missing referenced spdx_id in merge

interlynk-io / sbomasm

SBOM Assembler - A tool to compose your various sboms into a single sbom.

Apache License 2.0

47 stars 3 forks source link

missing referenced spdx_id in merge #77

Closed vargenau closed 2 weeks ago

vargenau commented 2 weeks ago

main.spdx.txt other.spdx.txt

sbomasm assemble -n merge -v 1 -t application -o merge.spdx.json *.spdx

merge.spdx.json

pyspdxtools -i merge.spdx.json 
ERROR:root:The document is invalid. The following issues have been found:
did not find the referenced spdx_id "SPDXRef-Package-other" in the SPDX document
did not find the referenced spdx_id "SPDXRef-Package-other" in the SPDX document

viveksahu26 commented 2 weeks ago

Hey @vargenau . Thanks for raising an issue. Wanted to know the o/p of the below command: pyspdxtools -i main.spdx.txt and pyspdxtools -i other.spdx.txt

vargenau commented 2 weeks ago

Both files are valid SPDX.

pyspdxtools -i main.spdx
pyspdxtools -i other.spdx

give no result, meaning they are valid.

The Java Tools also say files are valid SPDX.

I had to rename the files by adding .txt in order to be able to upload them on GitHub. You should rename them back to do the tests.

I always provide valid SPDX as input in my issues.

riteshnoronha commented 2 weeks ago

fixed here https://github.com/interlynk-io/sbomasm/pull/84

riteshnoronha commented 2 weeks ago

v0.1.4 has been released with this fix.