tools-python icon indicating copy to clipboard operation
tools-python copied to clipboard
verified publisher icon spdx

Missing PackageVerificationCode should be flagged as invalid

Open vargenau opened this issue 9 months ago • 0 comments

MEV.spdx.txt

pyspdxtools -i MEV.spdx

gives no error, so the SPDX SBOM is valid.

However, as there is no FilesAnalyzed, it defaults to true so PackageVerificationCode is mandatory.

So the SBOM should be flagged as invalid.

See also: https://github.com/spdx/tools-java/issues/188

vargenau avatar Mar 05 '25 14:03 vargenau