SWID
Software Identification (SWID) Tags, defined by the ISO/IEC 19770-2:2015 standard, promise to be an important step towards such a goal. SWID Tags provide a transparent way for organizations to track the software installed on their managed devices. SWID Tag files contain descriptive information about a specific release of a software product.
This section defines common tags that may be consumed by assemblers.
Configuration
Legend:
-
required
-
optional
-
may use environment variable
-
accepts Name Templates
catalog:
#
swid:
# Tags require a name.
#
mytag:
# Enables or disables the tag.
# Supported values are [`NEVER`, `ALWAYS`, `RELEASE`, `SNAPSHOT`].
# Defaults to `NEVER`.
#
active: ALWAYS
# Path where the tag file will be placed.
# Defaults to `SWIDTAG`.
#
path: SWID
# A globally unique identifier and should be assigned a GUID reference.
# Defaults to a UUID generated with `groupId`, `artifactId`, `version`, `vendor`.
#
tagId: c526ec37-2715-328e-8bbc-4eb5a9f47c98
# Indicates if a specific release of a software product has more than one tag that can represent that specific release.
# Defaults to `1`.
#
tagVersion: 2
# Language used in the tag document.
# Defaults to `en-US`.
#
lang: de
# If this SWID tag is a collection of information that describes the pre-installation data of software component.
# Defaults to `false`.
#
corpus: true
# If this SWID tag describes a product patch or modification to a different software element.
# Defaults to `false`.
#
patch: false
# List of organizations related to the software component referenced by this SWID tag.
#
entities:
# name of the organization claiming a particular role in the SWID tag.
#
- name: Acme
# URI of the claiming organization.
# Defaults to `http://invalid.unavailable`.
#
regid: https://acme.com
# The relationship between this organization and this tag e.g. tag, `softwareCreator`, `licensor`, `tagCreator`, etc.
# The role of `tagCreator` is required for every SWID tag. May include any role value, but the pre-defined roles
# include: `aggregator`, `distributor`, `licensor`, `softwareCreator`, `tagCreator`.
# Other roles will be defined as the market uses the SWID tags.
# Defaults to [`tagCreator`, `softwareCreator`].
#
roles:
- tagCreator
- softwareCreator# Tags require a name.
#
[catalog.swid.mytag]
# Enables or disables the tag.
# Supported values are [`NEVER`, `ALWAYS`, `RELEASE`, `SNAPSHOT`].
# Defaults to `NEVER`.
#
active = "ALWAYS"
# Path where the tag file will be placed.
# Defaults to `SWIDTAG`.
#
path = "SWID"
# A globally unique identifier and should be assigned a GUID reference.
# Defaults to a UUID generated with `groupId`, `artifactId`, `version`, `vendor`.
#
tagId = "c526ec37-2715-328e-8bbc-4eb5a9f47c98"
# Indicates if a specific release of a software product has more than one tag that can represent that specific release.
# Defaults to `1`.
#
tagVersion = 2
# Language used in the tag document.
# Defaults to `en-US`.
#
lang = "de"
# If this SWID tag is a collection of information that describes the pre-installation data of software component.
# Defaults to `false`.
#
corpus = true
# If this SWID tag describes a product patch or modification to a different software element.
# Defaults to `false`.
#
patch = false
# List of organizations related to the software component referenced by this SWID tag.
#
# name of the organization claiming a particular role in the SWID tag.
#
name = "Acme"
# URI of the claiming organization.
# Defaults to `http://invalid.unavailable`.
#
regid = "https://acme.com"
# The relationship between this organization and this tag e.g. tag, `softwareCreator`, `licensor`, `tagCreator`, etc.
# The role of `tagCreator` is required for every SWID tag. May include any role value, but the pre-defined roles
# include: `aggregator`, `distributor`, `licensor`, `softwareCreator`, `tagCreator`.
# Other roles will be defined as the market uses the SWID tags.
# Defaults to [`tagCreator`, `softwareCreator`].
#
roles = ["tagCreator", "softwareCreator"]{
"catalog": {
//
"swid": {
// Tags require a name.
//
"mytag": {
// Enables or disables the tag.
// Supported values are [`NEVER`, `ALWAYS`, `RELEASE`, `SNAPSHOT`].
// Defaults to `NEVER`.
//
"active": "ALWAYS",
// Path where the tag file will be placed.
// Defaults to `SWIDTAG`.
//
"path": "SWID",
// A globally unique identifier and should be assigned a GUID reference.
// Defaults to a UUID generated with `groupId`, `artifactId`, `version`, `vendor`.
//
"tagId": "c526ec37-2715-328e-8bbc-4eb5a9f47c98",
// Indicates if a specific release of a software product has more than one tag that can represent that specific release.
// Defaults to `1`.
//
"tagVersion": 2,
// Language used in the tag document.
// Defaults to `en-US`.
//
"lang": "de",
// If this SWID tag is a collection of information that describes the pre-installation data of software component.
// Defaults to `false`.
//
"corpus": true,
// If this SWID tag describes a product patch or modification to a different software element.
// Defaults to `false`.
//
"patch": false,
// List of organizations related to the software component referenced by this SWID tag.
