File Coverage

blib/lib/SBOM/CycloneDX/Enum/ExternalReferenceType.pm

Criterion	Covered	Total	%
statement	20	20	100.0
branch			n/a
condition			n/a
subroutine	7	7	100.0
pod	0	1	0.0
total	27	28	96.4

line	stmt	sub	pod	time	code
1					package SBOM::CycloneDX::Enum::ExternalReferenceType;
2
3	16	16		286	use 5.010001;
	16			63
4	16	16		93	use strict;
	16			35
	16			673
5	16	16		94	use warnings;
	16			33
	16			907
6	16	16		114	use utf8;
	16			34
	16			123
7
8	16	16		737	use Exporter 'import';
	16			53
	16			5595
9					our (@EXPORT_OK, %EXPORT_TAGS, %ENUM);
10
11					BEGIN {
12
13	16	16		804	%ENUM = (
14					VCS => 'vcs',
15					ISSUE_TRACKER => 'issue-tracker',
16					WEBSITE => 'website',
17					ADVISORIES => 'advisories',
18					BOM => 'bom',
19					MAILING_LIST => 'mailing-list',
20					SOCIAL => 'social',
21					CHAT => 'chat',
22					DOCUMENTATION => 'documentation',
23					SUPPORT => 'support',
24					SOURCE_DISTRIBUTION => 'source-distribution',
25					DISTRIBUTION => 'distribution',
26					DISTRIBUTION_INTAKE => 'distribution-intake',
27					LICENSE => 'license',
28					BUILD_META => 'build-meta',
29					BUILD_SYSTEM => 'build-system',
30					RELEASE_NOTES => 'release-notes',
31					SECURITY_CONTACT => 'security-contact',
32					MODEL_CARD => 'model-card',
33					LOG => 'log',
34					CONFIGURATION => 'configuration',
35					EVIDENCE => 'evidence',
36					FORMULATION => 'formulation',
37					ATTESTATION => 'attestation',
38					THREAT_MODEL => 'threat-model',
39					ADVERSARY_MODEL => 'adversary-model',
40					RISK_ASSESSMENT => 'risk-assessment',
41					VULNERABILITY_ASSERTION => 'vulnerability-assertion',
42					EXPLOITABILITY_STATEMENT => 'exploitability-statement',
43					PENTEST_REPORT => 'pentest-report',
44					STATIC_ANALYSIS_REPORT => 'static-analysis-report',
45					DYNAMIC_ANALYSIS_REPORT => 'dynamic-analysis-report',
46					RUNTIME_ANALYSIS_REPORT => 'runtime-analysis-report',
47					COMPONENT_ANALYSIS_REPORT => 'component-analysis-report',
48					MATURITY_REPORT => 'maturity-report',
49					CERTIFICATION_REPORT => 'certification-report',
50					CODIFIED_INFRASTRUCTURE => 'codified-infrastructure',
51					QUALITY_METRICS => 'quality-metrics',
52					POAM => 'poam',
53					ELECTRONIC_SIGNATURE => 'electronic-signature',
54					DIGITAL_SIGNATURE => 'digital-signature',
55					RFC_9116 => 'rfc-9116',
56					PATENT => 'patent',
57					PATENT_FAMILY => 'patent-family',
58					PATENT_ASSERTION => 'patent-assertion',
59					CITATION => 'citation',
60					OTHER => 'other',
61					);
62
63	16			143	require constant;
64	16			5757	constant->import(\%ENUM);
65
66	16			574	@EXPORT_OK = sort keys %ENUM;
67	16			2382	%EXPORT_TAGS = (all => \@EXPORT_OK);
68
69					}
70
71	17	17	0	534	sub values { sort values %ENUM }
72
73
74					1;
75
76					=encoding utf-8
77
78					=head1 NAME
79
80					SBOM::CycloneDX::Enum::ExternalReferenceType - External Reference Type
81
82					=head1 SYNOPSIS
83
84					use SBOM::CycloneDX::Enum qw(EXTERNAL_REFERENCE_TYPE);
85
86					say EXTERNAL_REFERENCE_TYPE->ISSUE_TRACKER;
87
88
89					use SBOM::CycloneDX::Enum::ExternalReferenceType;
90
91					say SBOM::CycloneDX::Enum::ExternalReferenceType->DOCUMENTATION;
92
93
94					use SBOM::CycloneDX::Enum::ExternalReferenceType qw(:all);
95
96					say ADVISORIES;
