tools-python
tools-python copied to clipboard
spdx
A Python library to parse, validate and create SPDX documents.
@licquia Sorry to bother, but is this project still being actively maintained, or has it been deprecated in favor of the go tools? My team would really like to use...
I tried changing the version of a rdf SBOM from 2.1 to 2.2 by changing the tag SPDX-2.1 to SPDX-2.2. However, the rdf parser still returns a document version of...
Add Files without associated packages, as allowed by the spec but not currently supported in Document class. - [x] unpackaged Files data model & method (`Document.add_file`) - [x] tag/value Writer,...
These changes were necessary to validate against the SPDX jsonschema https://github.com/spdx/spdx-spec/blob/development/v2.2.2/schemas/spdx-schema.json and to include multiple checksums. This is a work in progress. No attention has been given to parsing or...
I have an SBOM that only contains packages, setting FilesAnalyzed to false this should be according to standard. Looking at the SBOM examples from SPDX, this example4 causes the same...
On https://github.com/intel/cve-bin-tool/issues/1382, @anthonyharrison writes: > I am aware of these tools but when I looked at them they didn't work for SPDX v2.2 files (certainly the version in PyPi). and...
