ilans

I wasn't aware of this open issue. Thanks @bact ! I actually wrote some notes for myself to inquire about. Here they are: From [Build Profile](https://spdx.github.io/spdx-spec/v3.0.1/model/Build/Build/): "All relationships in the...

Of course an SBOM shouldn't claim to conform to multiple profiles with conflicting requirements. But this topic requires a broader discussion which is beyond the scope of this issue (I...

I made up those namespaces just to make the issues easier to follow. I didn't intend to use them in the final SHACL code. But it's not a bad idea......

The vectorString patterns where copied from the official CVSS json schema: https://www.first.org/cvss/cvss-v2.0.json https://www.first.org/cvss/cvss-v3.0.json https://www.first.org/cvss/cvss-v3.1.json https://www.first.org/cvss/cvss-v4.0.json

For conformance, I suggest to require the hex string to be lower case. This is a common requirement.

Pattern sources: - cpe22 and cpe23 (copied): https://github.com/CVEProject/cve-schema/blob/main/schema/CVE_Record_Format.json - cve (copied): https://github.com/CVEProject/cve-schema/blob/main/schema/CVE_Record_Format.json - gitoid (based on): https://www.iana.org/assignments/uri-schemes/prov/gitoid - swhid (based on): https://www.swhid.org/specification/v1.1/4.Syntax/ - email: Constructed based on [RFC 3696](https://datatracker.ietf.org/doc/rfc3696/). The...

Why aren't CVSS identifiers includes?

In such a case, doesn't the rootElement need to be one of the already linked elements? I understand that this was the original intention, but it's not stated anywhere. If...

Reviving this issue, as I'm actively implementing the SHACL shapes. To clarity, requirement in RelationshipType that hasHost should link from Build to its Host machine makes sense and preserves important...