97
98
99					=head1 DESCRIPTION
100
101					L is ENUM package used by L.
102
103					Specifies the type of external reference.
104
105
106					=head1 CONSTANTS
107
108					=over
109
110					=item * C, Version Control System
111
112					=item * C, Issue or defect tracking system, or an
113					Application Lifecycle Management (ALM) system
114
115					=item * C, Website
116
117					=item * C, Security advisories
118
119					=item * C, Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)
120
121					=item * C, Mailing list or discussion group
122
123					=item * C, Social media account
124
125					=item * C, Real-time chat platform
126
127					=item * C, Documentation, guides, or how-to instructions
128
129					=item * C, Community or commercial support
130
131					=item * C, The location where the source code
132					distributable can be obtained. This is often an archive format such as zip
133					or tgz. The source-distribution type complements use of the version control
134					(vcs) type.
135
136					=item * C, Direct or repository download location
137
138					=item * C, The location where a component was
139					published to. This is often the same as "distribution" but may also include
140					specialized publishing processes that act as an intermediary.
141
142					=item * C, The reference to the license file. If a license URL has
143					been defined in the license node, it should also be defined as an external
144					reference for completeness.
145
146					=item * C, Build-system specific meta file (i.e. pom.xml,
147					package.json, .nuspec, etc)
148
149					=item * C, Reference to an automated build system
150
151					=item * C, Reference to release notes
152
153					=item * C, Specifies a way to contact the maintainer,
154					supplier, or provider in the event of a security incident. Common URIs
155					include links to a disclosure procedure, a mailto (RFC-2368) that specifies
156					an email address, a tel (RFC-3966) that specifies a phone number, or dns
157					(RFC-4501) that specifies the records containing DNS Security TXT.
158
159					=item * C, A model card describes the intended uses of a
160					machine learning model, potential limitations, biases, ethical
161					considerations, training parameters, datasets used to train the model,
162					performance metrics, and other relevant data useful for ML transparency.
163
164					=item * C, A record of events that occurred in a computer system or
165					application, such as problems, errors, or information on current
166					operations.
167
168					=item * C, Parameters or settings that may be used by other
169					components or services.
170
171					=item * C, Information used to substantiate a claim.
172
173					=item * C, Describes the formulation of any referencable
174					object within the BOM, including components, services, metadata,
175					declarations, or the BOM itself.
176
177					=item * C, Human or machine-readable statements containing
178					facts, evidence, or testimony.
179
180					=item * C, An enumeration of identified weaknesses, threats,
181					and countermeasures, dataflow diagram (DFD), attack tree, and other
182					supporting documentation in human-readable or machine-readable format.
183
184					=item * C, The defined assumptions, goals, and
185					capabilities of an adversary.
186
187					=item * C, Identifies and analyzes the potential of future
188					events that may negatively impact individuals, assets, and/or the
189					environment. Risk assessments may also include judgments on the
190					tolerability of each risk.
191
192					=item * C, A Vulnerability Disclosure Report (VDR)
193					which asserts the known and previously unknown vulnerabilities that affect
194					a component, service, or product including the analysis and findings
195					describing the impact (or lack of impact) that the reported vulnerability
196					has on a component, service, or product.
197
198					=item * C, A Vulnerability Exploitability
199					eXchange (VEX) which asserts the known vulnerabilities that do not affect a
200					product, product family, or organization, and optionally the ones that do.
