tools-golang
tools-golang copied to clipboard
spdx
Collection of Go packages to work with SPDX files
This PR fixes a panic when invalid JSON containing `null` in a relationship array is parsed. TODO: - [ ] add tests Fixes: #238
If I try to parse [spdx-null-rel.json](https://github.com/spdx/tools-golang/files/15112659/spdx-null-rel.json) - a JSON SBOM containing a `null` value in the `relationships` array, then I get a panic. I am using `tools-golang` v0.5.4.
The [SPDX 3.0 spec has been officially released](https://www.linuxfoundation.org/press/spdx-3-revolutionizes-software-management-in-systems-with-enhanced-functionality-and-streamlined-use-cases). This library should add support for SPDX 3.0. What would this look like? * Add 3.0 models (in `spdx/v3/v3_0`) * Update [the...
According to the [Spec 11.1.1](https://spdx.github.io/spdx-spec/v2.2.2/relationships-between-SPDX-elements/#111-relationship-field) > In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used on the right hand side of a relationship...
2022 2H (v0.4.0) - [x] 2.3 support https://github.com/spdx/tools-golang/issues/156 - [x] struct - [x] functions - [x] Misc - [x] https://github.com/spdx/tools-golang/issues/139 - [x] https://github.com/spdx/tools-golang/issues/153 v0.5.0 (2023 Q1) - [x] Core model...
I decode SPDX files using your utility. However, some files result in missing file details; this is typically the case when both package and file information are present in the...
The library [currently outputs "##### Unpackaged files" in Tag Value format](https://github.com/spdx/tools-golang/blob/44984eb256213d2a5b713eb0fe1553177e8ee3e7/spdx/v2/v2_3/tagvalue/writer/save_document.go#L54) when it outputs the files section. However, this is misleading, as the files may be associated with a package...
The following files from the spdx-spec repository fails to validate https://github.com/spdx/spdx-spec/blob/development/v2.3.1/examples/SPDXJSONExample-v2.3.spdx.json https://github.com/spdx/spdx-spec/blob/development/v2.3/examples/SPDXJSONExample-v2.2.spdx.json (only tested the JSON versions sofar) ValidateDocument() returns err `ToolsElement used in relationship but no such package exists`...
The following error was returned when I attempted to parse the SPDX file for my current project: "Error while parsing no colon found in "Relationship SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-github.com"". I'm confident...
Hi! According to the SPDX specification, the SPDX identifier must be unique, but the document validation [function](https://github.com/spdx/tools-golang/blob/v0.5.3/spdxlib/documents.go#L14) does not check this. It would be nice to add such a check,...
