cyclonedx-property-taxonomy

cdx Namespace Taxonomy

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC2119.

Boolean value are true or false. Case sensitive.

Property Description
cdx:reproducible Whether the CycloneDX document has been generated in a reproducible manner: if so, then time- or random-based values MUST be omitted, and elements order SHOULD be reproducible. Boolean value. MAY appear only once. SHOULD be used in $.metadata.properties.
Namespace Description Administered By Taxonomy
cdx:composer Namespace for properties specific to the PHP Composer ecosystem. CycloneDX PHP Maintainers cdx:composer taxonomy
cdx:device Namespace for properties specific to hardware devices. CycloneDX Core Working Group cdx:device taxonomy
cdx:gomod Namespace for properties specific to the Go Module ecosystem. CycloneDX Go Maintainers cdx:gomod taxonomy
cdx:lifecycle Namespace for properties specific to component and service lifecycles. CycloneDX Core Working Group cdx:lifecycle taxonomy
cdx:maven Namespace for properties specific to the Maven ecosystem. CycloneDX Maven Maintainers cdx:maven taxonomy
cdx:npm Namespace for properties specific to the Node NPM ecosystem. CycloneDX JavaScript Maintainers cdx:npm taxonomy
cdx:pipenv Namespace for properties specific to the Python Pipenv ecosystem. CycloneDX Python Maintainers cdx:pipenv taxonomy
cdx:poetry Namespace for properties specific to the Python Poetry ecosystem. CycloneDX Python Maintainers cdx:poetry taxonomy
cdx:python Namespace for properties specific to the Python general packaging. CycloneDX Python Maintainers cdx:python taxonomy
cdx:rustc Namespace for properties specific to the Rust compiler, rustc. CycloneDX Rust Maintainers cdx:rustc taxonomy

Registering cdx Namespaces and Properties

The process for registering new cdx namespaces and properties is to create a new issue requesting it.

If you are requesting a new namespace directly under the cdx namespace, the request will be reviewed by the Core Working Group.

If you are requesting a new namespace or property under one of the namespaces within cdx, it will be reviewed by the team identified in the table above.