Gary O'Neall
Gary O'Neall
I have a very large SBOM I'm enriching with Parlay - it takes about 7 hours to run. This is likely due to rate limiting on the upstream data requests....
When running `Trivy ecosystems enrich [file]` the resultant SPDX document will, on occasion, result in a concluded license (in the SPDX format) that does not validate. From looking at the...
According to the [SPDX AIPackage specification](https://spdx.github.io/spdx-spec/v3.0.1/model/AI/Classes/AIPackage/) an optional property field is `extension`. This field is of type `Extension`. `Extension` is an abstract class. In testing a serialization with `Extension` added...
Reference conversation in this pull request: https://github.com/spdx/spdx-3-model/pull/994#event-16619418845 If we get feedback requiring any changes to the model, we'll need to have some mechanism for a release. I would suggest we...
The Service profile is not available for review. We will discuss this PR on the 4 March tech call. One specific area to review is the geographic information. Is this...
In SPDX 2.X we allow references to listed licenses and listed exceptions without referencing the external document(s) containing these definitions. In SPDX 3, the [spdx3-validator](https://github.com/JPEWdev/spdx3-validate) looks for import statements for...
If we only reference the SPDX listed license by URI, we get the following validation error: ``` Violation of type sh:ClassConstraintComponent: Severity: sh:Violation Source Shape: @prefix sh: . @prefix xsd:...
The license list version was present in the SPDX Spec version 2.X creation information. In SPDX 3, we moved it to the `LicenseExpression`. It may be useful to have the...
Is it possible to create a serialized SPDX data (JSON-LD format) that doesn't use an SPDX Document?
In the development of the SPDX version 3 spec, there were some use cases where they wanted to publish an SPDX `Element` without wrapping it in an SPDX document. I...
During the discussion on resolving the Individual Creation Infos, the issue was raised that we are not properly documenting the ID constraints for non Element classes. We should document this...