Open hfhbd opened 1 year ago
Can we still include the extra stuff that's in our JSON today? Or is the format too strict?
Do you mean, you want to put the content of the artifacts.json
in the spdx.json
? The spdx spec is a superset of the current artifacts.json
file. It includes everything of the current json, but spdx is more detailed and way more complex.
Depending on your use-case (at cash?) and maybe small apps, I would keep the artifacts.json
file for easy usages.
https://spdx.dev SPDX is a standard for license information of a software product and its dependencies. The current
artifacts.json
isn't a standard. I have a prototype to generate aspdx.json
file and would like to publish it too.The prototype based on the
artifacts.json
file, but this file lacks a graph and some properties. Instead, this format needs to use the maven pom files/apis directly.Needed properties: