forked from opossum-tool/OpossumUI
-
Notifications
You must be signed in to change notification settings - Fork 0
/
OpossumOutputFileSchema.json
128 lines (128 loc) · 4.51 KB
/
OpossumOutputFileSchema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
{
"id": "#OpossumOutputFileSchema",
"title": "Opossum output schema",
"description": "Output files mainly consist of selected attribution information for parts of the input file tree and metadata.",
"type": "object",
"properties": {
"metadata": {
"type": "object",
"properties": {
"projectId": {
"type": "string",
"description": "An ID for the compliance scan, copied from the input file."
},
"fileCreationDate": {
"type": "string",
"description": "Only for documentation, arbitrary format."
},
"inputFileMD5Checksum": {
"type": "string",
"description": "Checksum to check if the input file has changed."
}
},
"required": ["projectId", "fileCreationDate"],
"additionalProperties": false
},
"manualAttributions": {
"type": "object",
"additionalProperties": {
"type": "object",
"properties": {
"packageName": {
"type": "string",
"description": "Name of the package (part of a package URL)"
},
"packageVersion": {
"type": "string",
"description": "Version of the package (part of a package URL)"
},
"packageNamespace": {
"type": "string",
"description": "Namespace of the pacakge, e.g. Github user (part of a package URL)"
},
"packageType": {
"type": "string",
"description": "Protocol of the package, e.g. npm, maven (part of a package URL)"
},
"packagePURLAppendix": {
"type": "string",
"description": "Qualifiers and subpaths of a package URL"
},
"url": {
"type": "string",
"description": "URL for the source website of the package"
},
"licenseName": {
"type": "string",
"description": "Name of the license, ideally SPDX identifier but can also contain arbitrary names"
},
"licenseText": {
"type": "string",
"description": "Text of the license"
},
"attributionConfidence": {
"type": "number",
"description": "How much the information is trusted (0: bad, 100: good)",
"minimum": 0,
"maximum": 100
},
"comment": {
"type": "string",
"description": "Additional human-readable comments about the attribution that don't fit into other fields"
},
"criticality": {
"type": "string",
"description": "Indication on how critical a signal is. Possible values are \"high\" and \"medium\"."
},
"copyright": {
"type": "string",
"description": "Copyright of the package"
},
"firstParty": {
"type": "boolean",
"description": "Indicates that something is first-party code."
},
"preSelected": {
"type": "boolean",
"description": "Indicates that an attribution was pre-selected from the input file."
},
"excludeFromNotice": {
"type": "boolean",
"description": "Indicates that an attribution should not be included in a notice file."
},
"followUp": {
"type": "string",
"enum": ["FOLLOW_UP"],
"description": "Indicates that an attribution is problematic and needs to be followed up."
},
"originId": {
"type": "string",
"description": "Can be set to track a signal from the tooling that generated the input file. Copied from the input file"
}
},
"required": [],
"additionalProperties": false
}
},
"resourcesToAttributions": {
"type": "object",
"description": "Map from a path in the resource tree (e.g. `/folder/subfolder/`, `/folder/file`, note the mandatory slashes at the beginning and end) to a list of attribution IDs.",
"additionalProperties": {
"type": "array",
"description": "List of attribution IDs",
"items": {
"type": "string"
}
}
},
"resolvedExternalAttributions": {
"type": "array",
"description": "List of attribution IDs for input signals that are resolved.",
"items": {
"type": "string"
}
}
},
"required": ["metadata", "manualAttributions", "resourcesToAttributions"],
"additionalProperties": true
}