tools-python
tools-python copied to clipboard
spdx
A Python library to parse, validate and create SPDX documents.
[nolicense.spdx.txt](https://github.com/user-attachments/files/21184974/nolicense.spdx.txt) We have: ``` PackageLicenseConcluded: LicenseRef-scancode-ws-policy-specification ``` But the definition of `LicenseRef-scancode-ws-policy-specification` is not provided. This should be flagged as invalid SPDX. Python tools say it is valid. Java tools...
[MEV.spdx.txt](https://github.com/user-attachments/files/19091266/MEV.spdx.txt) ``` pyspdxtools -i MEV.spdx ``` gives no error, so the SPDX SBOM is valid. However, as there is no `FilesAnalyzed`, it defaults to true so `PackageVerificationCode` is mandatory. So...
The tag_value writer seems to be handling relationship writing different than all the other formats specifically around the `CONTAINS` and `CONTAINED_BY` between package and files the code for it is...
"PACKAGE-MANAGER" string used in External Reference field is converted from JSON format to XML/YAML format, and '-' is converted to '_'. https://spdx.github.io/spdx-spec/v2.3/package-information/#721-external-reference-field
Resolves the issue 849 to comply with the spdx.2.3 standard where PACKAGE_MANAGER is replaced by PACKAGE-MANAGER
> Update 25 Apr 2025: The SPDX Organization Account on PyPI is https://pypi.org/org/spdx/ PyPI introduced PyPI Organizations last year: https://blog.pypi.org/posts/2023-04-23-introducing-pypi-organizations/ It would be nice if the SPDX Project has a...
Add a return type to `spdx.parser.parse_anything.parse_file` function. Since all `parse_from_file()` functions from - `rdf_parser` - `tagvalue_parser` - `json_parser` - `xml_parser` and - `yaml_parser` that `parse_file()` is calling, are returning `Document`,...
Potentially fix #257 and allow zip-safe = true in pyproject.toml
Both the package name and the package download location are defined as required fields. However, when an empty string is provided for the package name, no error is detected, while...
SPDX v2.2 or later, Some fields have restricted input values. Do I need to check these restricted strings in these fields in another way? I would appreciate it if you...