You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 27, 2022. It is now read-only.
Clarify the semantics of the artifacts/documentDescribes in the Document as to whether this association is just for the artifacts described by the document or ALL artifacts contained within the SBOM.
SPDX uses the similar documentDescribes to describe the Artifacts the document is describing. The documentDescribes does not include all artifacts included in the document (e.g. if the Document is describing a package and that package contains files, the files will be included in the document but would not be part of the documentDescribes attribute).
Propose artifacts/documentDescribes having the same semantics as SPDX.
The text was updated successfully, but these errors were encountered:
in the current proposition, the "artifacts" were the pieces of software the "Document" is providing visibility about, even if limited (e.g., limited to the fields from the "Artifact" class alone) and the "referencedArtifacts" from the "Document" were only references to pieces of software that are useful in the context of the "Document" to define relationships, activities, etc. but they are outside the perimeter of the "Document".
to reuse the example from previous comment, if the Document is describing a package and that package contains files, the files will also be included in the document but would not be part of the artifacts attribute, they would be part of the files attribute of the Artifacts from the artifacts attribute of the Document.
Clarify the semantics of the artifacts/documentDescribes in the Document as to whether this association is just for the artifacts described by the document or ALL artifacts contained within the SBOM.
SPDX uses the similar documentDescribes to describe the Artifacts the document is describing. The documentDescribes does not include all artifacts included in the document (e.g. if the Document is describing a package and that package contains files, the files will be included in the document but would not be part of the documentDescribes attribute).
Propose artifacts/documentDescribes having the same semantics as SPDX.
The text was updated successfully, but these errors were encountered: