Skip to content

Software Package

The Software Package object describes details about a software package. Defined by D3FEND d3f:SoftwarePackage.

Attributes

Section titled “Attributes”

name

  • Type: string_t
  • Requirement: required

The software package name.

version

  • Type: string_t
  • Requirement: required

The software package version.

architecture

  • Type: string_t
  • Requirement: recommended

Architecture is a shorthand name describing the type of computer hardware the packaged software is meant to run on.

type_id

  • Type: integer_t
  • Requirement: recommended
  • Values:
    • 0 - Unknown: The type is unknown.
    • 1 - Application: An application software package.
    • 2 - Operating System: An operating system software package.
    • 99 - Other: The type is not mapped. See the type attribute, which contains a data source specific value.

The type of software package.

cpe_name

  • Type: string_t
  • Requirement: optional

The Common Platform Enumeration (CPE) name as described by (NIST) For example: cpe:/a:apple:safari:16.2.

epoch

  • Type: integer_t
  • Requirement: optional

The software package epoch. Epoch is a way to define weighted dependencies based on version numbers.

hash

Cryptographic hash to identify the binary instance of a software component. This can include any component such file, package, or library.

license

  • Type: string_t
  • Requirement: optional

The software license applied to this package.

purl

  • Type: string_t
  • Requirement: optional

A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases.

release

  • Type: string_t
  • Requirement: optional

Release is the number of times a version of the software has been packaged.

type

  • Type: string_t
  • Requirement: optional

The type of software package, normalized to the caption of the type_id value. In the case of ‘Other’, it is defined by the source.

vendor_name

  • Type: string_t
  • Requirement: optional

The name of the vendor who published the software package.

Used By

Section titled “Used By”