Sync with original repository#1
Merged
AlfredoEspinosa merged 175 commits intoAlfredoEspinosa:masterfrom Jun 25, 2025
Merged
Conversation
Resolves issue #57 Signed-off-by: Gary O'Neall <[email protected]>
Signed-off-by: Gary O'Neall <[email protected]>
Signed-off-by: Gary O'Neall <[email protected]>
Generation missing required properties for arrays
Signed-off-by: Gary O'Neall <[email protected]>
Signed-off-by: Gary O'Neall <[email protected]>
Signed-off-by: Gary O'Neall <[email protected]>
Signed-off-by: Gary O'Neall <[email protected]>
Update ToolsJava to support spec version 2.3
Signed-off-by: Gary O'Neall <[email protected]>
Signed-off-by: Armin Tänzer <[email protected]>
Signed-off-by: Armin Tänzer <[email protected]>
updated README to reflect the new file names and structures
Resolves issue #74 Signed-off-by: Gary O'Neall <[email protected]>
Verify JSON against version specific schema files
* Fix compare spreadsheet name normalization Signed-off-by: Gary O'Neall <[email protected]> * Additional checks for compares - Check creator comment differences - Check to make sure there are no duplicate document namespaces Signed-off-by: Gary O'Neall <[email protected]> * Remove temp file Signed-off-by: Gary O'Neall <[email protected]> * Update POM file with the latest library dependencies Signed-off-by: Gary O'Neall <[email protected]> * Use unique document URI's for all test files Signed-off-by: Gary O'Neall <[email protected]> Signed-off-by: Gary O'Neall <[email protected]>
Allows for both dashes and underscores in enumeration values Signed-off-by: Gary O'Neall <[email protected]>
Update JSON schema
Signed-off-by: Gary O'Neall <[email protected]>
Add dependency-check util to POM file
Signed-off-by: Gary O'Neall <[email protected]>
Update library version
Signed-off-by: Gary O'Neall <[email protected]>
See spdx/spdx-spec#795 for context on documentDescribes See spdx/spdx-spec#792 for context on enum underscores Signed-off-by: Gary O'Neall <[email protected]>
Update schema generator for required fields
Signed-off-by: Gary O'Neall <[email protected]>
Signed-off-by: Gary O'Neall <[email protected]>
Add support for RDF Turtle format
Signed-off-by: Gary O'Neall <[email protected]>
Add extra checks for NPE on getUri()
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Check content of local schema file with the remote location. Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
- URI.created().toURL() is available since Java 1.4 - new URL() (constructor) is deprecated in Java 20 Signed-off-by: Arthit Suriyawongkul <[email protected]>
- java-spdx-library to 2.0.0 - spdx-rdf-store to 2.0.0 - spdx-jackson-store to 2.0.0 - spdx-spreadsheet-store to 2.0.0 - spdx-tagvalue-store to 2.0.0 - spdx-v3jsonld-store to 1.0.0 Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Use URI.create().toURL() instead of the deprecated URL() constructor
Fixes an issue where the compare fails if run on a windows environment where CRLF is used instead of LF
Signed-off-by: Arthit Suriyawongkul <[email protected]>
Fixes #201 Later versions of the shade plugin strip out the dependencies in the POM file.
- Update JAR name in command line examples to version 2.0.0 - Fix few Markdown issues - Add Javadoc link
Update README examples with new release versions
Signed-off-by: Arthit Suriyawongkul <[email protected]>
For Wolfi container at cgr.dev/chainguard/wolfi-base, trivy for spdx json SBOM generates
```json
{
"name": "wolfi",
"SPDXID": "SPDXRef-OperatingSystem-2bccf727fe0bc7f8",
"versionInfo": "20230201",
"downloadLocation": "NONE",
"filesAnalyzed": false,
"primaryPackagePurpose": "OPERATING-SYSTEM",
"annotations": [
{
"annotator": "Tool: trivy-0.62.1",
"annotationDate": "2025-05-28T17:07:25Z",
"annotationType": "OTHER",
"comment": "Class: os-pkgs"
},
{
"annotator": "Tool: trivy-0.62.1",
"annotationDate": "2025-05-28T17:07:25Z",
"annotationType": "OTHER",
"comment": "Type: wolfi"
}
]
}
```
Which fails validating with tools-java because "OPERATING-SYSTEM" value is with a dash, which matches the spec at https://spdx.github.io/spdx-spec/v2.3/package-information/#724-primary-package-purpose-field
Given tools in wild follow the spec, imho it is relatively safe to update the schema here.
Note we have PACKAGE_MANAGER PACKAGE-MANAGER saga before, so do help
me validating any other tools that might be impacted, so far I see
this schema file being the only one out of line.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync with original repository