-
New release of the SPDX License List 3.25.0
See https://github.com/spdx/license-list-XML/releases/tag/v3.25.0
Please update the SCTK files, the LicenseDB, and synchronize with DejaCode.
Note …
-
Suggestion to add the following information from the SPDX 2.3 spec:
> If the creator does not own their own website, a default SPDX CreatorWebsite and PathToSpdx can be used spdx.org/spdxdocs. Note…
-
### Context
We need an automated way to produce SBOMs for all our OCI images and rocks
### What needs to get done
Write a script that does the following:
1. `snap install syft`
2. calls our gathe…
-
Generating hashes for empty files will always return `None`, which is not documented and different from the usual hashing algorithms as well as contradicting the SPDX standard.
Example:
```pytho…
-
According to the documentation and output files, the format of the SPDX document is in version 2.2 ("spdxVersion": "SPDX-2.2")
However, according to the German Federal Office for Information Securi…
-
- Currently the spec is available on https://spdx.github.io/spdx-spec/
- https://spdx.github.io alone brings 404 file not found
- Propose to setup a page at https://spdx.github.io that either
…
-
With release https://github.com/anchore/sbom-action/releases/tag/v0.17.0 on the https://github.com/anchore/sbom-action the Syft version was updated, which in turn updated the SPDX format specVersion f…
-
Hi, We have 4 dependency packages being upgraded which are using extensive Dual licensing. I have recently updated my config file to accommodate the flagged license identifiers as well. Still we are g…
-
Hello SPDX team. We are trying to integrate spdx support in buildpacks. One of the things that we had a question about was the appropriate media type for spdx documents. It looks like the IANA media t…
-
Hi!
The SPDX document that is [written](https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile#L133) to the image is not valid because some required fields are missing:
> The …