tools-java
tools-java copied to clipboard
spdx
SPDX Command Line Tools using the Spdx-Java-Library
[case-sensitive4.spdx.txt](https://github.com/user-attachments/files/16141649/case-sensitive4.spdx.txt) Java tools 1.1.8 considers the SPDX as valid. However, in the line ``` PackageLicenseDeclared: licenseref-case-sensitive ``` `licenseref-case-sensitive` should be flagged as invalid. Tools Python flags it as invalid: ```...
[example6-bin.spdx.txt](https://github.com/user-attachments/files/16139864/example6-bin.spdx.txt) This file is from [spdx-examples/software/example6/spdx2.2](https://github.com/spdx/spdx-examples/blob/master/software/example6/spdx2.2/example6-bin.spdx) Tools Python says the file is valid SPDX. Tools Java 1.1.8 says it is invalid: ``` Analysis exception processing SPDX file: Can not add...
### Description An invalid Tag value SBOM contains large relationships and has thousands of SPDX warnings taking exponential time to verify. ### Example To generate this issue download the attached...
@goneall The Java tools version 2 have the capability to convert from SPDX 2 to SPDX 3. This is documented at: https://spdx.github.io/Spdx-Java-Library/org/spdx/library/conversion/Spdx2to3Converter.html But I would like to do it in...
When I create an SPDX document with multiple hashes on a package, the order of the hashes in the output json varies. The hashes should follow a deterministic ordering. Please...
The java tools only lists the first issue it comes across when there is a validation error, even if multiple issues exist. Suggest to list all the validation errors at...
