Open vargenau opened 1 week ago
Hey @vargenau -- would you mind posting the error you are getting? We seem to be having issues running the online validator on this SBOM. Thanks!
Hello,
It's better to download and install locally the Java tools https://github.com/spdx/tools-java or the Python tools https://github.com/spdx/tools-python than using the online tools for big SPDX files.
This is the generated SBOM: mongodb-6.0.6-debian-11-r0.spdx.txt
Running
pyspdxtools -i mongodb-6.0.6-debian-11-r0.spdx
gives the following result: pyspdxtools.txt
Most errors are related to https://github.com/anchore/syft/issues/2093
But for this bug report you have:
copyright_text is mandatory in SPDX-2.2
The Java tools give: javatools.zip
Thanks @vargenau. I do see the Copyright Text is a mandatory field in SPDX 2.2. We should default this to NOASSERTION
, like we do for other required fields. I've added this to the backlog and always happy to review any pull requests!
What happened:
Generated SPDX is invalid, mandatory copyright text is missing
What you expected to happen:
SPDX should be valid
Steps to reproduce the issue:
Anything else we need to know?:
Environment:
syft version
:cat /etc/os-release
or similar): macOS 14.7