GitLab CycloneDX property taxonomy
This document defines the namespaces and properties used by the gitlab
namespace
in the CycloneDX Property Taxonomy.
Before making changes to this file, please reach out to the threat insights engineering team,
@gitlab-org/govern/threat-insights
.
Where properties should be located
The Property of
column describes what object a property may be attached to.
- Properties attached to the
metadata
apply to all objects in the document. - Properties attached to an individual object apply to that object and any others nested underneath it.
- Objects which may nest themselves (such as
components
) may only have properties applied to the top-level object.
gitlab
namespace taxonomy
Namespace | Description |
---|---|
meta | Namespace for data about the property schema. |
dependency_scanning | Namespace for data related to dependency scanning. |
container_scanning | Namespace for data related to container scanning. |
gitlab:meta
namespace taxonomy
Property | Description | Property of |
---|---|---|
gitlab:meta:schema_version | Used by GitLab to determine how to parse the properties in a report. Must be 1 . | metadata |
gitlab:dependency_scanning
namespace taxonomy
Properties
Property | Description | Example values | Property of |
---|---|---|---|
gitlab:dependency_scanning:category | The name of the category or dependency group that the dependency belongs to. If no category is specified, production is used by default. | production , development , test | components |
Namespaces
Namespace | Description |
---|---|
gitlab:dependency_scanning:input_file | Namespace for information about the input file analyzed to produce the dependency. |
gitlab:dependency_scanning:source_file | Namespace for information about the file you can edit to manage the dependency. |
gitlab:dependency_scanning:package_manager | Namespace for information about the package manager associated with the dependency. |
gitlab:dependency_scanning:language | Namespace for information about the programming language associated with the dependency. |
gitlab:dependency_scanning:input_file
namespace taxonomy
Property | Description | Example values | Property of |
---|---|---|---|
gitlab:dependency_scanning:input_file:path | The path, relative to the root of the repository, to the file analyzed to produce the dependency. Usually, the lock file. | package-lock.json , Gemfile.lock , go.sum | metadata , component |
gitlab:dependency_scanning:source_file
namespace taxonomy
Property | Description | Example values | Property of |
---|---|---|---|
gitlab:dependency_scanning:source_file:path | The path, relative to the root of the repository, to the file you can edit to manage the dependency. | package.json , Gemfile , go.mod | metadata , component |
gitlab:dependency_scanning:package_manager
namespace taxonomy
Property | Description | Example values | Property of |
---|---|---|---|
gitlab:dependency_scanning:package_manager:name | The name of the package manager associated with the dependency | npm , bundler , go | metadata , component |
gitlab:dependency_scanning:language
namespace taxonomy
Property | Description | Example values | Property of |
---|---|---|---|
gitlab:dependency_scanning:language:name | The name of the programming language associated with the dependency | JavaScript , Ruby , Go | metadata , component |
gitlab:container_scanning
namespace taxonomy
Namespaces
Namespace | Description |
---|---|
gitlab:container_scanning:image | Namespace for information about the scanned image. |
gitlab:container_scanning:operating_system | Namespace for information about the operating system associated with the scanned image. |
gitlab:container_scanning:image
namespace taxonomy
Property | Description | Example values | Property of |
---|---|---|---|
gitlab:container_scanning:image:name | The name of the scanned image. | registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium/tmp/main | metadata , component |
gitlab:container_scanning:image:tag | The tag of the scanned image. | 91d61f07e0a4b3dd34b39d77f47f6f9bf48cde0a | metadata , component |
gitlab:container_scanning:operating_system
namespace taxonomy
Property | Description | Example values | Property of |
---|---|---|---|
gitlab:container_scanning:operating_system:name | The name of the operation system. | alpine | metadata , component |
gitlab:container_scanning:operating_system:version | The version of the operation system. | 3.1.8 | metadata , component |
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support