Skip to content

Class: DependencyInventory

A comprehensive inventory of all third-party build dependencies for an artifact, capturing direct and transitive dependencies. Supports vulnerability management and incident response.

URI: slsa:DependencyInventory

 classDiagram
    class DependencyInventory
    click DependencyInventory href "../DependencyInventory/"
      DependencyInventory : artifact





        DependencyInventory --> "0..1" ResourceDescriptor : artifact
        click ResourceDescriptor href "../ResourceDescriptor/"



      DependencyInventory : dependencies





        DependencyInventory --> "*" ResourceDescriptor : dependencies
        click ResourceDescriptor href "../ResourceDescriptor/"



      DependencyInventory : dependencyLevel





        DependencyInventory --> "0..1" DependencyLevelEnum : dependencyLevel
        click DependencyLevelEnum href "../DependencyLevelEnum/"

Slots

Name Cardinality and Range Description Inheritance
artifact 0..1
ResourceDescriptor		 A specific immutable package artifact or the artifact whose dependency invent... direct
dependencies *
ResourceDescriptor		 All third-party build dependencies (direct and transitive) for an artifact ve... direct
dependencyLevel 0..1
DependencyLevelEnum		 The SLSA Dependency Level that this inventory and associated triage process s... direct

In Subsets

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/slsa

Mappings

Mapping Type Mapped Value
self slsa:DependencyInventory
native slsa:DependencyInventory

LinkML Source

Direct

name: DependencyInventory
description: A comprehensive inventory of all third-party build dependencies for an
  artifact, capturing direct and transitive dependencies. Supports vulnerability management
  and incident response.
in_subset:
- slsa_dependency_track
from_schema: https://w3id.org/lmodel/slsa
slots:
- artifact
- dependencies
- dependencyLevel

Induced

name: DependencyInventory
description: A comprehensive inventory of all third-party build dependencies for an
  artifact, capturing direct and transitive dependencies. Supports vulnerability management
  and incident response.
in_subset:
- slsa_dependency_track
from_schema: https://w3id.org/lmodel/slsa
attributes:
  artifact:
    name: artifact
    description: A specific immutable package artifact or the artifact whose dependency
      inventory is recorded.
    in_subset:
    - slsa_build_track
    - slsa_dependency_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: artifact
    owner: DependencyInventory
    domain_of:
    - Package
    - DependencyInventory
    range: ResourceDescriptor
    inlined: true
  dependencies:
    name: dependencies
    description: All third-party build dependencies (direct and transitive) for an
      artifact version, identified by URI and digest.
    in_subset:
    - slsa_dependency_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: dependencies
    owner: DependencyInventory
    domain_of:
    - DependencyInventory
    range: ResourceDescriptor
    multivalued: true
    inlined: true
    inlined_as_list: true
  dependencyLevel:
    name: dependencyLevel
    description: The SLSA Dependency Level that this inventory and associated triage
      process supports.
    in_subset:
    - slsa_dependency_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: dependencyLevel
    owner: DependencyInventory
    domain_of:
    - DependencyInventory
    range: DependencyLevelEnum