GitLab CycloneDX property taxonomy
This document defines the namespaces and properties used by the gitlab namespace
in the CycloneDX Property Taxonomy.
Before making changes to this file, please reach out to the threat insights engineering team,
@gitlab-org/govern/threat-insights.
Where properties should be located
The Property of column describes what object a property may be attached to.
- Properties attached to the
metadataapply to all objects in the document. - Properties attached to an individual object apply to that object and any others nested underneath it.
- Objects which may nest themselves (such as
components) may only have properties applied to the top-level object.
gitlab namespace taxonomy
| Namespace | Description |
|---|---|
meta | Namespace for data about the property schema. |
dependency_scanning | Namespace for data related to dependency scanning. |
container_scanning | Namespace for data related to container scanning. |
gitlab:meta namespace taxonomy
| Property | Description | Property of |
|---|---|---|
gitlab:meta:schema_version | Used by GitLab to determine how to parse the properties in a report. Must be 1. | metadata |
gitlab:dependency_scanning namespace taxonomy
Properties
| Property | Description | Example values | Property of |
|---|---|---|---|
gitlab:dependency_scanning:category | The name of the category or dependency group that the dependency belongs to. If no category is specified, production is used by default. | production, development, test | components |
Namespaces
| Namespace | Description |
|---|---|
gitlab:dependency_scanning:input_file | Namespace for information about the input file analyzed to produce the dependency. |
gitlab:dependency_scanning:source_file | Namespace for information about the file you can edit to manage the dependency. |
gitlab:dependency_scanning:package_manager | Namespace for information about the package manager associated with the dependency. |
gitlab:dependency_scanning:language | Namespace for information about the programming language associated with the dependency. |
gitlab:dependency_scanning:input_file namespace taxonomy
| Property | Description | Example values | Property of |
|---|---|---|---|
gitlab:dependency_scanning:input_file:path | The path, relative to the root of the repository, to the file analyzed to produce the dependency. Usually, the lock file. | package-lock.json, Gemfile.lock, go.sum | metadata, component |
gitlab:dependency_scanning:source_file namespace taxonomy
| Property | Description | Example values | Property of |
|---|---|---|---|
gitlab:dependency_scanning:source_file:path | The path, relative to the root of the repository, to the file you can edit to manage the dependency. | package.json, Gemfile, go.mod | metadata, component |
gitlab:dependency_scanning:package_manager namespace taxonomy
| Property | Description | Example values | Property of |
|---|---|---|---|
gitlab:dependency_scanning:package_manager:name | The name of the package manager associated with the dependency | npm, bundler, go | metadata, component |
gitlab:dependency_scanning:language namespace taxonomy
| Property | Description | Example values | Property of |
|---|---|---|---|
gitlab:dependency_scanning:language:name | The name of the programming language associated with the dependency | JavaScript, Ruby, Go | metadata, component |
gitlab:container_scanning namespace taxonomy
Namespaces
| Namespace | Description |
|---|---|
gitlab:container_scanning:image | Namespace for information about the scanned image. |
gitlab:container_scanning:operating_system | Namespace for information about the operating system associated with the scanned image. |
gitlab:container_scanning:image namespace taxonomy
| Property | Description | Example values | Property of |
|---|---|---|---|
gitlab:container_scanning:image:name | The name of the scanned image. | registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium/tmp/main | metadata, component |
gitlab:container_scanning:image:tag | The tag of the scanned image. | 91d61f07e0a4b3dd34b39d77f47f6f9bf48cde0a | metadata, component |
gitlab:container_scanning:operating_system namespace taxonomy
| Property | Description | Example values | Property of |
|---|---|---|---|
gitlab:container_scanning:operating_system:name | The name of the operation system. | alpine | metadata, component |
gitlab:container_scanning:operating_system:version | The version of the operation system. | 3.1.8 | metadata, component |
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support