assessedElement to target SoftwareArtifact instead of Element #911
Labels
Profile:Security
Security Profile and related matters
Comments
bact
added
Profile:Security
zvr
changed the title
|
I think the target should be Since in the future we might have security info for other, non-software artifacts. |
|
Note - that if we make this more restrictive, it will be a breaking change, so this will have to be in either 3.0.1 or 4.0. |
|
Having it as Element is going to provide more flexibility for future profiles. Ok to discuss further but at this point it's going to 4.0 related change. For instance, we could have an assessedElement on a Role or Relationship type which are not artifacts. |
|
Removing the milestone until this is discussed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From /Security/assessedElement:
"Specifies subpackages, files or snippets ..."
If it's limited to only packages, files and snippets then why its target is Element and not SoftwareArtifact?
Package, File and Snippet are the only subclasses of SoftwareArtifact.
The text was updated successfully, but these errors were encountered: