spdx-spec
spdx-spec copied to clipboard
Published
20 hours ago •
spdx
spdx
An example of using relationshipType_dependencyOf in RDF format
Hello team, could please provide me with an example of using relationshipType_dependencyOf to describe SPDXRef-A is dependency of SPDXRef-B.
here the example of how I understood the documentation, could please check if that example is correct one or no?
<spdx:relationship>
<spdx:Relationship>
<spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes"/>
<spdx:relatedSpdxElement>
<spdx:Package rdf:about="http://somescan#SPDXRef-Package1">
<spdx:name>contact-form-7</spdx:name>
<spdx:versionInfo>5.6.2</spdx:versionInfo>
<spdx:supplier>NOASSERTION</spdx:supplier>
<spdx:downloadLocation>NOASSERTION</spdx:downloadLocation>
<spdx:packageVerificationCode>
<spdx:PackageVerificationCode>
<spdx:packageVerificationCodeValue>c5d9ce7d745688ce4aff4bef0b94ede434072bef</spdx:packageVerificationCodeValue>
</spdx:PackageVerificationCode>
</spdx:packageVerificationCode>
<spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
<spdx:licenseConcluded>
<spdx:ListedLicense rdf:about="http://spdx.org/licenses/GPL-2.0-or-later">
<spdx:name>GNU General Public License v2.0 or later</spdx:name>
<spdx:licenseId>GPL-2.0-or-later</spdx:licenseId>
<spdx:licenseText>License Text:</spdx:licenseText>
</spdx:ListedLicense>
</spdx:licenseConcluded>
<spdx:licenseInfoFromFiles rdf:resource="http://spdx.org/licenses/GPL-2.0-or-later"/>
<spdx:licenseDeclared rdf:resource="http://spdx.org/licenses/GPL-2.0-or-later"/>
<spdx:hasFile>
<spdx:File rdf:about="http://somescan#SPDXRef-file1fc907680905fe58f1e2abb0a252e3ce5">
<spdx:fileName>contact-form-7-master/CONTRIBUTING.md</spdx:fileName>
<rdfs:comment/>
<spdx:checksum>
<spdx:Checksum>
<spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha256"/>
<spdx:checksumValue>ac967633c6d653e53ddc41a1f919dd645c9688427f1320185e9095628311d519</spdx:checksumValue>
</spdx:Checksum>
</spdx:checksum>
<spdx:checksum>
<spdx:Checksum>
<spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1"/>
<spdx:checksumValue>bf9a13dbf67b98e752171a182ea3881e17674e8e</spdx:checksumValue>
</spdx:Checksum>
</spdx:checksum>
<spdx:checksum>
<spdx:Checksum>
<spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_md5"/>
<spdx:checksumValue>1fc907680905fe58f1e2abb0a252e3ce</spdx:checksumValue>
</spdx:Checksum>
</spdx:checksum>
<spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
<spdx:licenseConcluded rdf:resource="http://somescan#LicenseRef-GPL"/>
<spdx:licenseInfoFromFiles rdf:resource="http://somescan#LicenseRef-GPL"/>
</spdx:File>
</spdx:hasFile>
</spdx:Package>
</spdx:relatedSpdxElement>
</spdx:Relationship>
</spdx:relationship>
<spdx:relationship>
<spdx:Relationship>
<spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes"/>
<spdx:relatedSpdxElement>
<spdx:Package rdf:about="http://somescan#SPDXRef-PackageDependency-1">
<spdx:name>contact-form-7</spdx:name>
<spdx:versionInfo>5.6.2</spdx:versionInfo>
<spdx:downloadLocation>https://github.com/takayukister/contact-form-7/archive/v5.6.2.tar.gz</spdx:downloadLocation>
<spdx:filesAnalyzed>false</spdx:filesAnalyzed>
<spdx:licenseConcluded rdf:resource="http://spdx.org/licenses/GPL-2.0-or-later"/>
<spdx:licenseInfoFromFiles rdf:resource="http://spdx.org/licenses/GPL-2.0-or-later"/>
<spdx:licenseDeclared rdf:resource="http://spdx.org/licenses/GPL-2.0-or-later"/>
<spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
<spdx:relationship>
<spdx:Relationship>
<spdx:relatedSpdxElement rdf:resource="http://somescan#SPDXRef-Package1"/>
<spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_dependencyOf"/>
</spdx:Relationship>
</spdx:relationship>
</spdx:Package>
</spdx:relatedSpdxElement>
</spdx:Relationship>
</spdx:relationship>
thanks in advance
Best regards,
Alina Valovenko
