component-detection-manifest.json (SchemaStore) JSON Schema

Type	CGManifest
File match	`cdmanifest.json` `cgmanifest.json`
Schema URL	https://catalog.lintel.tools/schemas/schemastore/component-detection-manifest-json/latest.json
Source	https://www.schemastore.org/component-detection-manifest.json

ActorInfo object

Represents an actor (person, organization, or software agent). At least one of name, email, or url should be populated.

name string

email string

format=email

url string

format=uri

type string

Values: "Person" "Organization" "SoftwareAgent"

CGManifest object

registrations Registration[] required

version integer required

Registration object

component object required

One of: Cargo object, Git object, Go object, Linux object, Maven object, Npm object, NuGet object, Other object, Pip object, Pod object, RubyGems object, VCPKG object

dependencyRoots Component[]

developmentDependency boolean

detectedComponentLocations string[]

Additional locations impacted by this component, relative to the cgmanifest.json file or using the {SourceFileRoot} placeholder.

licensesConcluded string[]

SPDX license expression(s) as resolved via ClearlyDefined API or curations.

suppliers ActorInfo[]

Entities that supplied/published the component.

Component object

Cargo object

type string required

Values: "cargo"

cargo object required

7 nested properties

name string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

Git object

type string required

Values: "git"

git object required

8 nested properties

commitHash string required

repositoryUrl string required

format=uri

tag string

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

Go object

type string required

Values: "go"

go object required

7 nested properties

name string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

Linux object

type string required

Values: "linux"

linux object required

11 nested properties

name string required

version string required

distribution string required

release string required

key-URL string

format=uri

pool-URL string

format=uri

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

Maven object

type string required

Values: "maven"

maven object required

8 nested properties

groupId string required

artifactId string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

Npm object

type string required

Values: "npm"

npm object required

7 nested properties

name string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

NuGet object

type string required

Values: "nuget"

nuget object required

7 nested properties

name string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

Other object

type string required

Values: "other"

other object required

8 nested properties

name string required

version string required

downloadUrl string required

format=uri

hash string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

sourceUrl string

Source code repository URL.

format=uri

Pip object

type string required

Values: "pip"

pip object required

7 nested properties

name string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

Pod object

type string required

Values: "pod"

pod object required

7 nested properties

name string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

RubyGems object

type string required

Values: "rubygems"

rubygems object required

7 nested properties

name string required

version string required

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

VCPKG object

type string required

Values: "vcpkg"

vcpkg object required

12 nested properties

spdxId string required

name string required

version string

downloadLocation string

triplet string

description string

portVersion integer

licenses string[]

SPDX license expression(s) declared by the package author.

authorsInfo ActorInfo[]

Structured author/creator identity (SPDX 3.0.1 originatedBy).

packageUrl string

Package URL per the purl-spec.

downloadUrl string

Direct download URL for the package binary.

format=uri

sourceUrl string

Source code repository URL.

format=uri

component-detection-manifest.json

Validate with Lintel

Definitions