportControl > notRequired` + +| | | +| ------------ | --------- | +| **Type** | `boolean` | +| **Required** | No | + +**Description:** Set this true, if no export control context is given. + +### 5.3. Property `SPDX operations profile > exportControl > qaQuestions` + +| | | +| ------------ | ----------------- | +| **Type** | `array of object` | +| **Required** | No | + +**Description:** Individual, Q&A style queries not covered by any standard field. + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| --------------------------------------------------------- | ----------- | +| [exportControlQuestion](#exportControl_qaQuestions_items) | - | + +#### 5.3.1. SPDX operations profile > exportControl > qaQuestions > exportControlQuestion + +**Title:** exportControlQuestion + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------ | ------- | ------ | ---------- | ---------- | ---------------------------------------------------------------------------------------- | +| - [question](#exportControl_qaQuestions_items_question ) | No | string | No | - | e.g. 'Was the software developed for specific (military) application and product areas?' | +| - [clarification](#exportControl_qaQuestions_items_clarification ) | No | string | No | - | - | + +##### 5.3.1.1. Property `SPDX operations profile > exportControl > qaQuestions > exportControlQuestion > question` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** e.g. 'Was the software developed for specific (military) application and product areas?' + +##### 5.3.1.2. Property `SPDX operations profile > exportControl > qaQuestions > exportControlQuestion > clarification` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +### 5.4. Property `SPDX operations profile > exportControl > specialTechnology` + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------------------------------------------------------- | ------- | ---------------- | ---------- | ---------- | -------------------------------------------------------------------------- | +| - [includesCrypto?](#exportControl_specialTechnology_includesCrypto ) | No | enum (of string) | No | - | - | +| - [cryptoDetail](#exportControl_specialTechnology_cryptoDetail ) | No | string | No | - | Cryptography/encryption technology used / encryption algorithm's strength. | +| - [externalServerCommunication?](#exportControl_specialTechnology_externalServerCommunication ) | No | enum (of string) | No | - | - | +| - [includesArtificialIntelligence?](#exportControl_specialTechnology_includesArtificialIntelligence ) | No | enum (of string) | No | - | - | + +#### 5.4.1. Property `SPDX operations profile > exportControl > specialTechnology > includesCrypto?` + +| | | +| ------------ | ------------------ | +| **Type** | `enum (of string)` | +| **Required** | No | +| **Default** | `""` | + +Must be one of: +* "Yes" +* "No" +* "NOASSERTION" + +#### 5.4.2. Property `SPDX operations profile > exportControl > specialTechnology > cryptoDetail` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Cryptography/encryption technology used / encryption algorithm's strength. + +#### 5.4.3. Property `SPDX operations profile > exportControl > specialTechnology > externalServerCommunication?` + +| | | +| ------------ | ------------------ | +| **Type** | `enum (of string)` | +| **Required** | No | +| **Default** | `""` | + +Must be one of: +* "Yes" +* "No" +* "NOASSERTION" + +#### 5.4.4. Property `SPDX operations profile > exportControl > specialTechnology > includesArtificialIntelligence?` + +| | | +| ------------ | ------------------ | +| **Type** | `enum (of string)` | +| **Required** | No | +| **Default** | `""` | + +Must be one of: +* "Yes" +* "No" +* "NOASSERTION" + +### 5.5. Property `SPDX operations profile > exportControl > purpose` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Main purpose of this component. + +### 5.6. Property `SPDX operations profile > exportControl > countryOfOrigin` + +| | | +| ------------ | ----------------- | +| **Type** | `array of string` | +| **Required** | No | + +**Description:** country / countries of origin + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| ------------------------------------------------------------- | ----------- | +| [countryOfOrigin items](#exportControl_countryOfOrigin_items) | - | + +#### 5.6.1. SPDX operations profile > exportControl > countryOfOrigin > countryOfOrigin items + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +### 5.7. Property `SPDX operations profile > exportControl > manufacturer` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +### 5.8. Property `SPDX operations profile > exportControl > manufacturerID` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** ID/reference for original manufacturer dataset + +### 5.9. Property `SPDX operations profile > exportControl > address` + +| | | +| ------------ | ---------- | +| **Type** | `string` | +| **Required** | No | +| **Format** | `textarea` | + +**Description:** Manufacturer Address + +### 5.10. Property `SPDX operations profile > exportControl > website` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +## 6. Property `SPDX operations profile > otherBusiness` + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +**Description:** Other information, that might impact business use. + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------ | ------- | --------------- | ---------- | ---------- | ---------------------------------------------------------------------- | +| - [sourceCodeProvision](#otherBusiness_sourceCodeProvision ) | No | array of object | No | - | Links for source provision for distribution. Links must be persistent! | + +### 6.1. Property `SPDX operations profile > otherBusiness > sourceCodeProvision` + +| | | +| ------------ | ----------------- | +| **Type** | `array of object` | +| **Required** | No | + +**Description:** Links for source provision for distribution. Links must be persistent! + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| ------------------------------------------------------ | ----------- | +| [Annotation](#otherBusiness_sourceCodeProvision_items) | - | + +#### 6.1.1. SPDX operations profile > otherBusiness > sourceCodeProvision > Annotation + +**Title:** Annotation + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------------------ | ------- | ------ | ---------- | ---------- | --------------------------------------------------------- | +| - [sourceLink](#otherBusiness_sourceCodeProvision_items_sourceLink ) | No | string | No | - | - | +| - [relatedSpdxElement](#otherBusiness_sourceCodeProvision_items_relatedSpdxElement ) | No | string | No | - | Reference to the respctive component in the SPDX document | + +##### 6.1.1.1. Property `SPDX operations profile > otherBusiness > sourceCodeProvision > Annotation > sourceLink` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +##### 6.1.1.2. Property `SPDX operations profile > otherBusiness > sourceCodeProvision > Annotation > relatedSpdxElement` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Reference to the respctive component in the SPDX document + +## 7. Property `SPDX operations profile > obligations` + +| | | +| ------------ | ----------------- | +| **Type** | `array of object` | +| **Required** | No | + +**Description:** Obligations that impact and/or confine the use of the component. + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| -------------------------------- | ----------- | +| [Obligation](#obligations_items) | - | + +### 7.1. SPDX operations profile > obligations > Obligation + +**Title:** Obligation + +| | | +| ------------------------- | ------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [[Any type: allowed]](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ---------------------------------------------- | ------- | ------ | ---------- | ---------- | ------------------------- | +| - [obligation](#obligations_items_obligation ) | No | string | No | - | Conditions to follow. | +| - [source](#obligations_items_source ) | No | string | No | - | Origin of the obligation. | + +#### 7.1.1. Property `SPDX operations profile > obligations > Obligation > obligation` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Conditions to follow. + +#### 7.1.2. Property `SPDX operations profile > obligations > Obligation > source` + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Origin of the obligation. + +## 8. Property `SPDX operations profile > annotations` + +| | | +| ------------ | ----------------- | +| **Type** | `array of string` | +| **Required** | No | + +**Description:** Any remarks that are not covered by provided fields. + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| -------------------------------- | ----------- | +| [Annotation](#annotations_items) | - | + +### 8.1. SPDX operations profile > annotations > Annotation + +**Title:** Annotation + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +---------------------------------------------------------------------------------------------------------------------------- +Generated using [json-schema-for-humans](https://github.com/coveooss/json-schema-for-humans) on 2024-04-12 at 16:15:23 +0200