The Data Model

You can generate a graph for the data model with graphmodels.

python manage.py graph_models -a -g -o hermine_models.svg
python manage.py graph_models -a > hermine_models.dot

Models for license management

class cube.models.licenses.Generic(*args, **kwargs)

A Compliance action linked to several :class Obligation.

Parameters:

  • id (AutoField) – ID

  • created (DateTimeField) – created

  • updated (DateTimeField) – updated

  • name (CharField) – Short description of the compliance action. Unique.

  • description (TextField) – Longer description, optional.

  • in_core (BooleanField) – If True, means this compliance action is assumed to systematically fit to the enterprise policy. Otherwise, means it has to be manually checked.

  • metacategory (CharField) – A category of compliance action.. Possible values: Communication, IPManagement, LicenseAgreement, Mentions, ProvidingSourceCode, TechnicalConstraints.

  • team_id (ForeignKey) – team

  • passivity (CharField) – A compliance action needs to conduct some kind of action(Active) or NOT to do specific things (Passive). Possible values: Active, Passive.

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.licenses.License(*args, **kwargs)

A license identified by its SPDX id.

Parameters:

  • id (AutoField) – ID

  • created (DateTimeField) – created

  • updated (DateTimeField) – updated

  • spdx_id (CharField) – SPDX Identifier

  • status (CharField) – Review status. Possible values: Checked, Pending, To_Discuss, To_Check.

  • long_name (CharField) – Name

  • categories (CharField) – categories

  • steward (CharField) – steward

  • copyleft (CharField) – copyleft. Possible values: None, Strong, Weak, Network, NetworkWeak.

  • allowed (CharField) – OSS Policy. Possible values: always, never, context, notfoss, .

  • allowed_explanation (TextField) – OSS Policy explanation

  • url (URLField) – url

  • osi_approved (BooleanField) – OSI Approved

  • fsf_approved (BooleanField) – FSF Approved

  • foss (CharField) – Actually FOSS. Possible values: Yes, Yes-Auto, No, No-Auto.

  • patent_grant (BooleanField) – patent grant

  • ethical_clause (BooleanField) – ethical clause

  • non_commercial (BooleanField) – Only non-commercial use

  • non_tivoisation (BooleanField) – non tivoisation

  • liability (CharField) – Limitation of Liability. Possible values: Full, Partial, Absent.

  • warranty (CharField) – Disclaimer of Warranty. Possible values: Full, Partial, Absent.

  • law_choice (CharField) – law choice

  • venue_choice (CharField) – venue choice

  • comment (TextField) – This field will be included when exporting license for public sharing

  • verbatim (TextField) – Only necessary if the license has no official SPDX ID

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.licenses.Obligation(*args, **kwargs)

An obligation deduced from a license verbatim. An obligation comes from only one license.

Parameters:

  • id (AutoField) – ID

  • license_id (ForeignKey) – The License instance that implies the current obligation.

  • generic_id (ForeignKey) – generic

  • name (CharField) – name

  • verbatim (TextField) – Full text of the obligation, out of the license itself

  • passivity (CharField) – If the obligation is “Active” (under certain condition you SHOULD perform some action) or”Passive” (under certain condition you SHOULD NOT do something). Possible values: Active, Passive.

  • trigger_expl (CharField) – The context necessary to trigger this obligation. Possible values: DistributionSourceDistributionNonSource, DistributionSource, DistributionNonSource, NetworkAccess, InternalUse.

  • trigger_mdf (CharField) – Status of modication necessary to trigger this obligation. Possible values: Altered, Unmodified, AlteredUnmodified.

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.licenses.Team(*args, **kwargs)

A team assigned to generics obligations.

Parameters:

  • id (AutoField) – ID

  • name (CharField) – name

  • icon (CharField) – icon

exception DoesNotExist
exception MultipleObjectsReturned

Models for validation rules

class cube.models.policy.AbstractComponentRule(*args, **kwargs)
Parameters:

  • component_id (ForeignKey) – component

  • version_constraint (SpecField) – Example: >=0.1.1,<0.3.0

  • version_id (ForeignKey) – Optional : apply to a specific component version only. In this case, leave the component and version constraint fields empty.

save(*args, **kwargs)

Save the current instance. Override this in a subclass if you want to control the saving process.

The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.

class cube.models.policy.AbstractUsageRule(*args, **kwargs)

A mixin for all models in this file to filter a decision by component or usage.

