From c565c7a4884b142c38706fa0d0e3782c145d768d Mon Sep 17 00:00:00 2001 From: Joshua Watt Date: Tue, 23 Apr 2024 11:12:04 -0600 Subject: [PATCH] Add SupportRelationship Adds a new SupportRelationship that uses a derived Relationship to indicate support, since this allows associating the support with a specific entity. Signed-off-by: Joshua Watt --- model/Core/Classes/SupportRelationship.md | 37 +++++++++++++++++++++ model/Core/Vocabularies/RelationshipType.md | 1 + 2 files changed, 38 insertions(+) create mode 100644 model/Core/Classes/SupportRelationship.md diff --git a/model/Core/Classes/SupportRelationship.md b/model/Core/Classes/SupportRelationship.md new file mode 100644 index 000000000..58d49e591 --- /dev/null +++ b/model/Core/Classes/SupportRelationship.md @@ -0,0 +1,37 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# SupportRelationship + +## Summary + +Describes how an Agent Provides Support for an Element + +## Description + +Specifies how an Agent supports a given Element. The Relationship Type must be +`providesSupportFor`. The `from` of the relationship is the `Agent` providing +support, and the `to` are the `Artifact` for which support is being provided. + +`startTime` and `endTime` are mandatory when using this class. + +## Metadata + +- name: SupportRelationship +- SubclassOf: Relationship +- Instantiability: Concrete + +## Properties + +- supportLevel + - type: SupportType + - minCount: 1 + - maxCount: 1 + +## External properties restrictions + +- /Core/Relationship/startTime + - minCount: 1 + - maxCount: 1 +- /Core/Relationship/endTime + - minCount: 1 + - maxCount: 1 diff --git a/model/Core/Vocabularies/RelationshipType.md b/model/Core/Vocabularies/RelationshipType.md index 7af980ed0..48b4c000b 100644 --- a/model/Core/Vocabularies/RelationshipType.md +++ b/model/Core/Vocabularies/RelationshipType.md @@ -75,6 +75,7 @@ name completes the sentence: - other: Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless) - packagedBy: Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`) - patchedBy: Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`) +- providesSupportFor: The `from` Agent provides support for each `to` Artifact. Must be a `SupportRelationship` type - publishedBy: (Security) Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent - reportedBy: (Security) Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent - republishedBy: (Security) Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by a `to` Agent(s)