//
"entities": [
{
// name of the organization claiming a particular role in the SWID tag.
//
"name": "Acme",
// URI of the claiming organization.
// Defaults to `http://invalid.unavailable`.
//
"regid": "https://acme.com",
// The relationship between this organization and this tag e.g. tag, `softwareCreator`, `licensor`, `tagCreator`, etc.
// The role of `tagCreator` is required for every SWID tag. May include any role value, but the pre-defined roles
// include: `aggregator`, `distributor`, `licensor`, `softwareCreator`, `tagCreator`.
// Other roles will be defined as the market uses the SWID tags.
// Defaults to [`tagCreator`, `softwareCreator`].
//
"roles": [
"tagCreator",
"softwareCreator"
]
}
]
}
}
}
}<jreleaser>
<!--
-->
<catalog>
<!--
-->
<swid>
<!--
Tags require a name.
-->
<mytag>
<!--
Enables or disables the tag.
Supported values are [`NEVER`, `ALWAYS`, `RELEASE`, `SNAPSHOT`].
Defaults to `NEVER`.
-->
<active>ALWAYS</active>
<!--
Path where the tag file will be placed.
Defaults to `SWIDTAG`.
-->
<path>SWID</path>
<!--
A globally unique identifier and should be assigned a GUID reference.
Defaults to a UUID generated with `groupId`, `artifactId`, `version`, `vendor`.
-->
<tagId>c526ec37-2715-328e-8bbc-4eb5a9f47c98</tagId>
<!--
Indicates if a specific release of a software product has more than one tag that can represent that specific release.
Defaults to `1`.
-->
<tagVersion>2</tagVersion>
<!--
Language used in the tag document.
Defaults to `en-US`.
-->
<lang>de</lang>
<!--
If this SWID tag is a collection of information that describes the pre-installation data of software component.
Defaults to `false`.
-->
<corpus>true</corpus>
<!--
If this SWID tag describes a product patch or modification to a different software element.
Defaults to `false`.
-->
<patch>false</patch>
<!--
List of organizations related to the software component referenced by this SWID tag.
-->
<entities>
<entity>
<!--
name of the organization claiming a particular role in the SWID tag.
-->
<name>Acme</name>
<!--
URI of the claiming organization.
Defaults to `http://invalid.unavailable`.
-->
<regid>https://acme.com</regid>
<!--
The relationship between this organization and this tag e.g. tag, `softwareCreator`, `licensor`, `tagCreator`, etc.
The role of `tagCreator` is required for every SWID tag. May include any role value, but the pre-defined roles
include: `aggregator`, `distributor`, `licensor`, `softwareCreator`, `tagCreator`.
Other roles will be defined as the market uses the SWID tags.
Defaults to [`tagCreator`, `softwareCreator`].
-->
<roles>
<role>tagCreator</role>
<role>softwareCreator</role>
</roles>
</entity>
</entities>
</swid-tag>
</swid>
</catalog>
</jreleaser>jreleaser {
catalog {
//
swid {
// Tags require a name.
//
mytag {
// Enables or disables the tag.
// Supported values are [`NEVER`, `ALWAYS`, `RELEASE`, `SNAPSHOT`].
// Defaults to `NEVER`.
//
active = 'ALWAYS'
// Path where the tag file will be placed.
// Defaults to `SWIDTAG`.
//
path = 'SWID'
// A globally unique identifier and should be assigned a GUID reference.
// Defaults to a UUID generated with `groupId`, `artifactId`, `version`, `vendor`.
//
tagId = 'c526ec37-2715-328e-8bbc-4eb5a9f47c98'
// Indicates if a specific release of a software product has more than one tag that can represent that specific release.
// Defaults to `1`.
//
tagVersion = 2
// Language used in the tag document.
// Defaults to `en-US`.
//
lang = 'de'
// If this SWID tag is a collection of information that describes the pre-installation data of software component.
// Defaults to `false`.
//
corpus = true
// If this SWID tag describes a product patch or modification to a different software element.
// Defaults to `false`.
//
patch = false
// List of organizations related to the software component referenced by this SWID tag.
//
entity {
// name of the organization claiming a particular role in the SWID tag.
//
name = 'Acme'
// URI of the claiming organization.
// Defaults to `http://invalid.unavailable`.
//
regid = 'https://acme.com'
// The relationship between this organization and this tag e.g. tag, `softwareCreator`, `licensor`, `tagCreator`, etc.
// The role of `tagCreator` is required for every SWID tag. May include any role value, but the pre-defined roles
// include: `aggregator`, `distributor`, `licensor`, `softwareCreator`, `tagCreator`.
// Other roles will be defined as the market uses the SWID tags.
// Defaults to [`tagCreator`, `softwareCreator`].
//
role('tagCreator')
role('softwareCreator')
}
}
}
}
}Environment
When not explicitly set, the value of the following properties may be resolved from an environment variable or a system property as shown in the table. The system property takes precedence over the environment variable.
| System Property | Environment Variable |
|---|---|
active |
|
jreleaser.catalog.swid.${name}.active |
JRELEASER_CATALOG_SWID_${name}_ACTIVE |