# Using CycloneDX namespaces with Amazon Inspector
<a name="cyclonedx-namespace"></a>

 Amazon Inspector provides you with CycloneDX namespaces and property names that you can use with SBOMs. This section describes all of the custom key/value properties that might be added to components in CycloneDX SBOMs. For more information, see [CycloneDX property taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy) on the GitHub website. 

## `amazon:inspector:sbom_scanner` namespace taxonomy
<a name="scan-namespaces"></a>

 The Amazon Inspector Scan API uses the `amazon:inspector:sbom_scanner` namespace and has the following properties: 


| **Property** | **Description** | 
| --- | --- | 
| amazon:inspector:sbom\$1scanner:cisa\$1kev\$1date\$1added | Indicates when the vulnerability was added to the CISA Known Exploited Vulnerabilities catalog. | 
| amazon:inspector:sbom\$1scanner:cisa\$1kev\$1date\$1due | Indicates when the vulnerability fix is due according to the CISA Known Exploited Vulnerabilities catalog. | 
| amazon:inspector:sbom\$1scanner:critical\$1vulnerabilities | Count of the total number of critical severity vulnerabilities found in the SBOM. | 
| amazon:inspector:sbom\$1scanner:exploit\$1available | Indicates if an exploit is available for the given vulnerability. | 
| amazon:inspector:sbom\$1scanner:exploit\$1last\$1seen\$1in\$1public | Indicates when an exploit was last seen in public for the given vulnerability. | 
| amazon:inspector:sbom\$1scanner:fixed\$1version:component\$1bom\$1ref | Provides the fixed version of the indicated component for the given vulnerability. | 
| amazon:inspector:sbom\$1scanner:high\$1vulnerabilities | Count of the total number of high severity vulnerabilities found in the SBOM. | 
| amazon:inspector:sbom\$1scanner:info | Provides scan context for a given component, for example: "Component scanned: no vulnerabilities found." | 
| amazon:inspector:sbom\$1scanner:is\$1malicious | Indicates if OpenSSF identifies affected components as malicious. | 
| amazon:inspector:sbom\$1scanner:low\$1vulnerabilities | Count of the total number of low severity vulnerabilities found in the SBOM. | 
| amazon:inspector:sbom\$1scanner:medium\$1vulnerabilities | Count of the total number of medium severity vulnerabilities found in the SBOM. | 
| amazon:inspector:sbom\$1scanner:path | The path to the file that yields the subject package information. | 
| amazon:inspector:sbom\$1scanner:priority |  The recommended priority for fixing a given vulnerability. The values in descending order are "IMMEDIATE", "URGENT", "MODERATE", and "STANDARD".  | 
| amazon:inspector:sbom\$1scanner:priority\$1intelligence |  The quality of intelligence used to determine the priority for a given vulnerability. The values include "VERIFIED" or "UNVERIFIED".  | 
| amazon:inspector:sbom\$1scanner:warning | Provides context for a why a given component was not scanned, for example: "Component skipped: no purl provided." | 

## `amazon:inspector:sbom_generator` namespace taxonomy
<a name="sbomgen-namespaces"></a>

 The Amazon Inspector SBOM Generator uses the `amazon:inspector:sbom_generator` namespace and has the following properties: 


| **Property** | **Description** | 
| --- | --- | 
| amazon:inspector:sbom\$1generator:cpu\$1architecture | The CPU architecture of the system being inventoried (x86\$164). | 
| amazon:inspector:sbom\$1generator:ec2:instance\$1id | The Amazon EC2 instance ID. | 
| amazon:inspector:sbom\$1generator:ec2:instance\$1type | The Amazon EC2 Instance type | 
| amazon:inspector:sbom\$1generator:live\$1patching\$1enabled | A boolean value indicating whether live patching is enabled on Amazon EC2 Amazon Linux. | 
| amazon:inspector:sbom\$1generator:live\$1patched\$1cves | A list of CVEs patched through live patching on Amazon EC2 Amazon Linux. | 
| amazon:inspector:sbom\$1generator:dockerfile\$1finding:inspector\$1finding\$1id | Indicates that an Amazon Inspector finding in a component is related to Dockerfile checks. | 
| amazon:inspector:sbom\$1generator:image\$1id | The hash belonging to the container image config file (also known as the Image ID). | 
| amazon:inspector:sbom\$1generator:image\$1arch | The architecture of the container image. | 
| amazon:inspector:sbom\$1generator:image\$1author | The author of the container image. | 
| amazon:inspector:sbom\$1generator:image:cmd:count | An absolute directory within the container image defined in default CMD configured at image build time. | 
| amazon:inspector:sbom\$1generator:image:entrypoint:count | An absolute directory within the container image defined in default ENTRYPOINT configured at image build time. | 
| amazon:inspector:sbom\$1generator:image:workdir | The WORKDIR directory of the container image configured at image build time. | 
| amazon:inspector:sbom\$1generator:image\$1docker\$1version | The docker version used to build the container image. | 
| amazon:inspector:sbom\$1generator:is\$1duplicate\$1package | Indicates that the subject package was found by more than one file scanner. | 
| amazon:inspector:sbom\$1generator:duplicate\$1purl | Indicates the duplicated package PURL found by another scanner. | 
| amazon:inspector:sbom\$1generator:kernel\$1name | The kernel name of the system being inventoried. | 
| amazon:inspector:sbom\$1generator:kernel\$1version | The kernel version of the system being inventoried. | 
| amazon:inspector:sbom\$1generator:kernel\$1component | A boolean value indicating whether a subject package is a kernel component | 
| amazon:inspector:sbom\$1generator:running\$1kernel | A boolean value that indicates if a subject package is the running kernel | 
| amazon:inspector:sbom\$1generator:layer\$1diff\$1id | The hash of the uncompressed container image layer. | 
| amazon:inspector:sbom\$1generator:replaced\$1by | The value that replaces the current Go module. | 
| amazon:inspector:sbom\$1generator:os\$1hostname | The hostname of the system being inventoried. | 
| amazon:inspector:sbom\$1generator:source\$1file\$1scanner | The scanner that found the file that contains package information, for example: /var/lib/dpkg/status. | 
| amazon:inspector:sbom\$1generator:source\$1package\$1collector | The collector that extracted the package name and version from a specific file. | 
| amazon:inspector:sbom\$1generator:source\$1path | The path to the file that the subject package information was extracted from. | 
| amazon:inspector:sbom\$1generator:file\$1size\$1bytes | Indicates file size of a given artifact. | 
| amazon:inspector:sbom\$1generator:unresolved\$1version | Indicates a version string that has not been resolved by package manager.. | 
| amazon:inspector:sbom\$1generator:experimental:transitive\$1dependency | Indicates indirect dependencies from a package manager. | 
| amazon:inspector:sbom\$1generator:subscription:enabled | A boolean value indicating whether a subscription is enabled, such as RHEL EUS/E4S or Ubuntu Pro. | 
| amazon:inspector:sbom\$1generator:subscription:name | The name of the active subscription (e.g., EUS, E4S, Pro). | 
| amazon:inspector:sbom\$1generator:subscription:locked\$1version | The version locked by the active RHEL subscription (RHEL EUS/E4S only). | 
| amazon:inspector:sbom\$1generator:metadata:host:hostname | The hostname of the scanned system. | 
| amazon:inspector:sbom\$1generator:metadata:host:kernel\$1name | The kernel name of the operating system (e.g., Linux, Darwin, Windows\$1NT). | 
| amazon:inspector:sbom\$1generator:metadata:host:kernel\$1version | The kernel version string of the operating system. | 
| amazon:inspector:sbom\$1generator:metadata:host:cpu\$1architecture | The CPU architecture of the system (e.g., x86\$164, arm64). | 
| amazon:inspector:sbom\$1generator:metadata:host:bootdisk\$1id | Unique identifier of the boot disk. | 
| amazon:inspector:sbom\$1generator:metadata:host:boot\$1id | Unique identifier for the current boot session. | 
| amazon:inspector:sbom\$1generator:metadata:host:boot\$1time | System boot time in ISO 8601 format. | 
| amazon:inspector:sbom\$1generator:metadata:host:system\$1id | Persistent system identifier (machine-id on Linux, MachineGuid on Windows). | 
| amazon:inspector:sbom\$1generator:metadata:host:system\$1serial | Hardware serial number from system firmware. | 
| amazon:inspector:sbom\$1generator:metadata:host:network\$1interfaces:name:hardware | MAC address of the network interface. | 
| amazon:inspector:sbom\$1generator:metadata:host:network\$1interfaces:name:ipv4 | IPv4 address(es) assigned to the interface. | 
| amazon:inspector:sbom\$1generator:metadata:host:network\$1interfaces:name:ipv6 | IPv6 address(es) assigned to the interface. | 
| amazon:inspector:sbom\$1generator:metadata:host:sbomgen\$1tag:key | Custom user-defined tags passed via the --tag CLI argument. | 
| amazon:inspector:sbom\$1generator:metadata:imds:provider | The cloud provider detected via IMDS (aws, azure). | 
| amazon:inspector:sbom\$1generator:metadata:imds:instance\$1id | The Amazon EC2 instance ID or Azure VM name. | 
| amazon:inspector:sbom\$1generator:metadata:imds:instance\$1type | The instance type (e.g., t3.micro, Standard\$1D2s\$1v3). | 
| amazon:inspector:sbom\$1generator:metadata:imds:instance\$1location | The region/location of the instance. | 
| amazon:inspector:sbom\$1generator:metadata:imds:instance\$1partition | The cloud partition (aws, aws-cn, aws-us-gov for Amazon, or AzurePublicCloud for Azure). | 
| amazon:inspector:sbom\$1generator:metadata:imds:account\$1id | The Amazon account ID of the Amazon EC2 instance, obtained from the instance identity document (Amazon only). | 
| amazon:inspector:sbom\$1generator:metadata:imds:resource\$1type | The type of cloud resource being scanned (e.g., aws\$1ec2\$1instance). | 
| amazon:inspector:sbom\$1generator:metadata:imds:instance\$1managed\$1id | Amazon EC2 Systems Manager managed instance ID (Amazon only). | 
| amazon:inspector:sbom\$1generator:metadata:imds:tenant\$1id | Azure tenant ID (Azure only). | 
| amazon:inspector:sbom\$1generator:metadata:imds:resource\$1group | The Azure resource group the instance belongs to (Azure only). | 
| amazon:inspector:sbom\$1generator:metadata:imds:subscription\$1id | The Azure subscription ID associated with the instance (Azure only). | 
| amazon:inspector:sbom\$1generator:metadata:imds:vm\$1id | Azure VM unique identifier (Azure only). | 
| amazon:inspector:sbom\$1generator:metadata:host:open\$1port:port:protocol | Indicates an open port of a runtime resource (i.e. EC2) | 
| amazon:inspector:sbom\$1generator:hardened\$1image:vendor | The vendor of a hardened container image |