Software Bill of Materials
sbom
The Software Bill of Materials object describes characteristics of a generated SBOM.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Created Time | created_time | Timestamp | The time when the SBOM was created. |
| Software Package | package | Software Package[] | The software package or library that is being discovered or inventoried by an SBOM. |
| Product | product | Product[] | Details about the upstream product that generated the SBOM e.g. cdxgen or Syft. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Software Components | software_components | Software Component[] | The list of software components used in the software package. |
| Type | type | String | The type of SBOM, normalized to the caption of the type_id value. In the case of 'Other', it is defined by the source. |
| Type ID | type_id | Integer | The type of SBOM.
|
| SBOM ID | uid | String | A unique identifier for the SBOM or the SBOM generation by a source tool, such as the SPDX metadata.component.bom-ref. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Version | version | String | The specification (spec) version of the particular SBOM, e.g., 1.6. |
Relationships
Inbound Relationships
These objects and events reference Software Bill of Materials in their attributes:
Outbound Relationships
Software Bill of Materials references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0
Updated 13 days ago