-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathOpossumOutputFileSchema.json
154 lines (154 loc) · 5.48 KB
/
OpossumOutputFileSchema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
{
"id": "#OpossumOutputFileSchema",
"title": "Opossum output schema",
"description": "Output files mainly consist of selected attribution information for parts of the input file tree and metadata.",
"type": "object",
"properties": {
"metadata": {
"type": "object",
"properties": {
"projectId": {
"type": "string",
"description": "An ID for the compliance scan, copied from the input file."
},
"fileCreationDate": {
"type": "string",
"description": "Only for documentation, arbitrary format."
},
"inputFileMD5Checksum": {
"type": "string",
"description": "Checksum to check if the input file has changed."
}
},
"required": ["projectId", "fileCreationDate"],
"additionalProperties": false
},
"manualAttributions": {
"type": "object",
"additionalProperties": {
"type": "object",
"properties": {
"packageName": {
"type": "string",
"description": "Name of the package (part of a package URL)"
},
"packageVersion": {
"type": "string",
"description": "Version of the package (part of a package URL)"
},
"packageNamespace": {
"type": "string",
"description": "Namespace of the package, e.g. Github user (part of a package URL)"
},
"packageType": {
"type": "string",
"description": "Protocol of the package, e.g. npm, maven (part of a package URL)"
},
"packagePURLAppendix": {
"type": "string",
"description": "Qualifiers and subpaths of a package URL"
},
"url": {
"type": "string",
"description": "URL for the source website of the package"
},
"licenseName": {
"type": "string",
"description": "Name of the license, ideally SPDX identifier but can also contain arbitrary names"
},
"licenseText": {
"type": "string",
"description": "Text of the license"
},
"attributionConfidence": {
"type": "number",
"description": "How much the information is trusted (0: bad, 100: good)",
"minimum": 0,
"maximum": 100
},
"comment": {
"type": "string",
"description": "Additional human-readable comments about the attribution that don't fit into other fields"
},
"criticality": {
"type": "string",
"description": "Indication on how critical a signal is. Possible values are \"high\" and \"medium\"."
},
"copyright": {
"type": "string",
"description": "Copyright of the package"
},
"firstParty": {
"type": "boolean",
"description": "Indicates that something is first-party code."
},
"preSelected": {
"type": "boolean",
"description": "Indicates that an attribution was pre-selected from the input file."
},
"excludeFromNotice": {
"type": "boolean",
"description": "Indicates that an attribution should not be included in a notice file."
},
"followUp": {
"type": "string",
"enum": ["FOLLOW_UP"],
"description": "Indicates that an attribution is problematic and needs to be followed up."
},
"originId": {
"type": "string",
"description": "Can be set to track a signal from the tooling that generated the input file. Copied from the input file"
},
"originIds": {
"type": "array",
"description": "Like originId but considers that a signal can have more than a single origin.",
"items": {
"type": "string"
}
},
"needsReview": {
"type": "boolean",
"description": "Indicates that the information in an attribution needs further review."
},
"preferred": {
"type": "boolean",
"description": "Indicates that the attribution has been marked as preferred by a user."
},
"preferredOverOriginIds": {
"type": "array",
"description": "OriginIds of all attributions this one is preferred over.",
"items": {
"type": "string"
}
},
"wasPreferred": {
"type": "boolean",
"description": "Indicates that the attribution had previously been marked as preferred."
}
},
"required": [],
"additionalProperties": true
}
},
"resourcesToAttributions": {
"type": "object",
"description": "Map from a path in the resource tree (e.g. `/folder/subfolder/`, `/folder/file`, note the mandatory slashes at the beginning and end) to a list of attribution IDs.",
"additionalProperties": {
"type": "array",
"description": "List of attribution IDs",
"items": {
"type": "string"
}
}
},
"resolvedExternalAttributions": {
"type": "array",
"description": "List of attribution IDs for input signals that are resolved.",
"items": {
"type": "string"
}
}
},
"required": ["metadata", "manualAttributions", "resourcesToAttributions"],
"additionalProperties": true
}