RelationshipType
Summary
Information about the relationship between two Elements.
Description
Provides information about the relationship between two Elements. For example, you can represent a relationship between two different Files, between a Package and a File, between two Packages, or between one SPDXDocument and another SPDXDocument.
Relationship names be descriptive enough to easily deduce the correct direction from their name. The best way to do this is to make sure that the relationship name completes the sentence:
from
(is) (a) RELATIONSHIP
to
Metadata
https://spdx.org/rdf/3.0.0/terms/Core/RelationshipType
Name | RelationshipType |
Entries
- affects: (Security/VEX) The
from
vulnerability affect eachto
Element - amendedBy: The
from
Element is amended by eachto
Element - ancestorOf: The
from
Element is an ancestor of eachto
Element - availableFrom: The
from
Element is available from the additional supplier described by eachto
Element - configures: The
from
Element is a configuration applied to eachto
Element during a LifecycleScopeType period - contains: The
from
Element contains eachto
Element - coordinatedBy: (Security) The
from
Vulnerability is coordinatedBy theto
Agent(s) (vendor, researcher, or consumer agent) - copiedTo: The
from
Element has been copied to eachto
Element - delegatedTo: The
from
Agent is delegating an action to the Agent of theto
Relationship (which must be of type invokedBy) during a LifecycleScopeType. (e.g. theto
invokedBy Relationship is being done on behalf offrom
) - dependsOn: The
from
Element depends on eachto
Element during a LifecycleScopeType period. - descendantOf: The
from
Element is a descendant of eachto
Element - describes: The
from
Element describes eachto
Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used. - doesNotAffect: (Security/VEX) The
from
Vulnerability has no impact on eachto
Element - expandsTo: The
from
archive expands out as an artifact described by eachto
Element - exploitCreatedBy: (Security) The
from
Vulnerability has had an exploit created against it by eachto
Agent - fixedBy: (Security) Designates a
from
Vulnerability has been fixed by theto
Agent(s) - fixedIn: (Security/VEX) A
from
Vulnerability has been fixed in each of theto
Element(s) - foundBy: (Security) Designates a
from
Vulnerability was originally discovered by theto
Agent(s) - generates: The
from
Element generates eachto
Element - hasAddedFile: Every
to
Element is is a file added to thefrom
Element (from
hasAddedFileto
) - hasAssessmentFor: (Security) Relates a
from
Vulnerability and eachto
Element(s) with a security assessment. To be used withVulnAssessmentRelationship
types - hasAssociatedVulnerability: (Security) Used to associate a
from
Artifact with eachto
Vulnerability - hasConcludedLicense: The
from
Software Artifact is concluded by the SPDX data creator to be governed by eachto
license - hasDataFile: The
from
Element treats eachto
Element as a data file - hasDeclaredLicense: The
from
Software Artifact was discovered to actually contain eachto
license, for example as detected by use of automated tooling. - hasDeletedFile: Every
to
Element is a file deleted from thefrom
Element (from
hasDeletedFileto
) - hasDependencyManifest: The
from
Element has manifest files that contain dependency information in eachto
Element - hasDistributionArtifact: The
from
Element is distributed as an artifact in each Elementto
, (e.g. an RPM or archive file) - hasDocumentation: The
from
Element is documented by eachto
Element - hasDynamicLink: The
from
Element dynamically links in eachto
Element, during a LifecycleScopeType period. - hasEvidence: (Dataset) Every
to
Element is considered as evidence for thefrom
Element (from
hasEvidenceto
) - hasExample: Every
to
Element is an example for thefrom
Element (from
hasExampleto
) - hasHost: The
from
Build was run on theto
Element during a LifecycleScopeType period (e.g. The host that the build runs on) - hasInputs: The
from
Build has eachto
Elements as an input during a LifecycleScopeType period. - hasMetadata: Every
to
Element is metadata about thefrom
Element (from
hasMetadatato
) - hasOptionalComponent: Every
to
Element is an optional component of thefrom
Element (from
hasOptionalComponentto`)
- hasOptionalDependency: The
from
Element optionally depends on eachto
Element during a LifecycleScopeType period - hasOutputs: The
from
Build element generates eachto
Element as an output during a LifecycleScopeType period. - hasPrerequsite: The
from
Element has a prerequsite on eachto
Element, during a LifecycleScopeType period - hasProvidedDependency: The
from
Element has a dependency on eachto
Element, but dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period - hasRequirement: The
from
Element has a requirement on eachto
Element, during a LifecycleScopeType period - hasSpecification: Every
to
Element is a specification for thefrom
Element (from
hasSpecificationto
), during a LifecycleScopeType period - hasStaticLink: The
from
Element statically links in eachto
Element, during a LifecycleScopeType period - hasTest: Every
to
Element is a test artifact for thefrom
Element (from
hasTestto
), during a LifecycleScopeType period - hasTestCase: Every
to
Element is a test case for thefrom
Element (from
hasTestCaseto
) - hasVariant: Every
to
Element is a variant thefrom
Element (from
hasVariantto
) - invokedBy: The
from
Element was invoked by theto
Agent during a LifecycleScopeType period (for example, a Build element that describes a build step) - modifiedBy: The
from
Element is modified by eachto
Element - other: Every
to
Element is related to thefrom
Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless) - packagedBy: Every
to
Element is a packaged instance of thefrom
Element (from
packagedByto
) - patchedBy: Every
to
Element is a patch for thefrom
Element (from
patchedByto
) - publishedBy: (Security) Designates a
from
Vulnerability was made available for public use or reference by eachto
Agent - reportedBy: (Security) Designates a
from
Vulnerability was first reported to a project, vendor, or tracking database for formal identification by eachto
Agent - republishedBy: (Security) Designates a
from
Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by ato
Agent(s) - serializedInArtifact: The
from
SPDXDocument can be found in a serialized form in eachto
Artifact - testedOn: (AI, Dataset) The
from
Element has been tested on theto
Element - trainedOn: (AI, Dataset) The
from
Element has been trained by theto
Element(s) - underInvestigationFor: (Security/VEX) The
from
Vulnerability impact is being investigated for eachto
Element - usesTool: The
from
Element uses eachto
Element as a tool during a LifecycleScopeType period.