tools-java
tools-java copied to clipboard
spdx
SPDX Command Line Tools using the Spdx-Java-Library
[case-sensitive4.spdx.txt](https://github.com/user-attachments/files/16141649/case-sensitive4.spdx.txt) Java tools 1.1.8 considers the SPDX as valid. However, in the line ``` PackageLicenseDeclared: licenseref-case-sensitive ``` `licenseref-case-sensitive` should be flagged as invalid. Tools Python flags it as invalid: ```...
[example6-bin.spdx.txt](https://github.com/user-attachments/files/16139864/example6-bin.spdx.txt) This file is from [spdx-examples/software/example6/spdx2.2](https://github.com/spdx/spdx-examples/blob/master/software/example6/spdx2.2/example6-bin.spdx) Tools Python says the file is valid SPDX. Tools Java 1.1.8 says it is invalid: ``` Analysis exception processing SPDX file: Can not add...
### Description An invalid Tag value SBOM contains large relationships and has thousands of SPDX warnings taking exponential time to verify. ### Example To generate this issue download the attached...
@goneall The Java tools version 2 have the capability to convert from SPDX 2 to SPDX 3. This is documented at: https://spdx.github.io/Spdx-Java-Library/org/spdx/library/conversion/Spdx2to3Converter.html But I would like to do it in...
When I create an SPDX document with multiple hashes on a package, the order of the hashes in the output json varies. The hashes should follow a deterministic ordering. Please...
The java tools only lists the first issue it comes across when there is a validation error, even if multiple issues exist. Suggest to list all the validation errors at...
While this is trivial for a single license without expression, it would be nice to have this for more complex expressions. This would be useful for a wide variety of...
Hi @goneall I have a valid SPDX2 file, `FN.spdx` (uploaded here as `FN.spdx.txt`). I convert to SPDX3. Then the validator gives the following errors: ``` his SPDX Document is not...
It would be great if the CLI functions which read SBOMs support reading from piped standard input. There are some cases where it is much more convenient to pipe output...
