diff --git a/descriptions/api.github.com/api.github.com.2022-11-28.json b/descriptions/api.github.com/api.github.com.2022-11-28.json index 8a691cd246..d361f6d281 100644 --- a/descriptions/api.github.com/api.github.com.2022-11-28.json +++ b/descriptions/api.github.com/api.github.com.2022-11-28.json @@ -96515,6 +96515,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -97035,6 +97040,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -103852,6 +103862,33 @@ } } }, + "repository-rule-params-required-reviewer-configuration": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use the same syntax as `.gitignore` files.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer_id": { + "type": "string", + "description": "Node ID of the team which must review changes to matching files." + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer_id" + ] + }, "repository-rule-pull-request": { "title": "pull_request", "description": "Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.", @@ -113448,6 +113485,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -113480,17 +113522,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -113505,7 +113539,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -113578,8 +113612,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -113589,7 +113648,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -265553,7 +265611,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -280178,20 +280237,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } diff --git a/descriptions/api.github.com/api.github.com.2022-11-28.yaml b/descriptions/api.github.com/api.github.com.2022-11-28.yaml index 97d624e82f..49440771b1 100644 --- a/descriptions/api.github.com/api.github.com.2022-11-28.yaml +++ b/descriptions/api.github.com/api.github.com.2022-11-28.yaml @@ -70270,6 +70270,11 @@ components: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -70654,6 +70659,11 @@ components: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -76108,6 +76118,31 @@ components: type: string enum: - required_signatures + repository-rule-params-required-reviewer-configuration: + title: RequiredReviewerConfiguration + description: A reviewing team, and file patterns describing which files they + must approve changes to. + type: object + properties: + file_patterns: + type: array + description: Array of file patterns. Pull requests which change matching + files must be approved by the specified team. File patterns use the same + syntax as `.gitignore` files. + items: + type: string + minimum_approvals: + type: integer + description: Minimum number of approvals required from the specified team. + If set to zero, the team will be added to the pull request but approval + is optional. + reviewer_id: + type: string + description: Node ID of the team which must review changes to matching files. + required: + - file_patterns + - minimum_approvals + - reviewer_id repository-rule-pull-request: title: pull_request description: Require all commits be made to a non-target branch and submitted @@ -83496,6 +83531,11 @@ components: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. For + more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -83520,15 +83560,9 @@ components: type: string example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -83541,7 +83575,7 @@ components: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -83612,14 +83646,33 @@ components: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that is the source + of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that is the target + of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -198872,6 +198925,7 @@ components: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -211432,18 +211486,36 @@ components: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository dependency-graph-create-snapshot-request: value: version: 0 diff --git a/descriptions/api.github.com/api.github.com.json b/descriptions/api.github.com/api.github.com.json index 8a691cd246..d361f6d281 100644 --- a/descriptions/api.github.com/api.github.com.json +++ b/descriptions/api.github.com/api.github.com.json @@ -96515,6 +96515,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -97035,6 +97040,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -103852,6 +103862,33 @@ } } }, + "repository-rule-params-required-reviewer-configuration": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use the same syntax as `.gitignore` files.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer_id": { + "type": "string", + "description": "Node ID of the team which must review changes to matching files." + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer_id" + ] + }, "repository-rule-pull-request": { "title": "pull_request", "description": "Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.", @@ -113448,6 +113485,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -113480,17 +113522,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -113505,7 +113539,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -113578,8 +113612,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -113589,7 +113648,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -265553,7 +265611,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -280178,20 +280237,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } diff --git a/descriptions/api.github.com/api.github.com.yaml b/descriptions/api.github.com/api.github.com.yaml index 97d624e82f..49440771b1 100644 --- a/descriptions/api.github.com/api.github.com.yaml +++ b/descriptions/api.github.com/api.github.com.yaml @@ -70270,6 +70270,11 @@ components: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -70654,6 +70659,11 @@ components: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -76108,6 +76118,31 @@ components: type: string enum: - required_signatures + repository-rule-params-required-reviewer-configuration: + title: RequiredReviewerConfiguration + description: A reviewing team, and file patterns describing which files they + must approve changes to. + type: object + properties: + file_patterns: + type: array + description: Array of file patterns. Pull requests which change matching + files must be approved by the specified team. File patterns use the same + syntax as `.gitignore` files. + items: + type: string + minimum_approvals: + type: integer + description: Minimum number of approvals required from the specified team. + If