-
Notifications
You must be signed in to change notification settings - Fork 314
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(spdx): Upgrade output to specification version 2.3
Note that this changes serialization of reference categories to use dashes instead of underscores [1]. Continue to accept underscores when deserializing for backward-compatibility, also see the discussion at [2]. Generally, deserialization of SPDX 2.2 is still supported. The diff of `spdx-schema.json` nicely resembles the code changes. Resolves #5445. [1]: https://github.com/spdx/spdx-spec/blob/v2.3/schemas/spdx-schema.json#L325 [2]: CycloneDX/cyclonedx-dotnet-library#267 Signed-off-by: Sebastian Schuberth <[email protected]>
- Loading branch information
1 parent
945593a
commit 5d687da
Showing
12 changed files
with
220 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
{ | ||
"SPDXID" : "SPDXRef-DOCUMENT", | ||
"spdxVersion" : "SPDX-2.2", | ||
"spdxVersion" : "SPDX-2.3", | ||
"creationInfo" : { | ||
"comment" : "some creation info comment", | ||
"created" : "<REPLACE_CREATION_DATE_AND_TIME>", | ||
|
@@ -39,7 +39,7 @@ | |
"copyrightText" : "Copyright 2020 Some copyright holder in VCS\nCopyright 2020 Some copyright holder in source artifact\nCopyright 2020 Some other copyright holder in source artifact", | ||
"downloadLocation" : "https://some-host/first-package.jar", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/first-package-group/[email protected]" | ||
} ], | ||
|
@@ -55,7 +55,7 @@ | |
"copyrightText" : "Copyright 2020 Some copyright holder in VCS\nCopyright 2020 Some copyright holder in source artifact\nCopyright 2020 Some other copyright holder in source artifact", | ||
"downloadLocation" : "git+ssh://github.com/path/first-package-repo.git@deadbeef#project-path", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/first-package-group/[email protected]" | ||
} ], | ||
|
@@ -80,7 +80,7 @@ | |
"copyrightText" : "Copyright 2020 Some copyright holder in VCS\nCopyright 2020 Some copyright holder in source artifact\nCopyright 2020 Some other copyright holder in source artifact", | ||
"downloadLocation" : "https://some-host/first-package-sources.jar", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/first-package-group/[email protected]" | ||
} ], | ||
|
@@ -96,7 +96,7 @@ | |
"copyrightText" : "NONE", | ||
"downloadLocation" : "NONE", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/fourth-package-group/[email protected]" | ||
} ], | ||
|
@@ -112,7 +112,7 @@ | |
"copyrightText" : "NONE", | ||
"downloadLocation" : "NONE", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/second-package-group/[email protected]" | ||
} ], | ||
|
@@ -128,7 +128,7 @@ | |
"copyrightText" : "Copyright 2020 Some copyright holder in source artifact", | ||
"downloadLocation" : "NONE", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/seventh-package-group/[email protected]" | ||
} ], | ||
|
@@ -148,7 +148,7 @@ | |
"copyrightText" : "Copyright 2020 Some copyright holder in source artifact", | ||
"downloadLocation" : "https://some-host/seventh-package-sources.jar", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/seventh-package-group/[email protected]" | ||
} ], | ||
|
@@ -169,7 +169,7 @@ | |
"copyrightText" : "NONE", | ||
"downloadLocation" : "NONE", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/sixth-package-group/[email protected]" | ||
} ], | ||
|
@@ -185,7 +185,7 @@ | |
"copyrightText" : "NONE", | ||
"downloadLocation" : "NONE", | ||
"externalRefs" : [ { | ||
"referenceCategory" : "PACKAGE_MANAGER", | ||
"referenceCategory" : "PACKAGE-MANAGER", | ||
"referenceType" : "purl", | ||
"referenceLocator" : "pkg:maven/third-package-group/[email protected]" | ||
} ], | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
--- | ||
SPDXID: "SPDXRef-DOCUMENT" | ||
spdxVersion: "SPDX-2.2" | ||
spdxVersion: "SPDX-2.3" | ||
creationInfo: | ||
comment: "some creation info comment" | ||
created: "<REPLACE_CREATION_DATE_AND_TIME>" | ||
|
@@ -49,7 +49,7 @@ packages: | |
\ in source artifact" | ||
downloadLocation: "https://some-host/first-package.jar" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/first-package-group/[email protected]" | ||
filesAnalyzed: false | ||
|
@@ -67,7 +67,7 @@ packages: | |
\ in source artifact" | ||
downloadLocation: "git+ssh://github.com/path/first-package-repo.git@deadbeef#project-path" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/first-package-group/[email protected]" | ||
filesAnalyzed: true | ||
|
@@ -95,7 +95,7 @@ packages: | |
\ in source artifact" | ||
downloadLocation: "https://some-host/first-package-sources.jar" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/first-package-group/[email protected]" | ||
filesAnalyzed: false | ||
|
@@ -111,7 +111,7 @@ packages: | |
copyrightText: "NONE" | ||
downloadLocation: "NONE" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/fourth-package-group/[email protected]" | ||
filesAnalyzed: false | ||
|
@@ -125,7 +125,7 @@ packages: | |
copyrightText: "NONE" | ||
downloadLocation: "NONE" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/second-package-group/[email protected]" | ||
filesAnalyzed: false | ||
|
@@ -139,7 +139,7 @@ packages: | |
copyrightText: "Copyright 2020 Some copyright holder in source artifact" | ||
downloadLocation: "NONE" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/seventh-package-group/[email protected]" | ||
filesAnalyzed: false | ||
|
@@ -156,7 +156,7 @@ packages: | |
copyrightText: "Copyright 2020 Some copyright holder in source artifact" | ||
downloadLocation: "https://some-host/seventh-package-sources.jar" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/seventh-package-group/[email protected]" | ||
filesAnalyzed: true | ||
|
@@ -177,7 +177,7 @@ packages: | |
copyrightText: "NONE" | ||
downloadLocation: "NONE" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/sixth-package-group/[email protected]" | ||
filesAnalyzed: false | ||
|
@@ -191,7 +191,7 @@ packages: | |
copyrightText: "NONE" | ||
downloadLocation: "NONE" | ||
externalRefs: | ||
- referenceCategory: "PACKAGE_MANAGER" | ||
- referenceCategory: "PACKAGE-MANAGER" | ||
referenceType: "purl" | ||
referenceLocator: "pkg:maven/third-package-group/[email protected]" | ||
filesAnalyzed: false | ||
|
Oops, something went wrong.