Armin Tänzer
Armin Tänzer
small fix: I changed the check for the SPDX version to use the official string "SPDX-2.2" consistently.
Thanks for the pointers, @rnjudge! :) Unfortunately, neither of these examples results in any `files` in the output SPDX, so we would have a blind spot there if we used...
I used `tern report -x scancode -i photon:3.0 -f spdxjson -o photon_test.json`. No file information to be found in `photon_test.json`.
I tried using the scancode extension, but ran into the bug described in #1202. I'll post my report there.
The java-tools don't seem to pick up on all invalidities, please also check with `pyspdxtools -i output.json`. Also, do you get the large (around 6MB) SPDX output?
> It is true that a package may contain no files if files_analyzed is false but it may still contain other packages. This error is the majority of what I'm...
> Running with the old changes, my SBOM with scancode metadata is 3.3MB. Running with the new changes, when I generate a scancode SBOM, It is 6.0MB. So it seems...
@rnjudge: It turns out the java-tools pick up on the invalidities mentioned above, but only after the `Analysis exception processing SPDX file: No SPDX element found for SPDX ID SPDXRef-None-None`...
FYI: the refactored version of `spdx/tools-python` can now be found on the [main branch](https://github.com/spdx/tools-python).
Large parts of the lifting are already implemented, the Licensing is the last thing that is missing.