set to zero, the team will be added to the pull request but approval + is optional. + reviewer_id: + type: string + description: Node ID of the team which must review changes to matching files. + required: + - file_patterns + - minimum_approvals + - reviewer_id repository-rule-pull-request: title: pull_request description: Require all commits be made to a non-target branch and submitted @@ -83496,6 +83531,11 @@ components: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. For + more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -83520,15 +83560,9 @@ components: type: string example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -83541,7 +83575,7 @@ components: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -83612,14 +83646,33 @@ components: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that is the source + of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that is the target + of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -198872,6 +198925,7 @@ components: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -211432,18 +211486,36 @@ components: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository dependency-graph-create-snapshot-request: value: version: 0 diff --git a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json index 1748ff2127..ea7656189a 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json +++ b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.json @@ -24837,6 +24837,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -26156,6 +26161,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -26331,7 +26341,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -26647,6 +26658,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -27230,6 +27246,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -28510,6 +28531,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -28685,7 +28711,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -29743,6 +29770,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -29918,7 +29950,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -32985,6 +33018,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -33349,6 +33387,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -34959,6 +35002,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -35134,7 +35182,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -247895,6 +247944,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -247927,17 +247981,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -247952,7 +247998,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -248025,8 +248071,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -248036,7 +248107,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -248060,20 +248130,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } @@ -496931,6 +497031,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } diff --git a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml index 24952a3b25..0b5faf3985 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml +++ b/descriptions/api.github.com/dereferenced/api.github.com.2022-11-28.deref.yaml @@ -10526,6 +10526,11 @@ paths: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -11047,6 +11052,11 @@ paths: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -11086,6 +11096,7 @@ paths: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -60153,6 +60164,11 @@ paths: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. + For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -60179,16 +60195,9 @@ paths: example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document - describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -60201,7 +60210,7 @@ paths: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -60272,14 +60281,34 @@ paths: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two + SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that + is the source of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that + is the target of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -60296,18 +60325,36 @@ paths: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository headers: Link: *39 '404': *7 diff --git a/descriptions/api.github.com/dereferenced/api.github.com.deref.json b/descriptions/api.github.com/dereferenced/api.github.com.deref.json index 1748ff2127..ea7656189a 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.deref.json +++ b/descriptions/api.github.com/dereferenced/api.github.com.deref.json @@ -24837,6 +24837,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -26156,6 +26161,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -26331,7 +26341,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -26647,6 +26658,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -27230,6 +27246,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -28510,6 +28531,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -28685,7 +28711,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -29743,6 +29770,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -29918,7 +29950,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -32985,6 +33018,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -33349,6 +33387,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -34959,6 +35002,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -35134,7 +35182,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -247895,6 +247944,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -247927,17 +247981,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -247952,7 +247998,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -248025,8 +248071,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -248036,7 +248107,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -248060,20 +248130,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } @@ -496931,6 +497031,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } diff --git a/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml b/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml index 24952a3b25..0b5faf3985 100644 --- a/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml +++ b/descriptions/api.github.com/dereferenced/api.github.com.deref.yaml @@ -10526,6 +10526,11 @@ paths: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -11047,6 +11052,11 @@ paths: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -11086,6 +11096,7 @@ paths: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -60153,6 +60164,11 @@ paths: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. + For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -60179,16 +60195,9 @@ paths: example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document - describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -60201,7 +60210,7 @@ paths: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -60272,14 +60281,34 @@ paths: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two + SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that + is the source of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that + is the target of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -60296,18 +60325,36 @@ paths: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository headers: Link: *39 '404': *7 diff --git a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json index 722fad23d8..ee7ab1e624 100644 --- a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json +++ b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.json @@ -35006,6 +35006,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -36325,6 +36330,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -36500,7 +36510,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -36816,6 +36827,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -37399,6 +37415,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -38679,6 +38700,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -38854,7 +38880,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -39912,6 +39939,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -40087,7 +40119,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -43154,6 +43187,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -43518,6 +43556,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -45128,6 +45171,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -45303,7 +45351,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -264750,6 +264799,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -264782,17 +264836,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -264807,7 +264853,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -264880,8 +264926,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -264891,7 +264962,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -264915,20 +264985,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } @@ -524711,6 +524811,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } diff --git a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml index 8b5973b61a..c1f3dda570 100644 --- a/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml +++ b/descriptions/ghec/dereferenced/ghec.2022-11-28.deref.yaml @@ -14725,6 +14725,11 @@ paths: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15246,6 +15251,11 @@ paths: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15285,6 +15295,7 @@ paths: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -65299,6 +65310,11 @@ paths: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. + For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -65325,16 +65341,9 @@ paths: example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document - describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -65347,7 +65356,7 @@ paths: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -65418,14 +65427,34 @@ paths: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two + SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that + is the source of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that + is the target of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -65442,18 +65471,36 @@ paths: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository headers: Link: *39 '404': *7 diff --git a/descriptions/ghec/dereferenced/ghec.deref.json b/descriptions/ghec/dereferenced/ghec.deref.json index 722fad23d8..ee7ab1e624 100644 --- a/descriptions/ghec/dereferenced/ghec.deref.json +++ b/descriptions/ghec/dereferenced/ghec.deref.json @@ -35006,6 +35006,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -36325,6 +36330,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -36500,7 +36510,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -36816,6 +36827,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -37399,6 +37415,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -38679,6 +38700,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -38854,7 +38880,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -39912,6 +39939,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -40087,7 +40119,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -43154,6 +43187,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -43518,6 +43556,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -45128,6 +45171,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -45303,7 +45351,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -264750,6 +264799,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -264782,17 +264836,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -264807,7 +264853,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -264880,8 +264926,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -264891,7 +264962,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -264915,20 +264985,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } @@ -524711,6 +524811,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } diff --git a/descriptions/ghec/dereferenced/ghec.deref.yaml b/descriptions/ghec/dereferenced/ghec.deref.yaml index 8b5973b61a..c1f3dda570 100644 --- a/descriptions/ghec/dereferenced/ghec.deref.yaml +++ b/descriptions/ghec/dereferenced/ghec.deref.yaml @@ -14725,6 +14725,11 @@ paths: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15246,6 +15251,11 @@ paths: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15285,6 +15295,7 @@ paths: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -65299,6 +65310,11 @@ paths: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. + For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -65325,16 +65341,9 @@ paths: example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document - describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -65347,7 +65356,7 @@ paths: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -65418,14 +65427,34 @@ paths: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two + SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that + is the source of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that + is the target of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -65442,18 +65471,36 @@ paths: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository headers: Link: *39 '404': *7 diff --git a/descriptions/ghec/ghec.2022-11-28.json b/descriptions/ghec/ghec.2022-11-28.json index ed2d1bc0d7..3dd9a4c7ad 100644 --- a/descriptions/ghec/ghec.2022-11-28.json +++ b/descriptions/ghec/ghec.2022-11-28.json @@ -105918,6 +105918,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -106438,6 +106443,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -113136,6 +113146,33 @@ } } }, + "repository-rule-params-required-reviewer-configuration": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use the same syntax as `.gitignore` files.