Software Bill of Materials

sbom

The Software Bill of Materials object describes characteristics of a generated SBOM.

Attributes

CaptionNameTypeDescription
Created Timecreated_timeTimestampThe time when the SBOM was created.
Software PackagepackageSoftware Package[]The software package or library that is being discovered or inventoried by an SBOM.
ProductproductProduct[]Details about the upstream product that generated the SBOM e.g. cdxgen or Syft.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Software Componentssoftware_componentsSoftware Component[]The list of software components used in the software package.
TypetypeStringThe type of SBOM, normalized to the caption of the type_id value. In the case of 'Other', it is defined by the source.
Type IDtype_idIntegerThe type of SBOM.
  • 1: SPDX (SPDX)
  • 2: CycloneDX (CYCLONEDX)
  • 3: SWID (SWID)
  • 0: Unknown (UNKNOWN)
  • 99: Other (OTHER)
SBOM IDuidStringA unique identifier for the SBOM or the SBOM generation by a source tool, such as the SPDX metadata.component.bom-ref.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
VersionversionStringThe specification (spec) version of the particular SBOM, e.g., 1.6.

Relationships

Software Bill of Materials shown in context

Inbound Relationships

These objects and events reference Software Bill of Materials in their attributes:

Outbound Relationships

Software Bill of Materials references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0