Knowledge Graph

Information about the dependency ecosystem is stored in the form of a knowledge graph. In a knowledge graph, nodes do not have strict types. Node describing a file in the mozilla-central tree, for example, can be identified by having outgoing edges of type ns:fx.mc.file.part_of, ns:fx.mc.file.path, or any other type within the ns:fx.mc.file namespace.

Namespace

Thhis is the current namespace definition

NS = {
    "ns": {
        "bz": {
            "product": {
                "name": None,
                "component": {
                    "name": None,
                }
            },
        },
        "fx": {
            "mc": {
                "dir": {
                    "path": None,
                },
                "file": {
                    "path": None,
                    "part_of": None,
                    "in_component": None,
                },
                "lib": {
                    "name": None,
                    "description": None,
                    "dep": {
                        "name": None,
                        "detected_by": None
                    },
                },
                "detector": {
                    "name": None,
                },
            },
        },
        "gh": {
            "repo": {
                "url": None,
            }
        },
        "language": {
            "name": None
        },
        "version": {
            "spec": None,
            "type": None
        },
        "vuln": {
            "id": None,
            "version_match": None,
            "summary": None,
            "description": None,
            "class": None,
            "severity": None,
            "info_link": None,
            "affects": None,
            "database": None,
            "detector_name": None,
        },
    },
}