201					The VEX should include the analysis and findings describing the impact (or
202					lack of impact) that the reported vulnerability has on the product, product
203					family, or organization.
204
205					=item * C, Results from an authorized simulated cyberattack
206					on a component or service, otherwise known as a penetration test.
207
208					=item * C, SARIF or proprietary machine or
209					human-readable report for which static analysis has identified code
210					quality, security, and other potential issues with the source code.
211
212					=item * C, Dynamic analysis report that has
213					identified issues such as vulnerabilities and misconfigurations.
214
215					=item * C, Report generated by analyzing the call
216					stack of a running application.
217
218					=item * C, Report generated by Software
219					Composition Analysis (SCA), container analysis, or other forms of component
220					analysis.
221
222					=item * C, Report containing a formal assessment of an
223					organization, business unit, or team against a maturity model.
224
225					=item * C, Industry, regulatory, or other
226					certification from an accredited (if applicable) certification body.
227
228					=item * C, Code or configuration that defines and
229					provisions virtualized infrastructure, commonly referred to as
230					Infrastructure as Code (IaC).
231
232					=item * C, Report or system in which quality metrics can
233					be obtained.
234
235					=item * C, Plans of Action and Milestones (POA&M) complement an
236					"attestation" external reference. POA&M is defined by NIST as a "document
237					that identifies tasks needing to be accomplished. It details resources
238					required to accomplish the elements of the plan, any milestones in meeting
239					the tasks and scheduled completion dates for the milestones".
240
241					=item * C, An e-signature is commonly a scanned
242					representation of a written signature or a stylized script of the person's
243					name.
244
245					=item * C, A signature that leverages cryptography,
246					typically public/private key pairs, which provides strong authenticity
247					verification.
248
249					=item * C, Document that complies with L
250					9116\|https://www.ietf.org/rfc/rfc9116.html> (A File Format to Aid in
251					Security Vulnerability Disclosure)
252
253					=item * C, References information about patents which may be
254					defined in human-readable documents or in machine-readable formats such as
255					CycloneDX or ST.96. For detailed patent information or to reference the
256					information provided directly by patent offices, it is recommended to
257					leverage standards from the World Intellectual Property Organization (WIPO)
258					such as L.
259
260					=item * C, References information about a patent family
261					which may be defined in human-readable documents or in machine-readable
262					formats such as CycloneDX or ST.96. A patent family is a group of related
263					patent applications or granted patents that cover the same or similar
264					invention. For detailed patent family information or to reference the
265					information provided directly by patent offices, it is recommended to
266					leverage standards from the World Intellectual Property Organization (WIPO)
267					such as L.
268
269					=item * C, References assertions made regarding patents
270					associated with a component or service. Assertions distinguish between
271					ownership, licensing, and other relevant interactions with patents.
272
273					=item * C, A reference to external citations applicable to the
274					object identified by this BOM entry or the BOM itself. When used with a
275					BOM-Link, this allows offloading citations into a separate CycloneDX BOM.
276
277					=item * C, Use this if no other types accurately describe the
278					purpose of the external reference.
279
280					=back
281
282					=head1 SUPPORT
283
284					=head2 Bugs / Feature Requests
285
286					Please report any bugs or feature requests through the issue tracker
287					at L.
288					You will be notified automatically of any progress on your issue.
289
290					=head2 Source Code
291
292					This is open source software. The code repository is available for
293					public review and contribution under the terms of the license.
294
295					L
296
297					git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
298
299
300					=head1 AUTHOR
301
302					=over 4
303
304					=item * Giuseppe Di Terlizzi
305
306					=back
307
308
309					=head1 LICENSE AND COPYRIGHT
310
311					This software is copyright (c) 2025-2026 by Giuseppe Di Terlizzi.
312
313					This is free software; you can redistribute it and/or modify it under
314					the same terms as the Perl 5 programming language system itself.
315
316					=cut