search

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.
https://guac.sh
Apache License 2.0
1.26k stars 170 forks source link

[feature] Add SPDX 3.0 support #1850

Open mlieberman85 opened 5 months ago

mlieberman85 commented 5 months ago

SPDX 3.0 was officially released on April 16, 2024. We should get support into GUAC for when we start getting SBOMs that follow the new specification.

lumjjb commented 5 months ago

This will depend on https://github.com/spdx/tools-golang's support for spdx 3.0 parsing

mlieberman85 commented 5 months ago

Opened up https://github.com/spdx/tools-golang/issues/237 for this.