Class: Sbom
The Software Bill of Materials object describes characteristics of a generated
SBOM.
URI: ocsf:Sbom
classDiagram
class Sbom
click Sbom href "../Sbom/"
Object <|-- Sbom
click Object href "../Object/"
Sbom : created_time
Sbom : package
Sbom --> "1" Package : package
click Package href "../Package/"
Sbom : product
Sbom --> "0..1 _recommended_" Product : product
click Product href "../Product/"
Sbom : software_components
Sbom --> "1..*" SoftwareComponent : software_components
click SoftwareComponent href "../SoftwareComponent/"
Sbom : type
Sbom : type_id
Sbom --> "0..1 _recommended_" SbomTypeIdEnum : type_id
click SbomTypeIdEnum href "../SbomTypeIdEnum/"
Sbom : uid
Sbom : version
Inheritance
- OcsfObject
- Object
- Sbom
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| created_time | 0..1 recommended TimestampT |
The time when the SBOM was created | direct |
| package | 1 Package |
The software package or library that is being discovered or inventoried by an | direct |
| product | 0..1 recommended Product |
Details about the upstream product that generated the SBOM e | direct |
| software_components | 1..* SoftwareComponent |
The list of software components used in the software package | direct |
| type | 0..1 String |
The type of SBOM, normalized to the caption of the type_id value |
direct |
| type_id | 0..1 recommended SbomTypeIdEnum |
The type of SBOM | direct |
| uid | 0..1 String |
A unique identifier for the SBOM or the SBOM generation by a source tool, suc... | direct |
| version | 0..1 String |
The specification (spec) version of the particular SBOM, e | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| ApplicationObject | sbom | range | Sbom |
| SoftwareInfo | sbom | range | Sbom |
In Subsets
Aliases
- Software Bill of Materials
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Sbom |
| native | ocsf:Sbom |
LinkML Source
Direct
name: Sbom
description: 'The Software Bill of Materials object describes characteristics of a
generated
SBOM.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Software Bill of Materials
is_a: Object
slots:
- created_time
- package
- product
- software_components
- type
- type_id
- uid
- version
slot_usage:
created_time:
name: created_time
description: The time when the SBOM was created.
recommended: true
package:
name: package
description: 'The software package or library that is being discovered or inventoried
by an
SBOM.'
required: true
product:
name: product
description: 'Details about the upstream product that generated the SBOM e.g.
<code>cdxgen</code> or <code>Syft</code>.'
recommended: true
software_components:
name: software_components
required: true
type:
name: type
description: 'The type of SBOM, normalized to the caption of the <code>type_id</code>
value.
In the case of ''Other'', it is defined by the source.'
type_id:
name: type_id
description: The type of SBOM.
range: SbomTypeIdEnum
recommended: true
uid:
name: uid
description: 'A unique identifier for the SBOM or the SBOM generation by a source
tool, such
as the SPDX <code>metadata.component.bom-ref</code>.'
version:
name: version
description: 'The specification (spec) version of the particular SBOM, e.g.,
<code>1.6</code>.'
Induced
name: Sbom
description: 'The Software Bill of Materials object describes characteristics of a
generated
SBOM.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Software Bill of Materials
is_a: Object
slot_usage:
created_time:
name: created_time
description: The time when the SBOM was created.
recommended: true
package:
name: package
description: 'The software package or library that is being discovered or inventoried
by an
SBOM.'
required: true
product:
name: product
description: 'Details about the upstream product that generated the SBOM e.g.
<code>cdxgen</code> or <code>Syft</code>.'
recommended: true
software_components:
name: software_components
required: true
type:
name: type
description: 'The type of SBOM, normalized to the caption of the <code>type_id</code>
value.
In the case of ''Other'', it is defined by the source.'
type_id:
name: type_id
description: The type of SBOM.
range: SbomTypeIdEnum
recommended: true
uid:
name: uid
description: 'A unique identifier for the SBOM or the SBOM generation by a source
tool, such
as the SPDX <code>metadata.component.bom-ref</code>.'
version:
name: version
description: 'The specification (spec) version of the particular SBOM, e.g.,
<code>1.6</code>.'
attributes:
created_time:
name: created_time
description: The time when the SBOM was created.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: Sbom
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
recommended: true
package:
name: package
description: 'The software package or library that is being discovered or inventoried
by an
SBOM.'
notes:
- 'D3FEND™ Ontology d3f:SoftwarePackage. —
https://d3fend.mitre.org/dao/artifact/d3f:SoftwarePackage/'
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:SoftwarePackage/
aliases:
- Software Package
rank: 1000
alias: package
owner: Sbom
domain_of:
- Sbom
- SoftwareInfo
range: Package
required: true
product:
name: product
description: 'Details about the upstream product that generated the SBOM e.g.
<code>cdxgen</code> or <code>Syft</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Product
rank: 1000
alias: product
owner: Sbom
domain_of:
- RelatedEvent
- Sbom
- Advisory
- Cve
- File
- FindingObject
- FindingInfo
- KbArticle
- Logger
- Metadata
- TransformationInfo
- SoftwareInfo
range: Product
recommended: true
software_components:
name: software_components
description: The list of software components used in the software package.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Software Components
rank: 1000
alias: software_components
owner: Sbom
domain_of:
- Sbom
range: SoftwareComponent
required: true
multivalued: true
type:
name: type
description: 'The type of SBOM, normalized to the caption of the <code>type_id</code>
value.
In the case of ''Other'', it is defined by the source.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: Sbom
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
type_id:
name: type_id
annotations:
sibling:
tag: sibling
value: type
description: The type of SBOM.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type ID
rank: 1000
alias: type_id
owner: Sbom
domain_of:
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Account
- Agent
- Analytic
- AuthenticationToken
- Database
- Databucket
- DomainContact
- Endpoint
- File
- Ja4Fingerprint
- Kernel
- ManagedEntity
- NetworkEndpoint
- NetworkInterface
- PeripheralDevice
- Scan
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- Device
- DatastoreActivity
- RegValue
- WinResource
range: SbomTypeIdEnum
recommended: true
uid:
name: uid
description: 'A unique identifier for the SBOM or the SBOM generation by a source
tool, such
as the SPDX <code>metadata.component.bom-ref</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Sbom
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
version:
name: version
description: 'The specification (spec) version of the particular SBOM, e.g.,
<code>1.6</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: Sbom
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string