diff --git a/docs/taxonomy.md b/docs/taxonomy.md new file mode 100644 index 0000000..070a550 --- /dev/null +++ b/docs/taxonomy.md @@ -0,0 +1,49 @@ +# Red Hat CycloneDX Property Taxonomy + +_Version: v1.0.0_ + +This is the official Red Hat property taxonomy for CycloneDX. For more information about CycloneDX property taxonomies, +refer to the [official documentation](https://github.com/CycloneDX/cyclonedx-property-taxonomy). + +| Property | Description | Scope | +|--------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|----------------------| +| `redhat:advisory_id` | The [Red Hat Errata](https://access.redhat.com/articles/explaining_redhat_errata) numeric identifier for which the SBOM was generated. | `metadata` | +| `redhat:deliverable-url` | If an SBOM was generated from a ZIP file, it indicates the URL location of the file. | `metadata/component` | +| `redhat:deliverable-checksum` | If an SBOM was generated from a ZIP file, it indicates the checksum (sha256) of the file. | `metadata/component` | +| `redhat:sbomer:image:labels:architecture` | Specifies the CPU architecture for which a container image is built, such as `amd64`, `arm64`, etc. | `components[]` | +| `redhat:sbomer:image:labels:build-date` | Indicates the date and time when a container image was built. | `components[]` | +| `redhat:sbomer:image:labels:com.redhat.component` | Specifies the Red Hat component name associated with a container image. | `components[]` | +| `redhat:sbomer:image:labels:com.redhat.delivery.backport` | A flag indicating whether a container image includes backported features or fixes (`true`) or not (`false`). | `components[]` | +| `redhat:sbomer:image:labels:com.redhat.delivery.operator.bundle` | A flag indicating whether a container image is an Operator bundle for Red Hat OpenShift (`true`) or not (`false`). | `components[]` | +| `redhat:sbomer:image:labels:com.redhat.license_terms` | Provides a URL to the license terms applicable to a container image. | `components[]` | +| `redhat:sbomer:image:labels:com.redhat.openshift.versions` | Specifies the compatible OpenShift versions for a container image. | `components[]` | +| `redhat:sbomer:image:labels:description` | Provides a brief description of container image's purpose or contents. | `components[]` | +| `redhat:sbomer:image:labels:distribution-scope` | Defines the scope of distribution, such as `public` or `private`. | `components[]` | +| `redhat:sbomer:image:labels:io.buildah.version` | Specifies the version of Buildah used to build a container image. | `components[]` | +| `redhat:sbomer:image:labels:io.k8s.description` | Provides a description of container image for Kubernetes environments. | `components[]` | +| `redhat:sbomer:image:labels:io.k8s.display-name` | Specifies a human-readable name for a container image in Kubernetes contexts. | `components[]` | +| `redhat:sbomer:image:labels:io.openshift.tags` | Lists tags associated with container image for OpenShift categorization. | `components[]` | +| `redhat:sbomer:image:labels:lvms.tags` | Specifies tags related to Logical Volume Management (LVM) systems. | `components[]` | +| `redhat:sbomer:image:labels:maintainer` | Provides contact information for a container image's maintainer. | `components[]` | +| `redhat:sbomer:image:labels:name` | Specifies the name of a container image. | `components[]` | +| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.channels.v1` | Lists the channels for the Operator bundle, such as `stable` or `beta`. | `components[]` | +| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.manifests.v1` | Indicates the location of the Operator bundle manifests. | `components[]` | +| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.mediatype.v1` | Specifies the media type or format of the operator bundle, such as Helm charts or plain Kubernetes manifests. | `components[]` | +| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.metadata.v1` | Indicates the path within the image to the directory containing metadata files about the bundle. | `components[]` | +| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.package.v1` | Denotes the package name of the operator bundle. | `components[]` | +| `redhat:sbomer:image:labels:release` | Specifies the release version of a container image or software contained within. | `components[]` | +| `redhat:sbomer:image:labels:summary` | Provides a brief summary of a container image's purpose or contents. | `components[]` | +| `redhat:sbomer:image:labels:url` | Offers a URL to more information about a container image or the project it represents. | `components[]` | +| `redhat:sbomer:image:labels:vcs-ref` | Indicates the specific commit reference from the version control system used to build a container image. | `components[]` | +| `redhat:sbomer:image:labels:vcs-type` | Specifies the type of version control system used, such as Git or SVN. | `components[]` | +| `redhat:sbomer:image:labels:vendor` | Identifies the organization or individual responsible for a container image. | `components[]` | +| `redhat:sbomer:image:labels:version` | Denotes the version of the application or component contained within a container image. | `components[]` | +| `redhat:sbomer:location:0:path` | Indicates the file system path where the package or artifact was found. | `components[]` | +| `redhat:sbomer:metadata:virtualPath` | Represents a virtual file path that points to a package inside an archive or layered file system. | `components[]` | +| `redhat:sbomer:package:language` | Specifies the programming language of the detected package. | `components[]` | +| `redhat:sbomer:package:type` | Defines the type of package, indicating how it was installed or distributed. | `components[]` | + + +The `Scope` column describes which `properties` section is the intended location for the property. For example, +a scope of `metadata` means that the property is intended for use in `metadata/properties`. This is meant as a +recommendation only. diff --git a/mkdocs.yml b/mkdocs.yml index 19c8507..c45ed82 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -8,6 +8,7 @@ theme: features: - navigation.tabs - navigation.sections + - navigation.expand - toc.integrate - navigation.top - search.suggest @@ -36,7 +37,9 @@ theme: nav: - Home: "index.md" - - SBOM: "sbom.md" + - SBOM: + - Building SBOMs: "sbom.md" + - Property Taxonomy: "taxonomy.md" - purl: "purl.md" - CSAF/VEX: "csaf-vex.md"