Dick Brooks (BCG)

icon indicating a website link https://github.com/rjb4standards icon indicating an email [email protected]

icon company Business Cyber Guardian (BCG) icon location Westfield MA icon location Entrepreneur Software Technical Lead Software Project Manager Industry Standards Leader Business Intelligence and Data Analytics

Results 20 comments of Dick Brooks (BCG)
trafficstars

Proposed Usage Language; soliticiting input on the proposed direction

[SBOM PROPOSED PRACTICES.docx](https://github.com/spdx/spdx-spec/files/8257429/SBOM.PROPOSED.PRACTICES.docx)

Not an Issue: Request to loosen constraints for SPDXID

Gary, the real problem is I don't control what a vendor may put in their Filename: value. Today its _ tomorrow it's + or something else, like #. I certainly...

Not an Issue: Request to loosen constraints for SPDXID

Thanks, Gary. Your point about multiple files with the same name is one of the mines that I tripped over: https://support.microsoft.com/en-us/topic/january-12-2021-kb4598242-os-builds-19041-746-and-19042-746-ab18a1a1-d572-598f-4d86-7137aad34056 look at the files list Aaaarrggg: https://download.microsoft.com/download/1/e/a/1eaed84f-3e0d-4938-86e1-42cd0aa7f9c8/4598242.csv I'm thinking...

Not an Issue: Request to loosen constraints for SPDXID

Thanks, Steve. Much appreciate the suggestion. Looks like I need to define a new function getSPDXID(filename). Thanks for sharing your insights. Dick Brooks

Parser throwing exception

Gary, I was able to get a successful validation with the online validator for https://github.com/rjb4standards/REA-Products/blob/master/SAG-PM.spdx However, I'm seeing these errors from the python parser for the same file: PackageChecksum must...

Parser throwing exception

I found the culprit for this error too: PackageChecksum must be a single line of text, line: 15 LOOKS LIKE SHA256 not supported, only SHA1 allowed: 15: PackageChecksum: SHA256: aaa5ac584f40fe778013df0aa6544bf157799bd3f608364b451840ed2c8688de...

Error message when parsing files and mandatory fields are missing.

Kate, I have confirmed your speculation, adding the missing fields got me pass this error, perhaps an error like "Missing required fields { missing fields} would be more helpful. Thanks...

Error message when parsing files and mandatory fields are missing.

Thanks, Gary. I'll tackle these issues. Is there an online, web spdx verifier I can use to check for errors?

Error message when parsing files and mandatory fields are missing.

Gary, yhe Python parser is reporting these errors, but the online validator, my new best friend, reports no errors. PackageName:spdx-tools SPDXID: SPDXRef-spdx-tools-0.6.1 PackageSupplier: Person:Ahmed H. Ismail PackageVersion: 0.6.1 PackageChecksum: SHA256:...

What is a best practice for represenitng Python packages in SBOM

Looking at the Package description in spdx 2.2, I'm thinking use of sub packages, which is how I view these Python dependencies, will require the use of a relationship object,...