Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Red Hat taxonomy #53

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add Red Hat taxonomy #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
54a16fe
chore: add Red Hat SBOM property taxonomy
vibe13 Mar 6, 2025
cfdc211
Merge branch 'main' into add_redhat_taxonomy
mprpic Mar 7, 2025
e2a7cb1
Reformat table to markdown; nest under SBOM nav
mprpic Mar 7, 2025
ac101e9
chore: prefix all sbomer:image:labels properties with redhat namespace
vibe13 Mar 11, 2025
f7eb33e
chore: add more properties related to type, language and locations of…
vibe13 Mar 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions docs/taxonomy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Red Hat CycloneDX Property Taxonomy

_Version: v1.0.0_

This is the official Red Hat property taxonomy for CycloneDX. For more information about CycloneDX property taxonomies,
refer to the [official documentation](https://github.com/CycloneDX/cyclonedx-property-taxonomy).

| Property | Description | Scope |
|--------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|----------------------|
| `redhat:advisory_id` | The [Red Hat Errata](https://access.redhat.com/articles/explaining_redhat_errata) numeric identifier for which the SBOM was generated. | `metadata` |
| `redhat:deliverable-url` | If an SBOM was generated from a ZIP file, it indicates the URL location of the file. | `metadata/component` |
| `redhat:deliverable-checksum` | If an SBOM was generated from a ZIP file, it indicates the checksum (sha256) of the file. | `metadata/component` |
| `redhat:sbomer:image:labels:architecture` | Specifies the CPU architecture for which a container image is built, such as `amd64`, `arm64`, etc. | `components[]` |
| `redhat:sbomer:image:labels:build-date` | Indicates the date and time when a container image was built. | `components[]` |
| `redhat:sbomer:image:labels:com.redhat.component` | Specifies the Red Hat component name associated with a container image. | `components[]` |
| `redhat:sbomer:image:labels:com.redhat.delivery.backport` | A flag indicating whether a container image includes backported features or fixes (`true`) or not (`false`). | `components[]` |
| `redhat:sbomer:image:labels:com.redhat.delivery.operator.bundle` | A flag indicating whether a container image is an Operator bundle for Red Hat OpenShift (`true`) or not (`false`). | `components[]` |
| `redhat:sbomer:image:labels:com.redhat.license_terms` | Provides a URL to the license terms applicable to a container image. | `components[]` |
| `redhat:sbomer:image:labels:com.redhat.openshift.versions` | Specifies the compatible OpenShift versions for a container image. | `components[]` |
| `redhat:sbomer:image:labels:description` | Provides a brief description of container image's purpose or contents. | `components[]` |
| `redhat:sbomer:image:labels:distribution-scope` | Defines the scope of distribution, such as `public` or `private`. | `components[]` |
| `redhat:sbomer:image:labels:io.buildah.version` | Specifies the version of Buildah used to build a container image. | `components[]` |
| `redhat:sbomer:image:labels:io.k8s.description` | Provides a description of container image for Kubernetes environments. | `components[]` |
| `redhat:sbomer:image:labels:io.k8s.display-name` | Specifies a human-readable name for a container image in Kubernetes contexts. | `components[]` |
| `redhat:sbomer:image:labels:io.openshift.tags` | Lists tags associated with container image for OpenShift categorization. | `components[]` |
| `redhat:sbomer:image:labels:lvms.tags` | Specifies tags related to Logical Volume Management (LVM) systems. | `components[]` |
| `redhat:sbomer:image:labels:maintainer` | Provides contact information for a container image's maintainer. | `components[]` |
| `redhat:sbomer:image:labels:name` | Specifies the name of a container image. | `components[]` |
| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.channels.v1` | Lists the channels for the Operator bundle, such as `stable` or `beta`. | `components[]` |
| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.manifests.v1` | Indicates the location of the Operator bundle manifests. | `components[]` |
| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.mediatype.v1` | Specifies the media type or format of the operator bundle, such as Helm charts or plain Kubernetes manifests. | `components[]` |
| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.metadata.v1` | Indicates the path within the image to the directory containing metadata files about the bundle. | `components[]` |
| `redhat:sbomer:image:labels:operators.operatorframework.io.bundle.package.v1` | Denotes the package name of the operator bundle. | `components[]` |
| `redhat:sbomer:image:labels:release` | Specifies the release version of a container image or software contained within. | `components[]` |
| `redhat:sbomer:image:labels:summary` | Provides a brief summary of a container image's purpose or contents. | `components[]` |
| `redhat:sbomer:image:labels:url` | Offers a URL to more information about a container image or the project it represents. | `components[]` |
| `redhat:sbomer:image:labels:vcs-ref` | Indicates the specific commit reference from the version control system used to build a container image. | `components[]` |
| `redhat:sbomer:image:labels:vcs-type` | Specifies the type of version control system used, such as Git or SVN. | `components[]` |
| `redhat:sbomer:image:labels:vendor` | Identifies the organization or individual responsible for a container image. | `components[]` |
| `redhat:sbomer:image:labels:version` | Denotes the version of the application or component contained within a container image. | `components[]` |
| `redhat:sbomer:location:0:path` | Indicates the file system path where the package or artifact was found. | `components[]` |
| `redhat:sbomer:metadata:virtualPath` | Represents a virtual file path that points to a package inside an archive or layered file system. | `components[]` |
| `redhat:sbomer:package:language` | Specifies the programming language of the detected package. | `components[]` |
| `redhat:sbomer:package:type` | Defines the type of package, indicating how it was installed or distributed. | `components[]` |


The `Scope` column describes which `properties` section is the intended location for the property. For example,
a scope of `metadata` means that the property is intended for use in `metadata/properties`. This is meant as a
recommendation only.
5 changes: 4 additions & 1 deletion mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ theme:
features:
- navigation.tabs
- navigation.sections
- navigation.expand
- toc.integrate
- navigation.top
- search.suggest
Expand Down Expand Up @@ -36,7 +37,9 @@ theme:

nav:
- Home: "index.md"
- SBOM: "sbom.md"
- SBOM:
- Building SBOMs: "sbom.md"
- Property Taxonomy: "taxonomy.md"
- purl: "purl.md"
- CSAF/VEX: "csaf-vex.md"

Expand Down