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer_id": { + "type": "string", + "description": "Node ID of the team which must review changes to matching files." + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer_id" + ] + }, "repository-rule-pull-request": { "title": "pull_request", "description": "Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.", @@ -122660,6 +122697,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -122692,17 +122734,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -122717,7 +122751,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -122790,8 +122824,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -122801,7 +122860,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -277012,7 +277070,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -291359,20 +291418,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } diff --git a/descriptions/ghec/ghec.2022-11-28.yaml b/descriptions/ghec/ghec.2022-11-28.yaml index 1dd5a4370e..7d92f303fd 100644 --- a/descriptions/ghec/ghec.2022-11-28.yaml +++ b/descriptions/ghec/ghec.2022-11-28.yaml @@ -77232,6 +77232,11 @@ components: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -77616,6 +77621,11 @@ components: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -82978,6 +82988,31 @@ components: type: string enum: - required_signatures + repository-rule-params-required-reviewer-configuration: + title: RequiredReviewerConfiguration + description: A reviewing team, and file patterns describing which files they + must approve changes to. + type: object + properties: + file_patterns: + type: array + description: Array of file patterns. Pull requests which change matching + files must be approved by the specified team. File patterns use the same + syntax as `.gitignore` files. + items: + type: string + minimum_approvals: + type: integer + description: Minimum number of approvals required from the specified team. + If set to zero, the team will be added to the pull request but approval + is optional. + reviewer_id: + type: string + description: Node ID of the team which must review changes to matching files. + required: + - file_patterns + - minimum_approvals + - reviewer_id repository-rule-pull-request: title: pull_request description: Require all commits be made to a non-target branch and submitted @@ -90313,6 +90348,11 @@ components: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. For + more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -90337,15 +90377,9 @@ components: type: string example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -90358,7 +90392,7 @@ components: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -90429,14 +90463,33 @@ components: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that is the source + of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that is the target + of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -207341,6 +207394,7 @@ components: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -219674,18 +219728,36 @@ components: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository dependency-graph-create-snapshot-request: value: version: 0 diff --git a/descriptions/ghec/ghec.json b/descriptions/ghec/ghec.json index ed2d1bc0d7..3dd9a4c7ad 100644 --- a/descriptions/ghec/ghec.json +++ b/descriptions/ghec/ghec.json @@ -105918,6 +105918,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -106438,6 +106443,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -113136,6 +113146,33 @@ } } }, + "repository-rule-params-required-reviewer-configuration": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use the same syntax as `.gitignore` files.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer_id": { + "type": "string", + "description": "Node ID of the team which must review changes to matching files." + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer_id" + ] + }, "repository-rule-pull-request": { "title": "pull_request", "description": "Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.", @@ -122660,6 +122697,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -122692,17 +122734,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -122717,7 +122751,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -122790,8 +122824,33 @@ "name", "versionInfo", "downloadLocation", - "filesAnalyzed", - "supplier" + "filesAnalyzed" + ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" ] } }, @@ -122801,7 +122860,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -277012,7 +277070,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -291359,20 +291418,50 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { + "name": "rails", "SPDXID": "SPDXRef-Package", - "name": "rubygems:rails", "versionInfo": "1.0.0", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "MIT", "licenseDeclared": "MIT", - "copyrightText": "Copyright (c) 1985 GitHub.com" + "copyrightText": "Copyright (c) 1985 GitHub.com", + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:gem/rails@1.0.0" + } + ] + }, + { + "name": "github/example", + "SPDXID": "SPDXRef-Repository", + "versionInfo": "main", + "downloadLocation": "NOASSERTION", + "filesAnalyzed": false, + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:github/example@main" + } + ] + } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" } ] } diff --git a/descriptions/ghec/ghec.yaml b/descriptions/ghec/ghec.yaml index 1dd5a4370e..7d92f303fd 100644 --- a/descriptions/ghec/ghec.yaml +++ b/descriptions/ghec/ghec.yaml @@ -77232,6 +77232,11 @@ components: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -77616,6 +77621,11 @@ components: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -82978,6 +82988,31 @@ components: type: string enum: - required_signatures + repository-rule-params-required-reviewer-configuration: + title: RequiredReviewerConfiguration + description: A reviewing team, and file patterns describing which files they + must approve changes to. + type: object + properties: + file_patterns: + type: array + description: Array of file patterns. Pull requests which change matching + files must be approved by the specified team. File patterns use the same + syntax as `.gitignore` files. + items: + type: string + minimum_approvals: + type: integer + description: Minimum number of approvals required from the specified team. + If set to zero, the team will be added to the pull request but approval + is optional. + reviewer_id: + type: string + description: Node ID of the team which must review changes to matching files. + required: + - file_patterns + - minimum_approvals + - reviewer_id repository-rule-pull-request: title: pull_request description: Require all commits be made to a non-target branch and submitted @@ -90313,6 +90348,11 @@ components: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. For + more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -90337,15 +90377,9 @@ components: type: string example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -90358,7 +90392,7 @@ components: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -90429,14 +90463,33 @@ components: - versionInfo - downloadLocation - filesAnalyzed - - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that is the source + of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that is the target + of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -207341,6 +207394,7 @@ components: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -219674,18 +219728,36 @@ components: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - - SPDXID: SPDXRef-Package - name: rubygems:rails + - name: rails + SPDXID: SPDXRef-Package versionInfo: 1.0.0 downloadLocation: NOASSERTION filesAnalyzed: false licenseConcluded: MIT licenseDeclared: MIT copyrightText: Copyright (c) 1985 GitHub.com + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:gem/rails@1.0.0 + - name: github/example + SPDXID: SPDXRef-Repository + versionInfo: main + downloadLocation: NOASSERTION + filesAnalyzed: false + externalRefs: + - referenceCategory: PACKAGE-MANAGER + referenceType: purl + referenceLocator: pkg:github/example@main + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository dependency-graph-create-snapshot-request: value: version: 0 diff --git a/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.json b/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.json index 56e05b84bd..061dd57577 100644 --- a/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.json +++ b/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.json @@ -42648,6 +42648,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -43967,6 +43972,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -44142,7 +44152,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -44458,6 +44469,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -45041,6 +45057,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -46321,6 +46342,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -46496,7 +46522,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -47554,6 +47581,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -47729,7 +47761,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -50796,6 +50829,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -51160,6 +51198,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -52770,6 +52813,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -52945,7 +52993,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -218529,6 +218578,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -218561,17 +218615,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -218586,7 +218632,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -218664,6 +218710,32 @@ "licenseDeclared", "supplier" ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" + ] } }, "required": [ @@ -218672,7 +218744,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -218696,10 +218767,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -218710,6 +218778,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } } @@ -421546,6 +421626,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } diff --git a/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.yaml b/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.yaml index e20a31220f..6bcacb148c 100644 --- a/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.yaml +++ b/descriptions/ghes-3.10/dereferenced/ghes-3.10.2022-11-28.deref.yaml @@ -14545,6 +14545,11 @@ paths: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15066,6 +15071,11 @@ paths: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15105,6 +15115,7 @@ paths: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -52869,6 +52880,11 @@ paths: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. + For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -52895,16 +52911,9 @@ paths: example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document - describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -52917,7 +52926,7 @@ paths: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -52991,13 +53000,34 @@ paths: - licenseConcluded - licenseDeclared - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two + SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that + is the source of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that + is the target of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -53014,9 +53044,7 @@ paths: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - SPDXID: SPDXRef-Package name: rubygems:rails @@ -53025,6 +53053,13 @@ paths: filesAnalyzed: false licenseConcluded: NOASSERTION licenseDeclared: NOASSERTION + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository headers: Link: *6 '404': *36 diff --git a/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.json b/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.json index 56e05b84bd..061dd57577 100644 --- a/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.json +++ b/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.json @@ -42648,6 +42648,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -43967,6 +43972,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -44142,7 +44152,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -44458,6 +44469,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -45041,6 +45057,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -46321,6 +46342,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -46496,7 +46522,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -47554,6 +47581,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -47729,7 +47761,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -50796,6 +50829,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -51160,6 +51198,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -52770,6 +52813,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -52945,7 +52993,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -218529,6 +218578,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -218561,17 +218615,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -218586,7 +218632,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -218664,6 +218710,32 @@ "licenseDeclared", "supplier" ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" + ] } }, "required": [ @@ -218672,7 +218744,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -218696,10 +218767,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -218710,6 +218778,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } } @@ -421546,6 +421626,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } diff --git a/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.yaml b/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.yaml index e20a31220f..6bcacb148c 100644 --- a/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.yaml +++ b/descriptions/ghes-3.10/dereferenced/ghes-3.10.deref.yaml @@ -14545,6 +14545,11 @@ paths: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15066,6 +15071,11 @@ paths: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, + `"utf-8"` and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -15105,6 +15115,7 @@ paths: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -52869,6 +52880,11 @@ paths: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. + For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -52895,16 +52911,9 @@ paths: example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document - describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -52917,7 +52926,7 @@ paths: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -52991,13 +53000,34 @@ paths: - licenseConcluded - licenseDeclared - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two + SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that + is the source of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that + is the target of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -53014,9 +53044,7 @@ paths: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - SPDXID: SPDXRef-Package name: rubygems:rails @@ -53025,6 +53053,13 @@ paths: filesAnalyzed: false licenseConcluded: NOASSERTION licenseDeclared: NOASSERTION + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository headers: Link: *6 '404': *36 diff --git a/descriptions/ghes-3.10/ghes-3.10.2022-11-28.json b/descriptions/ghes-3.10/ghes-3.10.2022-11-28.json index 510c6bcfb2..e77a18c4d2 100644 --- a/descriptions/ghes-3.10/ghes-3.10.2022-11-28.json +++ b/descriptions/ghes-3.10/ghes-3.10.2022-11-28.json @@ -92579,6 +92579,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -93099,6 +93104,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -105139,6 +105149,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -105171,17 +105186,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -105196,7 +105203,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -105274,6 +105281,32 @@ "licenseDeclared", "supplier" ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" + ] } }, "required": [ @@ -105282,7 +105315,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -249300,7 +249332,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -260416,10 +260449,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -260430,6 +260460,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } } diff --git a/descriptions/ghes-3.10/ghes-3.10.2022-11-28.yaml b/descriptions/ghes-3.10/ghes-3.10.2022-11-28.yaml index 349a315ac5..e9ad556e8b 100644 --- a/descriptions/ghes-3.10/ghes-3.10.2022-11-28.yaml +++ b/descriptions/ghes-3.10/ghes-3.10.2022-11-28.yaml @@ -66804,6 +66804,11 @@ components: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -67188,6 +67193,11 @@ components: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -76605,6 +76615,11 @@ components: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. For + more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -76629,15 +76644,9 @@ components: type: string example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -76650,7 +76659,7 @@ components: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -76724,13 +76733,33 @@ components: - licenseConcluded - licenseDeclared - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that is the source + of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that is the target + of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -186040,6 +186069,7 @@ components: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -195653,9 +195683,7 @@ components: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - SPDXID: SPDXRef-Package name: rubygems:rails @@ -195664,6 +195692,13 @@ components: filesAnalyzed: false licenseConcluded: NOASSERTION licenseDeclared: NOASSERTION + relationships: + - relationshipType: DEPENDS_ON + spdxElementId: SPDXRef-Repository + relatedSpdxElement: SPDXRef-Package + - relationshipType: DESCRIBES + spdxElementId: SPDXRef-DOCUMENT + relatedSpdxElement: SPDXRef-Repository dependency-graph-create-snapshot-request: value: version: 0 diff --git a/descriptions/ghes-3.10/ghes-3.10.json b/descriptions/ghes-3.10/ghes-3.10.json index 510c6bcfb2..e77a18c4d2 100644 --- a/descriptions/ghes-3.10/ghes-3.10.json +++ b/descriptions/ghes-3.10/ghes-3.10.json @@ -92579,6 +92579,11 @@ }, "size": { "type": "integer" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -93099,6 +93104,11 @@ }, "content": { "type": "string" + }, + "encoding": { + "type": "string", + "description": "The encoding used for `content`. Currently, `\"utf-8\"` and `\"base64\"` are supported.", + "default": "utf-8" } } } @@ -105139,6 +105149,11 @@ "example": "SPDX-2.3", "description": "The version of the SPDX specification that this document conforms to." }, + "comment": { + "type": "string", + "example": "Exact versions could not be resolved for some packages. For more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/", + "description": "An optional comment about the SPDX document." + }, "creationInfo": { "type": "object", "properties": { @@ -105171,17 +105186,9 @@ "example": "CC0-1.0", "description": "The license under which the SPDX document is licensed." }, - "documentDescribes": { - "type": "array", - "items": { - "type": "string", - "example": "github/github" - }, - "description": "The name of the repository that the SPDX document describes." - }, "documentNamespace": { "type": "string", - "example": "https://github.com/example/dependency_graph/sbom-123", + "example": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "description": "The namespace for the SPDX document." }, "packages": { @@ -105196,7 +105203,7 @@ }, "name": { "type": "string", - "example": "rubygems:github/github", + "example": "github/github", "description": "The name of the package." }, "versionInfo": { @@ -105274,6 +105281,32 @@ "licenseDeclared", "supplier" ] + }, + "relationships": { + "type": "array", + "items": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "example": "DEPENDS_ON", + "description": "The type of relationship between the two SPDX elements." + }, + "spdxElementId": { + "type": "string", + "description": "The SPDX identifier of the package that is the source of the relationship." + }, + "relatedSpdxElement": { + "type": "string", + "description": "The SPDX identifier of the package that is the target of the relationship." + } + } + }, + "required": [ + "relationshipType", + "spdxElementId", + "relatedSpdxElement" + ] } }, "required": [ @@ -105282,7 +105315,6 @@ "creationInfo", "name", "dataLicense", - "documentDescribes", "documentNamespace", "packages" ] @@ -249300,7 +249332,8 @@ "raw_url": "https://gist.githubusercontent.com/monalisa/2decf6c462d9b4418f2/raw/ac3e6daf176fafe73609fd000cd188e4472010fb/README.md", "size": 23, "truncated": false, - "content": "Hello world from GitHub" + "content": "Hello world from GitHub", + "encoding": "utf-8" } }, "public": true, @@ -260416,10 +260449,7 @@ }, "name": "github/example", "dataLicense": "CC0-1.0", - "documentDescribes": [ - "github/example" - ], - "documentNamespace": "https://github.com/github/example/dependency_graph/sbom-abcdef123456", + "documentNamespace": "https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57", "packages": [ { "SPDXID": "SPDXRef-Package", @@ -260430,6 +260460,18 @@ "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION" } + ], + "relationships": [ + { + "relationshipType": "DEPENDS_ON", + "spdxElementId": "SPDXRef-Repository", + "relatedSpdxElement": "SPDXRef-Package" + }, + { + "relationshipType": "DESCRIBES", + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-Repository" + } ] } } diff --git a/descriptions/ghes-3.10/ghes-3.10.yaml b/descriptions/ghes-3.10/ghes-3.10.yaml index 349a315ac5..e9ad556e8b 100644 --- a/descriptions/ghes-3.10/ghes-3.10.yaml +++ b/descriptions/ghes-3.10/ghes-3.10.yaml @@ -66804,6 +66804,11 @@ components: type: string size: type: integer + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -67188,6 +67193,11 @@ components: type: boolean content: type: string + encoding: + type: string + description: The encoding used for `content`. Currently, `"utf-8"` + and `"base64"` are supported. + default: utf-8 public: type: boolean created_at: @@ -76605,6 +76615,11 @@ components: example: SPDX-2.3 description: The version of the SPDX specification that this document conforms to. + comment: + type: string + example: 'Exact versions could not be resolved for some packages. For + more information: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/' + description: An optional comment about the SPDX document. creationInfo: type: object properties: @@ -76629,15 +76644,9 @@ components: type: string example: CC0-1.0 description: The license under which the SPDX document is licensed. - documentDescribes: - type: array - items: - type: string - example: github/github - description: The name of the repository that the SPDX document describes. documentNamespace: type: string - example: https://github.com/example/dependency_graph/sbom-123 + example: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 description: The namespace for the SPDX document. packages: type: array @@ -76650,7 +76659,7 @@ components: description: A unique SPDX identifier for the package. name: type: string - example: rubygems:github/github + example: github/github description: The name of the package. versionInfo: type: string @@ -76724,13 +76733,33 @@ components: - licenseConcluded - licenseDeclared - supplier + relationships: + type: array + items: + type: object + properties: + relationshipType: + type: string + example: DEPENDS_ON + description: The type of relationship between the two SPDX elements. + spdxElementId: + type: string + description: The SPDX identifier of the package that is the source + of the relationship. + relatedSpdxElement: + type: string + description: The SPDX identifier of the package that is the target + of the relationship. + required: + - relationshipType + - spdxElementId + - relatedSpdxElement required: - SPDXID - spdxVersion - creationInfo - name - dataLicense - - documentDescribes - documentNamespace - packages required: @@ -186040,6 +186069,7 @@ components: size: 23 truncated: false content: Hello world from GitHub + encoding: utf-8 public: true created_at: '2022-09-20T12:11:58Z' updated_at: '2022-09-21T10:28:06Z' @@ -195653,9 +195683,7 @@ components: - 'Tool: GitHub.com-Dependency-Graph' name: github/example dataLicense: CC0-1.0 - documentDescribes: - - github/example - documentNamespace: https://github.com/github/example/dependency_graph/sbom-abcdef123456 + documentNamespace: https://spdx.org/spdxdocs/protobom/15e41dd2-f961-4f4d-b8dc-f8f57ad70d57 packages: - SPDXID: SPDXRef-Package name: rubygems:rails @@ -195664,6 +195692,13 @@ components: filesAnalyzed: false licenseConcluded: NOASSERTION licenseDeclared: NOASSERTION + relationships: + - relationshipType: DEPENDS_ON +{"code":"internal","msg":"git-diff-tree: context deadline exceeded","meta":{"cause":"*fmt.wrapError"}}