You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
licenseDeclared uses & and | between licenses. Where are as the expected usage is AND OR
license identifiers are not compatible, might be because of the source itself. For example GPLv2 in generated spdx but expected is GPL-2.0-only
generates this warning " license_expression must only use IDs from the license list or extracted licensing info"
3)externalPackageRef type in category SECURITY must be one of ['cpe22Type', 'cpe23Type', 'advisory', 'fix', 'url', 'swid'], but is: http://spdx.org/rdf/references/cpe23Type
4)externalPackageRef type in category SECURITY must be one of ['cpe22Type', 'cpe23Type', 'advisory', 'fix', 'url', 'swid'], but is: http://spdx.org/rdf/references/cpe23Type
The text was updated successfully, but these errors were encountered:
There are a bunch of warning with generated spdx files and fails SBOM NTIA minimum element conformance. (https://tools.spdx.org/app/ntia_checker/))
generates this warning " license_expression must only use IDs from the license list or extracted licensing info"
3)externalPackageRef type in category SECURITY must be one of ['cpe22Type', 'cpe23Type', 'advisory', 'fix', 'url', 'swid'], but is: http://spdx.org/rdf/references/cpe23Type
4)externalPackageRef type in category SECURITY must be one of ['cpe22Type', 'cpe23Type', 'advisory', 'fix', 'url', 'swid'], but is: http://spdx.org/rdf/references/cpe23Type
The text was updated successfully, but these errors were encountered: