Skip to content

Commit

Permalink
feat(spdx): Upgrade output to specification version 2.3
Browse files Browse the repository at this point in the history
Note that this changes serialization of reference categories to use
dashes instead of underscores [1]. Continue to accept underscores when
deserializing for backward-compatibility, also see the discussion at
[2]. Generally, deserialization of SPDX 2.2 is still supported.

The diff of `spdx-schema.json` nicely resembles the code changes.

Resolves #5445.

[1]: https://github.com/spdx/spdx-spec/blob/v2.3/schemas/spdx-schema.json#L325
[2]: CycloneDX/cyclonedx-dotnet-library#267

Signed-off-by: Sebastian Schuberth <[email protected]>
  • Loading branch information
sschuberth committed Nov 9, 2023
1 parent 945593a commit 5d687da
Show file tree
Hide file tree
Showing 12 changed files with 220 additions and 65 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -732,7 +732,7 @@ following formats are supported (reporter names are case-insensitive):
* Customizable with [Apache Freemarker](https://freemarker.apache.org/) templates
* Opossum input that can be visualized and edited in the [OpossumUI](https://github.com/opossum-tool/opossumUI)
(`-f Opossum`)
* [SPDX Document](https://spdx.dev/specifications/), version 2.2 (`-f SpdxDocument`)
* [SPDX Document](https://spdx.dev/specifications/), version 2.3 (`-f SpdxDocument`)
* Static HTML (`-f StaticHtml`)
* [TrustSource](https://www.trustsource.io/) JSON file (`-f TrustSource`)
* Use this as an alternative to [ts-scan](https://github.com/TrustSource/ts-scan) for support of more build systems.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"SPDXID" : "SPDXRef-DOCUMENT",
"spdxVersion" : "SPDX-2.2",
"spdxVersion" : "SPDX-2.3",
"creationInfo" : {
"comment" : "some creation info comment",
"created" : "<REPLACE_CREATION_DATE_AND_TIME>",
Expand Down Expand Up @@ -39,7 +39,7 @@
"copyrightText" : "Copyright 2020 Some copyright holder in VCS\nCopyright 2020 Some copyright holder in source artifact\nCopyright 2020 Some other copyright holder in source artifact",
"downloadLocation" : "https://some-host/first-package.jar",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/first-package-group/[email protected]"
} ],
Expand All @@ -55,7 +55,7 @@
"copyrightText" : "Copyright 2020 Some copyright holder in VCS\nCopyright 2020 Some copyright holder in source artifact\nCopyright 2020 Some other copyright holder in source artifact",
"downloadLocation" : "git+ssh://github.com/path/first-package-repo.git@deadbeef#project-path",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/first-package-group/[email protected]"
} ],
Expand All @@ -80,7 +80,7 @@
"copyrightText" : "Copyright 2020 Some copyright holder in VCS\nCopyright 2020 Some copyright holder in source artifact\nCopyright 2020 Some other copyright holder in source artifact",
"downloadLocation" : "https://some-host/first-package-sources.jar",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/first-package-group/[email protected]"
} ],
Expand All @@ -96,7 +96,7 @@
"copyrightText" : "NONE",
"downloadLocation" : "NONE",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/fourth-package-group/[email protected]"
} ],
Expand All @@ -112,7 +112,7 @@
"copyrightText" : "NONE",
"downloadLocation" : "NONE",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/second-package-group/[email protected]"
} ],
Expand All @@ -128,7 +128,7 @@
"copyrightText" : "Copyright 2020 Some copyright holder in source artifact",
"downloadLocation" : "NONE",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/seventh-package-group/[email protected]"
} ],
Expand All @@ -148,7 +148,7 @@
"copyrightText" : "Copyright 2020 Some copyright holder in source artifact",
"downloadLocation" : "https://some-host/seventh-package-sources.jar",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/seventh-package-group/[email protected]"
} ],
Expand All @@ -169,7 +169,7 @@
"copyrightText" : "NONE",
"downloadLocation" : "NONE",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/sixth-package-group/[email protected]"
} ],
Expand All @@ -185,7 +185,7 @@
"copyrightText" : "NONE",
"downloadLocation" : "NONE",
"externalRefs" : [ {
"referenceCategory" : "PACKAGE_MANAGER",
"referenceCategory" : "PACKAGE-MANAGER",
"referenceType" : "purl",
"referenceLocator" : "pkg:maven/third-package-group/[email protected]"
} ],
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
SPDXID: "SPDXRef-DOCUMENT"
spdxVersion: "SPDX-2.2"
spdxVersion: "SPDX-2.3"
creationInfo:
comment: "some creation info comment"
created: "<REPLACE_CREATION_DATE_AND_TIME>"
Expand Down Expand Up @@ -49,7 +49,7 @@ packages:
\ in source artifact"
downloadLocation: "https://some-host/first-package.jar"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/first-package-group/[email protected]"
filesAnalyzed: false
Expand All @@ -67,7 +67,7 @@ packages:
\ in source artifact"
downloadLocation: "git+ssh://github.com/path/first-package-repo.git@deadbeef#project-path"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/first-package-group/[email protected]"
filesAnalyzed: true
Expand Down Expand Up @@ -95,7 +95,7 @@ packages:
\ in source artifact"
downloadLocation: "https://some-host/first-package-sources.jar"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/first-package-group/[email protected]"
filesAnalyzed: false
Expand All @@ -111,7 +111,7 @@ packages:
copyrightText: "NONE"
downloadLocation: "NONE"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/fourth-package-group/[email protected]"
filesAnalyzed: false
Expand All @@ -125,7 +125,7 @@ packages:
copyrightText: "NONE"
downloadLocation: "NONE"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/second-package-group/[email protected]"
filesAnalyzed: false
Expand All @@ -139,7 +139,7 @@ packages:
copyrightText: "Copyright 2020 Some copyright holder in source artifact"
downloadLocation: "NONE"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/seventh-package-group/[email protected]"
filesAnalyzed: false
Expand All @@ -156,7 +156,7 @@ packages:
copyrightText: "Copyright 2020 Some copyright holder in source artifact"
downloadLocation: "https://some-host/seventh-package-sources.jar"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/seventh-package-group/[email protected]"
filesAnalyzed: true
Expand All @@ -177,7 +177,7 @@ packages:
copyrightText: "NONE"
downloadLocation: "NONE"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/sixth-package-group/[email protected]"
filesAnalyzed: false
Expand All @@ -191,7 +191,7 @@ packages:
copyrightText: "NONE"
downloadLocation: "NONE"
externalRefs:
- referenceCategory: "PACKAGE_MANAGER"
- referenceCategory: "PACKAGE-MANAGER"
referenceType: "purl"
referenceLocator: "pkg:maven/third-package-group/[email protected]"
filesAnalyzed: false
Expand Down
Loading

0 comments on commit 5d687da

Please sign in to comment.