spdx
SPDX XML doesn't reference a schema
The example SPDX document in XML doesn't reference a schema and the schemas directory only contains a JSON schema. Does an XML schema exist for the XML format so that an XML formated document can then be validated against the schema.
@anthonyharrison We're looking for a volunteer to help with the XML support. Interested or know anyone who may be interested?
The JSON schema is generated from a Java OWL to JSON Schema utility. I've also written an OWL to XSD utility, but I am not confident enough in my XML knowledge to publish the results.
I would be happy to collaborate with someone more expert in XML to review and refine both the XML schema and tune up any issues with the current XML example.
Thanks for the email and confirming that there isn't a schema currently. I am not an XML expert but I can generate a xsd file from the SPDX example using PyCharm. It will need some tuning to make it generic. Let's start the process and see if anyone else joins in.
On Thu, 6 Jan 2022 at 19:17, goneall @.***> wrote:
@anthonyharrison https://github.com/anthonyharrison We're looking for a volunteer to help with the XML support. Interested or know anyone who may be interested?
The JSON schema is generated from a Java OWL to JSON Schema utility https://github.com/spdx/tools-java/blob/master/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java. I've also written an OWL to XSD utility https://github.com/spdx/tools-java/blob/master/src/main/java/org/spdx/tools/schema/OwlToXsd.java, but I am not confident enough in my XML knowledge to publish the results.
I would be happy to collaborate with someone more expert in XML to review and refine both the XML schema and tune up any issues with the current XML example.
— Reply to this email directly, view it on GitHub https://github.com/spdx/spdx-spec/issues/615#issuecomment-1006853250, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAID2Y5AMNQTKEFUNGSV7LUUXTEVANCNFSM5LM7BI3A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
Thanks @anthonyharrison for the help.
I'll attach the XSD generated from the current Java utility. Perhaps you could look at it/compare it with the PyCharm generated XSD and let me know how close it is. I wouldn't be surprised if you find a few issues spdx-schema.xsd.txt .
Thanks @anthonyharrison for the help.
I'll attach the XSD generated from the current Java utility. Perhaps you could look at it/compare it with the PyCharm generated XSD and let me know how close it is. I wouldn't be surprised if you find a few issues spdx-schema.xsd.txt .
@goneall I tried to validate the SPDX sample XML file with the Java generated version of the XSD and it complained that it couldn't find the document element in the schema. The PyCharm version I generated wasn't generic enough so I found another generator and used this to successfully validate the sample file.
@anthonyharrison Sorry I didn't get to this for the 2.3 release. Let's target getting an updates XSD in place for 3.0.
@goneall My latest schema is released here https://github.com/intel/cve-bin-tool/tree/main/cve_bin_tool/schemas
Can you depreciate XML entirely instead?
We're actively discussing what serialization formats to support for SPDX 3.0. There is a significant number of tool developers who would like to only support JSON-LD which would deprecate the XML format. Feel free to participate in the serialization meetings or stay tuned to the SPDX tech minutes or mailing list.
SPDX 3.0 will only support JSON-LD - moving this to 3.1 where we will consider additional serialization formats.