Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Align SPDX export more with SPDX 2.2 specification #743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 13, 2022
Merged

Align SPDX export more with SPDX 2.2 specification #743

merged 4 commits into from
Jan 13, 2022

Conversation

@kzantow
Copy link
Contributor

@kzantow kzantow commented Jan 11, 2022
edited
Loading

This aligns the SPDX output more correctly with the SPDX 2.2 spec.

These changes are required for Syft's generated SPDX to import properly using the spdx/tools-golang jsonloader

Links to some pertinent resources:

@kzantow
Fix some SPDX export issues
538d7cd 
Signed-off-by: Keith Zantow <[email protected]>
@kzantow kzantow changed the title Fix some SPDX export issues [WiP] Fix some SPDX export issues Jan 12, 2022
@kzantow
Fix originator + tests
1b648bb 
Signed-off-by: Keith Zantow <[email protected]>
@kzantow
One more minor spec issue
164d57c 
Signed-off-by: Keith Zantow <[email protected]>
@kzantow kzantow mentioned this pull request Jan 12, 2022
Merged
@kzantow kzantow changed the title [WiP] Fix some SPDX export issues Align SPDX export more with SPDX 2.2 specification Jan 12, 2022
kzantow
kzantow commented Jan 12, 2022
View reviewed changes
internal/formats/common/spdxhelpers/origintor.go
return ""
case pkg.RpmdbMetadata:
return metadata.Vendor
return "Organization: " + metadata.Vendor
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this also be Person: ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we won't be able to tell 100% of the time (org is a good guess)

kzantow
kzantow commented Jan 12, 2022
View reviewed changes
internal/formats/spdx22json/model/element.go
SPDXID string `json:"SPDXID"`
// Identify name of this SpdxElement.
Name string `json:"name"`
Name string `json:"name,omitempty"`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this will have other adverse effects since it is used by things such as spdx22json.Package .Item.Element but not allowed in spdx22json.File, something like this is needed.

@kzantow
cleanjup
e105e29 
Signed-off-by: Keith Zantow <[email protected]>
@kzantow kzantow marked this pull request as ready for review January 13, 2022 20:26
@kzantow kzantow merged commit f59af25 into anchore:main Jan 13, 2022
@kzantow kzantow deleted the spdx-export-issues branch January 13, 2022 20:27
spiffcs added a commit that referenced this pull request Jan 19, 2022
@spiffcs
Merge branch 'hectorj2f/add_dependencies_to_cyclonedx' of https://git…
1a1e9f7 
…hub.com/hectorj2f/syft into hectorj2f/add_dependencies_to_cyclonedx

* 'hectorj2f/add_dependencies_to_cyclonedx' of https://github.com/hectorj2f/syft: (29 commits)
  Improve CycloneDX format output (#710)
  Add additional PHP metadata (#753)
  Update Syft formats for SyftJson (#752)
  Add support for "file" source type in syftjson unmarshaling (#750)
  remove contains file from spdx dependency generation
  support .sar for java ecosystem (#748)
  Start developer documentation (#746)
  Align SPDX export more with SPDX 2.2 specification (#743)
  Replace distro type (#742)
  update goreleaser with windows checksums (#740)
  bump stereoscope version to remove old containerd (#741)
  Add support for multiple output files in different formats (#732)
  Add support for searching for jars within archives (#734)
  683 windows filepath (#735)
  Fix CPE encode/decode when it contains special chars (#714)
  support .par for java ecosystems (#727)
  Add arm64 support to install script (#729)
  Revert "bump goreleaser to v1.2 (#720)" (#731)
  Add a version flag (#722)
  Add lpkg as java package format (#694)
  ...
fengshunli pushed a commit to fengshunli/syft that referenced this pull request Jan 24, 2022
@kzantow @fengshunli
Align SPDX export more with SPDX 2.2 specification (anchore#743)
90cfbbd 
Signed-off-by: fsl <[email protected]>
spiffcs pushed a commit that referenced this pull request Jan 24, 2022
@kzantow @spiffcs
Align SPDX export more with SPDX 2.2 specification (#743)
f9240e5 
Signed-off-by: Christopher Phillips <[email protected]>
spiffcs pushed a commit that referenced this pull request Jan 25, 2022
@kzantow @spiffcs
Align SPDX export more with SPDX 2.2 specification (#743)
b3725ee
jonasagx pushed a commit to jonasagx/syft that referenced this pull request Jan 28, 2022
@kzantow @jonasagx
Align SPDX export more with SPDX 2.2 specification (anchore#743)
3c95226
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
Align SPDX export more with SPDX 2.2 specification (anchore#743)
240f050
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kzantow @wagoodman