GitLab CycloneDX property taxonomy
This document defines the namespaces and properties used by the gitlab namespace
in the CycloneDX Property Taxonomy.
Where properties should be located
The Property of column describes what object a property may be attached to.
- Properties attached to the
metadata apply to all objects in the document. - Properties attached to an individual object apply to that object and any others nested underneath it.
- Objects which may nest themselves (such as
components) may only have properties applied to the top-level object.
gitlab namespace taxonomy
| Namespace | Description |
meta | Namespace for data about the property schema. |
dependency_scanning | Namespace for data related to dependency scanning. |
container_scanning | Namespace for data related to container scanning. |
| Property | Description | Property of |
gitlab:meta:schema_version | Used by GitLab to determine how to parse the properties in a report. Must be 1. | metadata |
gitlab:dependency_scanning namespace taxonomy
Properties
| Property | Description | Example values | Property of |
gitlab:dependency_scanning:category | The name of the category or dependency group that the dependency belongs to. If no category is specified, production is used by default. |
production, development, test
| components |
Namespaces
| Namespace | Description |
gitlab:dependency_scanning:input_file | Namespace for information about the input file analyzed to produce the dependency. |
gitlab:dependency_scanning:source_file | Namespace for information about the file you can edit to manage the dependency. |
gitlab:dependency_scanning:package_manager | Namespace for information about the package manager associated with the dependency. |
gitlab:dependency_scanning:language | Namespace for information about the programming language associated with the dependency. |
| Property | Description | Example values | Property of |
gitlab:dependency_scanning:input_file:path | The path, relative to the root of the repository, to the file analyzed to produce the dependency. Usually, the lock file. |
package-lock.json, Gemfile.lock, go.sum
|
metadata, component
|
gitlab:dependency_scanning:source_file namespace taxonomy
| Property | Description | Example values | Property of |
gitlab:dependency_scanning:source_file:path | The path, relative to the root of the repository, to the file you can edit to manage the dependency. |
package.json, Gemfile, go.mod
|
metadata, component
|
gitlab:dependency_scanning:package_manager namespace taxonomy
| Property | Description | Example values | Property of |
gitlab:dependency_scanning:package_manager:name | The name of the package manager associated with the dependency |
npm, bundler, go
|
metadata, component
|
gitlab:dependency_scanning:language namespace taxonomy
| Property | Description | Example values | Property of |
gitlab:dependency_scanning:language:name | The name of the programming language associated with the dependency |
JavaScript, Ruby, Go
|
metadata, component
|
gitlab:container_scanning namespace taxonomy
Namespaces
| Namespace | Description |
gitlab:container_scanning:image | Namespace for information about the scanned image. |
gitlab:container_scanning:operating_system | Namespace for information about the operating system associated with the scanned image. |
gitlab:container_scanning:image namespace taxonomy
| Property | Description | Example values | Property of |
gitlab:container_scanning:image:name | The name of the scanned image. | registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium/tmp/main |
metadata, component
|
gitlab:container_scanning:image:tag | The tag of the scanned image. | 91d61f07e0a4b3dd34b39d77f47f6f9bf48cde0a |
metadata, component
|
gitlab:container_scanning:operating_system namespace taxonomy
| Property | Description | Example values | Property of |
gitlab:container_scanning:operating_system:name | The name of the operation system. | alpine |
metadata, component
|
gitlab:container_scanning:operating_system:version | The version of the operation system. | 3.1.8 |
metadata, component
|