Parameters:

  • component_id (ForeignKey) – component

  • version_constraint (SpecField) – Example: >=0.1.1,<0.3.0

  • version_id (ForeignKey) – Optional : apply to a specific component version only. In this case, leave the component and version constraint fields empty.

  • created (DateTimeField) – created

  • updated (DateTimeField) – updated

  • author_id (ForeignKey) – author

  • category_id (ForeignKey) – category

  • product_id (ForeignKey) – product

  • release_id (ForeignKey) – release

  • scope (CharField) – Leave blank to apply for any scope

  • exploitation (CharField) – exploitation. Possible values: DistributionSourceDistributionNonSource, DistributionSource, DistributionNonSource, NetworkAccess, InternalUse.

class cube.models.policy.Derogation(*args, **kwargs)

A derogation to policy allowing use of a license, which can be generalized to a component, a release or a product.

Parameters:

  • id (AutoField) – ID

  • component_id (ForeignKey) – component

  • version_constraint (SpecField) – Example: >=0.1.1,<0.3.0

  • version_id (ForeignKey) – Optional : apply to a specific component version only. In this case, leave the component and version constraint fields empty.

  • created (DateTimeField) – created

  • updated (DateTimeField) – updated

  • author_id (ForeignKey) – author

  • category_id (ForeignKey) – category

  • product_id (ForeignKey) – product

  • release_id (ForeignKey) – release

  • scope (CharField) – Leave blank to apply for any scope

  • exploitation (CharField) – exploitation. Possible values: DistributionSourceDistributionNonSource, DistributionSource, DistributionNonSource, NetworkAccess, InternalUse.

  • license_id (ForeignKey) – license

  • linking (CharField) – linking. Possible values: Aggregation, Dynamic, Static, Mingled.

  • modification (CharField) – modification. Possible values: Altered, Unmodified.

  • justification (TextField) – justification

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.policy.LicenseChoice(*args, **kwargs)

A choice of license for when a SPDX expressions contains ORs

Parameters:

  • id (AutoField) – ID

  • component_id (ForeignKey) – component

  • version_constraint (SpecField) – Example: >=0.1.1,<0.3.0

  • version_id (ForeignKey) – Optional : apply to a specific component version only. In this case, leave the component and version constraint fields empty.

  • created (DateTimeField) – created

  • updated (DateTimeField) – updated

  • author_id (ForeignKey) – author

  • category_id (ForeignKey) – category

  • product_id (ForeignKey) – product

  • release_id (ForeignKey) – release

  • scope (CharField) – Leave blank to apply for any scope

  • exploitation (CharField) – exploitation. Possible values: DistributionSourceDistributionNonSource, DistributionSource, DistributionNonSource, NetworkAccess, InternalUse.

  • expression_in (CharField) – The exact expression which must be changed

  • expression_out (CharField) – The final license expression chosen. Can still contains ANDs, and even ORs if you want to comply with all licenses and let the end user choose.

  • explanation (TextField) – explanation

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.policy.LicenseCuration(*args, **kwargs)

A human decision to replace an imported license string with the correct SPDX expression

Parameters:

  • id (AutoField) – ID

  • component_id (ForeignKey) – component

  • version_constraint (SpecField) – Example: >=0.1.1,<0.3.0

  • version_id (ForeignKey) – Optional : apply to a specific component version only. In this case, leave the component and version constraint fields empty.

  • created (DateTimeField) – created

  • updated (DateTimeField) – updated

  • author_id (ForeignKey) – author

  • declared_expression (CharField) – The declared expression before any curation (used only for curation exports)

  • expression_in (CharField) – The exact expression which must be changed

  • expression_out (CharField) – The expression which will replace expression_in

  • explanation (TextField) – explanation

exception DoesNotExist
exception MultipleObjectsReturned

Models for internal product management

class cube.models.products.Category(*args, **kwargs)

A category of product

Parameters:

  • id (AutoField) – ID

  • name (CharField) – name

  • description (TextField) – description

  • owner_id (ForeignKey) – owner

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.products.Exploitation(*args, **kwargs)

Stores how a release is exploited (so all its Usage can be updated accordingly)

Parameters:

  • id (AutoField) – ID

  • release_id (ForeignKey) – release

  • scope (CharField) – Leave blank to apply for any scope

  • project (CharField) – Leave blank to apply for any project

  • exploitation (CharField) – exploitation. Possible values: DistributionSourceDistributionNonSource, DistributionSource, DistributionNonSource, NetworkAccess, InternalUse.

exception DoesNotExist
exception MultipleObjectsReturned
class Usage(*args, **kwargs)

Qualifies how a Version of a component is used in a Release of a Product.

