tools-python
tools-python copied to clipboard
spdx
A Python library to parse, validate and create SPDX documents.
Update the SPDX Python libraries to the SPDX 2.1 specification. The SPDX 2.1 specification is a major upgrade from SPDX 1.2 supporting relationships between SPDX documents and SPDX elements.
This would be a merge to combine two SPDX documents without losing any of the license information. An example use case: A SPDX document including human input is already created,...
See the discussion at https://github.com/nexB/scancode-toolkit/issues/436#issuecomment-270935436.
Consider using the [spdx-lookup](https://pypi.python.org/pypi/spdx-lookup) package instead of the committed [spdx_licenselist.csv](https://github.com/spdx/tools-python/blob/master/spdx/spdx_licenselist.csv) file.
When a document has packages with package external references those are not written by the jsonyamlxml writer. Compare that behaviour with the [tagvaluewriter](https://github.com/spdx/tools-python/blob/2f4225c5a2eb2d1ee577c53b3b6075c91b0981c1/spdx/writers/tagvalue.py#L272).
The field "licenseListVersion" appears as a field of [CreationInfo](https://github.com/spdx/tools-python/blob/c0aa92a3a4779fe189c72b5e1d85a18267f6e45a/spdx/creationinfo.py#L148) and as a field of [Document](https://github.com/spdx/tools-python/blob/c0aa92a3a4779fe189c72b5e1d85a18267f6e45a/spdx/document.py#L302). When executing `convertor.py data/SPDXJsonExample.json output.tag` the licenseListVersion is parsed correctly but not written to the...
Looking at the tools-python in more detail we observed some inconsistencies concerning the builder. The current implementation of the builder classes is dependent on the file format. We suggest to...
When parsing a rdf file the SPDXID of a file contains the whole path to the spdxID in the graph. For example converting the example file [SPDXRdfExample.rdf](https://github.com/spdx/tools-python/blob/main/tests/data/formats/SPDXRdfExample.rdf) to a .tag...
It seems to be that the file [tv_to_rdf.py](https://github.com/spdx/tools-python/blob/0844b34b415e1780cb2a3a51f28231b1b5502bd6/spdx/tv_to_rdf.py) just contains a special case of the conversion logic, namely converting a tag/value file to rdf - which is covered by [convertor.py](https://github.com/spdx/tools-python/blob/3efab86fd735cb527032c959417668bc9a2d3de1/spdx/cli_tools/convertor.py)....
