cdx2spdx
cdx2spdx copied to clipboard
spdx
Utility that converts SBOM documents from CycloneDX to SPDX
This is really not an issue specific to this tool but in case the tool was to implement a way of doing this it would be a great contribution to...
I am a bit unsure as it is not very well defined in the sources but it seems we are linking w. cyclonedx.core.java 7.3.2 which is from Feb 2023. I...
We are seeing that an NPM package like `"@angular/router"` in the cyclonedx file is represented as ``` "group": "@angular" "name": "router" ``` When the converter constructs the SPDX "name" value...
I get the following error message on a CycloneDx file (attached, has been renamed to .txt to make attachement possible): docker run -v ./sboms:/cdx2spdx/sboms -it --rm cdx2spdx WARNING: sun.reflect.Reflection.getCallerClass is...
Hi there, thanks for creating this useful tool. It wasn't clear to me when installing what JDK version this is intended to run on. Is it accurate to document this...
I tried to convert a CycloneDX file that contains some non-SPDX-compliant licenses that were already called "LicenseRef-Proprietary" in the CDX file. cdx2spdx (version 0.1.5) seems to not handle that situation...
