RelationshipType
Summary
Information about the relationship between two Elements.
Description
Provides information about the relationship between two Elements. For example, you can represent a relationship between two different Files, between a Package and a File, between two Packages, or between one SpdxDocument and another SpdxDocument.
Relationship names should be descriptive enough to easily deduce the correct direction from their name. The best way to do this is to make sure that the relationship name completes the sentence:
from
(is) (a) RELATIONSHIP
to
Metadata
https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType
Name | RelationshipType |
Entries
- affects: The
from
Vulnerability affects eachto
Element. The use of theaffects
type is constrained toVexAffectedVulnAssessmentRelationship
classed relationships. - amendedBy: The
from
Element is amended by eachto
Element. - ancestorOf: The
from
Element is an ancestor of eachto
Element. - availableFrom: The
from
Element is available from the additional supplier described by eachto
Element. - configures: The
from
Element is a configuration applied to eachto
Element, during a LifecycleScopeType period. - contains: The
from
Element contains eachto
Element. - coordinatedBy: The
from
Vulnerability is coordinatedBy theto
Agent(s) (vendor, researcher, or consumer agent). - copiedTo: The
from
Element has been copied to eachto
Element. - delegatedTo: The
from
Agent is delegating an action to the Agent of theto
Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. theto
invokedBy Relationship is being done on behalf offrom
). - dependsOn: The
from
Element depends on eachto
Element, during a LifecycleScopeType period. - descendantOf: The
from
Element is a descendant of eachto
Element. - describes: The
from
Element describes eachto
Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used. - doesNotAffect: The
from
Vulnerability has no impact on eachto
Element. The use of thedoesNotAffect
is constrained toVexNotAffectedVulnAssessmentRelationship
classed relationships. - expandsTo: The
from
archive expands out as an artifact described by eachto
Element. - exploitCreatedBy: The
from
Vulnerability has had an exploit created against it by eachto
Agent. - fixedBy: Designates a
from
Vulnerability has been fixed by theto
Agent(s). - fixedIn: A
from
Vulnerability has been fixed in eachto
Element. The use of thefixedIn
type is constrained toVexFixedVulnAssessmentRelationship
classed relationships. - foundBy: Designates a
from
Vulnerability was originally discovered by theto
Agent(s). - generates: The
from
Element generates eachto
Element. - hasAddedFile: Every
to
Element is a file added to thefrom
Element (from
hasAddedFileto
). - hasAssessmentFor: Relates a
from
Vulnerability and eachto
Element with a security assessment. To be used withVulnAssessmentRelationship
types. - hasAssociatedVulnerability: Used to associate a
from
Artifact with eachto
Vulnerability. - hasConcludedLicense: The
from
SoftwareArtifact is concluded by the SPDX data creator to be governed by eachto
license. - hasDataFile: The
from
Element treats eachto
Element as a data file. A data file is an artifact that stores data required or optional for thefrom
Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types:trainedOn
,testedOn
,hasTest
,configures
,hasInput
, andhasOutput
, respectively. This relationship does not imply dependency. - hasDeclaredLicense: The
from
SoftwareArtifact was discovered to actually contain eachto
license, for example as detected by use of automated tooling. - hasDeletedFile: Every
to
Element is a file deleted from thefrom
Element (from
hasDeletedFileto
). - hasDependencyManifest: The
from
Element has manifest files that contain dependency information in eachto
Element. - hasDistributionArtifact: The
from
Element is distributed as an artifact in eachto
Element (e.g. an RPM or archive file). - hasDocumentation: The
from
Element is documented by eachto
Element. - hasDynamicLink: The
from
Element dynamically links in eachto
Element, during a LifecycleScopeType period. - hasEvidence: Every
to
Element is considered as evidence for thefrom
Element (from
hasEvidenceto
). - hasExample: Every
to
Element is an example for thefrom
Element (from
hasExampleto
). - hasHost: The
from
Build was run on theto
Element during a LifecycleScopeType period (e.g. the host that the build runs on). - hasInput: The
from
Build has eachto
Element as an input, during a LifecycleScopeType period. - hasMetadata: Every
to
Element is metadata about thefrom
Element (from
hasMetadatato
). - hasOptionalComponent: Every
to
Element is an optional component of thefrom
Element (from
hasOptionalComponentto
). - hasOptionalDependency: The
from
Element optionally depends on eachto
Element, during a LifecycleScopeType period. - hasOutput: The
from
Build element generates eachto
Element as an output, during a LifecycleScopeType period. - hasPrerequisite: The
from
Element has a prerequisite on eachto
Element, during a LifecycleScopeType period. - hasProvidedDependency: The
from
Element has a dependency on eachto
Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period. - hasRequirement: The
from
Element has a requirement on eachto
Element, during a LifecycleScopeType period. - hasSpecification: Every
to
Element is a specification for thefrom
Element (from
hasSpecificationto
), during a LifecycleScopeType period. - hasStaticLink: The
from
Element statically links in eachto
Element, during a LifecycleScopeType period. - hasTest: Every
to
Element is a test artifact for thefrom
Element (from
hasTestto
), during a LifecycleScopeType period. - hasTestCase: Every
to
Element is a test case for thefrom
Element (from
hasTestCaseto
). - hasVariant: Every
to
Element is a variant thefrom
Element (from
hasVariantto
). - invokedBy: The
from
Element was invoked by theto
Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step). - modifiedBy: The
from
Element is modified by eachto
Element. - other: Every
to
Element is related to thefrom
Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless). - packagedBy: Every
to
Element is a packaged instance of thefrom
Element (from
packagedByto
). - patchedBy: Every
to
Element is a patch for thefrom
Element (from
patchedByto
). - publishedBy: Designates a
from
Vulnerability was made available for public use or reference by eachto
Agent. - reportedBy: Designates a
from
Vulnerability was first reported to a project, vendor, or tracking database for formal identification by eachto
Agent. - republishedBy: Designates a
from
Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by eachto
Agent. - serializedInArtifact: The
from
SpdxDocument can be found in a serialized form in eachto
Artifact. - testedOn: The
from
Element has been tested on theto
Element(s). - trainedOn: The
from
Element has been trained on theto
Element(s). - underInvestigationFor: The
from
Vulnerability impact is being investigated for eachto
Element. The use of theunderInvestigationFor
type is constrained toVexUnderInvestigationVulnAssessmentRelationship
classed relationships. - usesTool: The
from
Element uses eachto
Element as a tool, during a LifecycleScopeType period.