Skip to content

Class: ResourceDescriptor

A reference to a software artifact including its location, digest, and optional metadata. Used throughout SLSA to describe inputs, outputs, and dependencies in provenance attestations.

URI: slsa:ResourceDescriptor

 classDiagram
    class ResourceDescriptor
    click ResourceDescriptor href "../ResourceDescriptor/"
      ResourceDescriptor : annotations

      ResourceDescriptor : digest





        ResourceDescriptor --> "0..1" DigestSet : digest
        click DigestSet href "../DigestSet/"



      ResourceDescriptor : downloadLocation

      ResourceDescriptor : mediaType

      ResourceDescriptor : name

      ResourceDescriptor : uri

Slots

Name Cardinality and Range Description Inheritance
uri 0..1
String		 A URI uniquely identifying a resource, such as a package URL (purl), git repo... direct
digest 0..1
DigestSet		 Set of cryptographic digests of a resource's content used for integrity verif... direct
name 0..1
String		 A local name for a resource within the context of an attestation, or the name... direct
downloadLocation 0..1
String		 URI from which a resource can be downloaded, if different from its identifyin... direct
mediaType 0..1
String		 IANA media type of a resource's content (e direct
annotations *
String		 Arbitrary vendor-specific key-value annotations direct

Usages

used by used in type used
Statement subject range ResourceDescriptor
BuildProvenance subject range ResourceDescriptor
BuildDefinition resolvedDependencies range ResourceDescriptor
RunDetails byproducts range ResourceDescriptor
Builder builderDependencies range ResourceDescriptor
VerificationSummaryAttestation policy range ResourceDescriptor
VerificationSummaryAttestation inputAttestations range ResourceDescriptor
VerificationSummaryAttestation subject range ResourceDescriptor
Package artifact range ResourceDescriptor
SourceProvenanceAttestation subject range ResourceDescriptor
DependencyInventory artifact range ResourceDescriptor
DependencyInventory dependencies range ResourceDescriptor
BuildEnvironmentAttestation subject range ResourceDescriptor

In Subsets

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/slsa

Mappings

Mapping Type Mapped Value
self slsa:ResourceDescriptor
native slsa:ResourceDescriptor

LinkML Source

Direct

name: ResourceDescriptor
description: A reference to a software artifact including its location, digest, and
  optional metadata. Used throughout SLSA to describe inputs, outputs, and dependencies
  in provenance attestations.
in_subset:
- slsa_build_track
- slsa_source_track
- slsa_dependency_track
- slsa_build_env_track
from_schema: https://w3id.org/lmodel/slsa
slots:
- uri
- digest
- name
- downloadLocation
- mediaType
- annotations

Induced

name: ResourceDescriptor
description: A reference to a software artifact including its location, digest, and
  optional metadata. Used throughout SLSA to describe inputs, outputs, and dependencies
  in provenance attestations.
in_subset:
- slsa_build_track
- slsa_source_track
- slsa_dependency_track
- slsa_build_env_track
from_schema: https://w3id.org/lmodel/slsa
attributes:
  uri:
    name: uri
    description: A URI uniquely identifying a resource, such as a package URL (purl),
      git repository URL, or OCI image reference.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_dependency_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: uri
    owner: ResourceDescriptor
    domain_of:
    - ResourceDescriptor
    range: string
  digest:
    name: digest
    description: Set of cryptographic digests of a resource's content used for integrity
      verification.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_dependency_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: digest
    owner: ResourceDescriptor
    domain_of:
    - ResourceDescriptor
    range: DigestSet
    inlined: true
  name:
    name: name
    description: A local name for a resource within the context of an attestation,
      or the name of a package, producer, or party.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_dependency_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: name
    owner: ResourceDescriptor
    domain_of:
    - ResourceDescriptor
    - Producer
    - Package
    range: string
  downloadLocation:
    name: downloadLocation
    description: URI from which a resource can be downloaded, if different from its
      identifying URI.
    in_subset:
    - slsa_build_track
    - slsa_dependency_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: downloadLocation
    owner: ResourceDescriptor
    domain_of:
    - ResourceDescriptor
    range: string
  mediaType:
    name: mediaType
    description: IANA media type of a resource's content (e.g., "application/octet-stream",
      "application/vnd.oci.image.manifest.v1+json").
    in_subset:
    - slsa_build_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: mediaType
    owner: ResourceDescriptor
    domain_of:
    - ResourceDescriptor
    range: string
  annotations:
    name: annotations
    description: Arbitrary vendor-specific key-value annotations.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_dependency_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: annotations
    owner: ResourceDescriptor
    domain_of:
    - ResourceDescriptor
    range: string
    multivalued: true