spdx-maven-plugin icon indicating copy to clipboard operation
spdx-maven-plugin copied to clipboard
verified publisher icon spdx

Implement RelationshipType for all known Maven scopes

Open nielsm5 opened this issue 3 months ago • 1 comments

Right now only the compile, runtime, and test scopes are used. Maven only has a total of 6 scopes. It's a shame the code only supports half of them...

https://github.com/spdx/spdx-maven-plugin/blob/539c533cb7ac7cbe08d0c5ff858f3adecd021766/src/main/java/org/spdx/maven/utils/SpdxV3DependencyBuilder.java#L136-L158

Please consider adding:

  • provided -> hasProvidedDependency / PROVIDED_DEPENDENCY_OF
  • system -> hasStaticLink / STATIC_LINK
  • import -> this is used for bom (dependency) version enforcing ...

Also javax and jakarta api depdendencies are specifications... hasSpecification?

nielsm5 avatar Sep 23 '25 09:09 nielsm5

Thanks @nielsm5 for the suggestions - going to do a bit of reading of the spec / relationship types before responding to the suggestions. It may take a couple of days due to some high priority interrupts.

goneall avatar Sep 23 '25 23:09 goneall