|
| 1 | +// This file is part of CycloneDX Library for .NET |
| 2 | +// |
| 3 | +// Licensed under the Apache License, Version 2.0 (the “License”); |
| 4 | +// you may not use this file except in compliance with the License. |
| 5 | +// You may obtain a copy of the License at |
| 6 | +// |
| 7 | +// http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | +// |
| 9 | +// Unless required by applicable law or agreed to in writing, software |
| 10 | +// distributed under the License is distributed on an “AS IS” BASIS, |
| 11 | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | +// See the License for the specific language governing permissions and |
| 13 | +// limitations under the License. |
| 14 | +// |
| 15 | +// SPDX-License-Identifier: Apache-2.0 |
| 16 | +// Copyright (c) OWASP Foundation. All Rights Reserved. |
| 17 | + |
| 18 | +using System; |
| 19 | +using System.Collections.Generic; |
| 20 | +using System.Text.Json.Serialization; |
| 21 | + |
| 22 | +namespace CycloneDX.Spdx.Models.v2_2 |
| 23 | +{ |
| 24 | + public class Package |
| 25 | + { |
| 26 | + /// <summary> |
| 27 | + /// Uniquely identify any element in an SPDX document which may be referenced by other elements. |
| 28 | + /// </summary> |
| 29 | + [JsonPropertyName("SPDXID")] |
| 30 | + public string SPDXID { get; set; } |
| 31 | + |
| 32 | + /// <summary> |
| 33 | + /// Provide additional information about an SpdxElement. |
| 34 | + /// </summary> |
| 35 | + public List<Annotation> Annotations { get; set; } |
| 36 | + |
| 37 | + /// <summary> |
| 38 | + /// This field provides a place for the SPDX data creator to record acknowledgements that may be required to be communicated in some contexts. This is not meant to include theactual complete license text (see licenseConculded and licenseDeclared), and may or may not include copyright notices (see also copyrightText). The SPDX data creator may use this field to record other acknowledgements, such as particular clauses from license texts, which may be necessary or desirable to reproduce. |
| 39 | + /// </summary> |
| 40 | + public List<string> AttributionTexts { get; set; } |
| 41 | + |
| 42 | + /// <summary> |
| 43 | + /// The checksum property provides a mechanism that can be used to verify that the contents of a File or Package have not changed. |
| 44 | + /// </summary> |
| 45 | + public List<Checksum> Checksums { get; set; } |
| 46 | + |
| 47 | + /// <summary> |
| 48 | + /// The text of copyright declarations recited in the Package or File. |
| 49 | + /// </summary> |
| 50 | + public string CopyrightText { get; set; } |
| 51 | + |
| 52 | + /// <summary> |
| 53 | + /// Provides a detailed description of the package. |
| 54 | + /// </summary> |
| 55 | + public string Description { get; set; } |
| 56 | + |
| 57 | + /// <summary> |
| 58 | + /// The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are acceptable as values of this property. The values http://spdx.org/rdf/terms#none and http://spdx.org/rdf/terms#noassertion may be used to specify that the package is not downloadable or that no attempt was made to determine its download location, respectively. |
| 59 | + /// </summary> |
| 60 | + public string DownloadLocation { get; set; } |
| 61 | + |
| 62 | + /// <summary> |
| 63 | + /// An External Reference allows a Package to reference an external source of additional information, metadata, enumerations, asset identifiers, or downloadable content believed to be relevant to the Package. |
| 64 | + /// </summary> |
| 65 | + public List<ExternalRef> ExternalRefs { get; set; } |
| 66 | + |
| 67 | + /// <summary> |
| 68 | + /// Indicates whether the file content of this package has been available for or subjected to analysis when creating the SPDX document. If false indicates packages that represent metadata or URI references to a project, product, artifact, distribution or a component. If set to false, the package must not contain any files. |
| 69 | + /// </summary> |
| 70 | + public bool? FilesAnalyzed { get; set; } |
| 71 | + |
| 72 | + /// <summary> |
| 73 | + /// Indicates that a particular file belongs to a package. |
| 74 | + /// </summary> |
| 75 | + public List<string> HasFiles { get; set; } |
| 76 | + |
| 77 | + public string Homepage { get; set; } |
| 78 | + |
| 79 | + /// <summary> |
| 80 | + /// The licenseComments property allows the preparer of the SPDX document to describe why the licensing in spdx:licenseConcluded was chosen. |
| 81 | + /// </summary> |
| 82 | + public string LicenseComments { get; set; } |
| 83 | + |
| 84 | + /// <summary> |
| 85 | + /// License expression for licenseConcluded. The licensing that the preparer of this SPDX document has concluded, based on the evidence, actually applies to the package. |
| 86 | + /// </summary> |
| 87 | + public string LicenseConcluded { get; set; } |
| 88 | + |
| 89 | + /// <summary> |
| 90 | + /// License expression for licenseDeclared. The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist. |
| 91 | + /// </summary> |
| 92 | + public string LicenseDeclared { get; set; } |
| 93 | + |
| 94 | + /// <summary> |
| 95 | + /// The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of alllicenseInfoInFile properties of all files contained in the package. |
| 96 | + /// </summary> |
| 97 | + public List<string> LicenseInfoFromFiles { get; set; } |
| 98 | + |
| 99 | + /// <summary> |
| 100 | + /// Identify name of this SpdxElement. |
| 101 | + /// </summary> |
| 102 | + public string Name { get; set; } |
| 103 | + |
| 104 | + /// <summary> |
| 105 | + /// The name and, optionally, contact information of the person or organization that originally created the package. Values of this property must conform to the agent and tool syntax. |
| 106 | + /// </summary> |
| 107 | + public string Originator { get; set; } |
| 108 | + |
| 109 | + /// <summary> |
| 110 | + /// The base name of the package file name. For example, zlib-1.2.5.tar.gz. |
| 111 | + /// </summary> |
| 112 | + public string PackageFileName { get; set; } |
| 113 | + |
| 114 | + /// <summary> |
| 115 | + /// A manifest based verification code (the algorithm is defined in section 4.7 of the full specification) of the SPDX Item. This allows consumers of this data and/or database to determine if an SPDX item they have in hand is identical to the SPDX item from which the data was produced. This algorithm works even if the SPDX document is included in the SPDX item. |
| 116 | + /// </summary> |
| 117 | + public PackageVerificationCode PackageVerificationCode { get; set; } |
| 118 | + |
| 119 | + /// <summary> |
| 120 | + /// Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source. |
| 121 | + /// </summary> |
| 122 | + public string SourceInfo { get; set; } |
| 123 | + |
| 124 | + /// <summary> |
| 125 | + /// Provides a short description of the package. |
| 126 | + /// </summary> |
| 127 | + public string Summary { get; set; } |
| 128 | + |
| 129 | + /// <summary> |
| 130 | + /// The name and, optionally, contact information of the person or organization who was the immediate supplier of this package to the recipient. The supplier may be different than originator when the software has been repackaged. Values of this property must conform to the agent and tool syntax. |
| 131 | + /// </summary> |
| 132 | + public string Supplier { get; set; } |
| 133 | + |
| 134 | + public string Comment { get; set; } |
| 135 | + |
| 136 | + /// <summary> |
| 137 | + /// Provides an indication of the version of the package that is described by this SpdxDocument. |
| 138 | + /// </summary> |
| 139 | + public string VersionInfo { get; set; } |
| 140 | + } |
| 141 | +} |
0 commit comments