What happened:
The SPDX spec requires the DocumentName field, which is not present.

Related: the namespace is the same for all documents (e.g. https://anchore.com/syft/image/), which currently goes against the spec indicating it should be uniquely identifiable. Presumably the DocumentName would also be used as part of the DocumentNamespace.

NOTE: this is important in order to properly cross-reference SPDX files using the relationship field.

ALSO NOTE: this happens when using a directory scan but this information is included if scanning a container image, however I do not believe the DocumentNamespace is correct, it does not have a UUID.

What you expected to happen:
A unique DocumentNamespace is generated and somehow a DocumentName is included or allowed to be specified from the command line.

How to reproduce it (as minimally and precisely as possible):
syft packages dir:. -o spdx

Anything else we need to know?:
Pertinent directory scan output snippet:

SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentNamespace: https://anchore.com/syft/image/
LicenseListVersion: 3.14
Creator: Organization: Anchore, Inc
Creator: Tool: syft-0.21.0
Created: 2021-09-08T01:45:39Z

##### Package: chownr
...

Image scan output snippet:

SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: alpine:latest
DocumentNamespace: https://anchore.com/syft/image/alpine:latest
LicenseListVersion: 3.14
Creator: Organization: Anchore, Inc
Creator: Tool: syft-0.21.0
Created: 2021-09-08T16:40:41Z

##### Package: alpine-baselayout
...

Environment:

• Output of syft version: 0.21.0
• OS (e.g: cat /etc/os-release or similar):