CASTResearchLabs
CASTResearchLabs
the tool has been posted in GitHub https://github.com/cdfoundation/sig-security-sbom/blob/master/modeling/buildDocxAndXmi.R
in the current proposition, the creation information is handled by the author, created, populationMethod and specVersion attributes of the Document. in case of multiple creations, isn't it a new document...
this was only an attempt to have a lean model instead of a fat class with X fields
in the current proposition, the "artifacts" were the pieces of software the "Document" is providing visibility about, even if limited (e.g., limited to the fields from the "Artifact" class alone)...
to handle the checksum of an element which contains a checksum value field, a usual approach is to compute the checksum with the checksum value field blank then fill the...
it came from the SPDX 3.0 draft I received no specific advice against changing this part
Following the call on January 13, 2020, 1. here is the rationale behind the proposed modeling with the "referenceDocument" association from "ReferencedArtifact" class: this was following a graph-aware approach were...
as an illustration of how to contribute to the model, to perform the requested change, here is what I did: 1. update classes.json model JSON file to add the AbstractDocument...
https://github.com/cdfoundation/sig-security-sbom/pull/20 for the two model JSON files