Parameters:

  • id (AutoField) – ID

  • release_id (ForeignKey) – release

  • version_id (ForeignKey) – version

  • status (CharField) – status. Possible values: Auto, Unknown, Validated, KO, Fixed.

  • addition_method (CharField) – addition method. Possible values: Scan, Manual.

  • addition_date (DateTimeField) – Last updated

  • linking (CharField) – The type of linking between this component and the main code base. Possible values: Aggregation, Dynamic, Static, Mingled.

  • component_modified (CharField) – component modified. Possible values: Altered, Unmodified.

  • exploitation (CharField) – The way this component is distributed/exploited. Possible values: DistributionSourceDistributionNonSource, DistributionSource, DistributionNonSource, NetworkAccess, InternalUse.

  • description (TextField) – description

  • scope (CharField) – scope

  • project (CharField) – project

  • license_expression (CharField) – license expression

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.products.Product(*args, **kwargs)

A product which dependencies are to be audited.

Parameters:

  • id (AutoField) – ID

  • name (CharField) – name

  • description (TextField) – description

  • owner_id (ForeignKey) – owner

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.products.Release(*args, **kwargs)

A specific release of a product

Parameters:

  • id (AutoField) – ID

  • product_id (ForeignKey) – product

  • release_number (CharField) – Must be unique for a product

  • ship_status (CharField) – ship status. Possible values: Archived, Active, Published.

  • pub_date (DateTimeField) – date published

  • valid_step (IntegerField) – Validation Step

  • commit (CharField) – Commit hash or ref

exception DoesNotExist
exception MultipleObjectsReturned

Models for 3rd party components

class cube.models.components.Component(*args, **kwargs)

A third party FOSS Component.

Parameters:

  • id (AutoField) – ID

  • name (CharField) – Unique name of the FOSS component.

  • purl_type (CharField) – purl package type

  • description (TextField) – description

  • programming_language (CharField) – programming language

  • spdx_expression (CharField) – spdx expression

  • homepage_url (URLField) – homepage url

  • export_control_status (CharField) – export control status. Possible values: CL, TBC, CONF.

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.components.Funding(*args, **kwargs)

A funding source of a third party component

Parameters:

  • id (AutoField) – ID

  • component_id (ForeignKey) – component

  • url (URLField) – url

  • type (CharField) – type

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.components.Usage(*args, **kwargs)

Qualifies how a Version of a component is used in a Release of a Product.

Parameters:

  • id (AutoField) – ID

  • release_id (ForeignKey) – release

  • version_id (ForeignKey) – version

  • status (CharField) – status. Possible values: Auto, Unknown, Validated, KO, Fixed.

  • addition_method (CharField) – addition method. Possible values: Scan, Manual.

  • addition_date (DateTimeField) – Last updated

  • linking (CharField) – The type of linking between this component and the main code base. Possible values: Aggregation, Dynamic, Static, Mingled.

  • component_modified (CharField) – component modified. Possible values: Altered, Unmodified.

  • exploitation (CharField) – The way this component is distributed/exploited. Possible values: DistributionSourceDistributionNonSource, DistributionSource, DistributionNonSource, NetworkAccess, InternalUse.

  • description (TextField) – description

  • scope (CharField) – scope

  • project (CharField) – project

  • license_expression (CharField) – license expression

exception DoesNotExist
exception MultipleObjectsReturned
class cube.models.components.Version(*args, **kwargs)

A specific version of a third party component

Parameters:

  • id (AutoField) – ID

  • component_id (ForeignKey) – component

  • version_number (CharField) – version number

  • declared_license_expr (CharField) – Declared license expression (may not be SPDX valid)

  • spdx_valid_license_expr (CharField) – License expression concluded by analyzing tool (e.g. ORT)

  • corrected_license (CharField) – Final license expression used in legal evaluation (required when validated expression is ambiguous or empty)

  • purl (CharField) – Package URL (https://github.com/package-url/purl-spec)

exception DoesNotExist
exception MultipleObjectsReturned
property licenses

Get all licenses object listed in effective_license expression

save(*args, **kwargs)

Save the current instance. Override this in a subclass if you want to control the saving process.

The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.