Skip to content

Class: SourceRevision

A specific, logically immutable snapshot of a source repository's tracked files. Uniquely identified by a revision identifier such as a cryptographic hash (e.g., git commit SHA) or a path-qualified sequential number (e.g., SVN).

URI: slsa:SourceRevision

 classDiagram
    class SourceRevision
    click SourceRevision href "../SourceRevision/"
      SourceRevision : author

      SourceRevision : parentRevisions

      SourceRevision : repository





        SourceRevision --> "0..1" SourceRepository : repository
        click SourceRepository href "../SourceRepository/"



      SourceRevision : reviewType





        SourceRevision --> "0..1" ReviewTypeEnum : reviewType
        click ReviewTypeEnum href "../ReviewTypeEnum/"



      SourceRevision : revisionId

      SourceRevision : timestamp

Slots

Name Cardinality and Range Description Inheritance
revisionId 1
String		 Immutable identifier for a source revision (e direct
repository 0..1
SourceRepository		 The source repository that contains this revision direct
author 0..1
String		 Identity of the person or automation that authored this revision (e direct
timestamp 0..1
String		 Timestamp (RFC 3339) of when this source revision was created direct
parentRevisions *
String		 Revision IDs of the parent revision(s), forming the directed acyclic graph of... direct
reviewType 0..1
ReviewTypeEnum		 The type of human or automated review process used to approve this source rev... direct

Usages

used by used in type used
SourceProvenanceAttestation revision range SourceRevision

In Subsets

Notes

  • if SourceRevision ever needs signingTool/sigstoreLogEntry (for Sigstore-signed git tags via Cosign, gittuf), then consider adding a SigstoreSignable mixin on both Statement and SourceRevision

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/slsa

Mappings

Mapping Type Mapped Value
self slsa:SourceRevision
native slsa:SourceRevision

LinkML Source

Direct

name: SourceRevision
description: A specific, logically immutable snapshot of a source repository's tracked
  files. Uniquely identified by a revision identifier such as a cryptographic hash
  (e.g., git commit SHA) or a path-qualified sequential number (e.g., SVN).
notes:
- if SourceRevision ever needs signingTool/sigstoreLogEntry (for  Sigstore-signed
  git tags via Cosign, gittuf), then consider adding  a SigstoreSignable mixin on
  both Statement and SourceRevision
in_subset:
- slsa_source_track
from_schema: https://w3id.org/lmodel/slsa
slots:
- revisionId
- repository
- author
- timestamp
- parentRevisions
- reviewType

Induced

name: SourceRevision
description: A specific, logically immutable snapshot of a source repository's tracked
  files. Uniquely identified by a revision identifier such as a cryptographic hash
  (e.g., git commit SHA) or a path-qualified sequential number (e.g., SVN).
notes:
- if SourceRevision ever needs signingTool/sigstoreLogEntry (for  Sigstore-signed
  git tags via Cosign, gittuf), then consider adding  a SigstoreSignable mixin on
  both Statement and SourceRevision
in_subset:
- slsa_source_track
from_schema: https://w3id.org/lmodel/slsa
attributes:
  revisionId:
    name: revisionId
    description: Immutable identifier for a source revision (e.g., git commit SHA,
      path-qualified sequential number).
    in_subset:
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: revisionId
    owner: SourceRevision
    domain_of:
    - SourceRevision
    range: string
    required: true
  repository:
    name: repository
    description: The source repository that contains this revision.
    in_subset:
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: repository
    owner: SourceRevision
    domain_of:
    - SourceRevision
    range: SourceRepository
    inlined: true
  author:
    name: author
    description: Identity of the person or automation that authored this revision
      (e.g., an email address or platform username).
    in_subset:
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: author
    owner: SourceRevision
    domain_of:
    - SourceRevision
    range: string
  timestamp:
    name: timestamp
    description: Timestamp (RFC 3339) of when this source revision was created.
    in_subset:
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: timestamp
    owner: SourceRevision
    domain_of:
    - SourceRevision
    range: string
  parentRevisions:
    name: parentRevisions
    description: Revision IDs of the parent revision(s), forming the directed acyclic
      graph of change history.
    in_subset:
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: parentRevisions
    owner: SourceRevision
    domain_of:
    - SourceRevision
    range: string
    multivalued: true
  reviewType:
    name: reviewType
    description: The type of human or automated review process used to approve this
      source revision. Captures the contested forms of two-party review — including
      pair programming and mob programming — whose security equivalence to standard
      asynchronous two-party review is an open question identified in practitioner
      community discussions (Tamanna et al., 2024, LF.2). See ReviewTypeEnum for defined
      values.
    in_subset:
    - slsa_source_track
    - slsa_adoption_study
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: reviewType
    owner: SourceRevision
    domain_of:
    - SourceRevision
    range: ReviewTypeEnum