tools-python
tools-python copied to clipboard
spdx
A Python library to parse, validate and create SPDX documents.
We've developed a simple tool for generating a software bill of materials from a Python project, intended to be quick and simple. I've submitted it as PR #170.
See https://blog.ionelmc.ro/2014/05/25/python-packaging/ for a rationale
This should be done after we have a clean slate wrt. in flight PRs to avoid disruptions
I am not sure if this tool is currently being developed and maintained. The online checking tool works okay for a sample SPDX file that I am using - the...
An authors file is needed to list and thank people who have contributed to the project.
_has_optional_field(field)_ verifies whether the value of _field_ is not None. But, some attributes are sometimes initialized as some default/empty object, like an empty list. In that example, _has_optional_field(field)_ will always...
PackageName:spdx-tools SPDXID: SPDXRef-spdx-tools-0.6.1 PackageSupplier: Person:Ahmed H. Ismail PackageVersion: 0.6.1 Is throwing an exception on this spdx SBOM data: https://raw.githubusercontent.com/rjb4standards/REA-Products/master/SAG-DBOMPOC-SBOM.spdx Here is the exception I'm seeing: 'builtin_function_or_method' object is not subscriptable
Using the tools.spdx.dev and feeding in file: > SPDXVersion: SPDX-2.2 > DataLicense: CC0-1.0 > SPDXID: SPDXRef-DOCUMENT-SAGPM > DocumentName: Software Assurance Guardian Point Man (SAG-PM) > DocumentNamespace: http://softwareassuranceguardian.com/ > Creator: Person:...
While tagvalue writer adds DocumentNamespace tag to tagvalue files (see [this line](https://github.com/spdx/tools-python/blob/d197a3adf95e2f4fc78c6983f5477f9b962bdaab/spdx/writers/tagvalue.py#L329)), rdf writer does not consider it at all, thus producing non-compliant rdf documents, which do not pass validation...
There is quite a bit of dependencies and baggage that come with RDF support. I would like to make this an optional feature so we can have the rest working...