Java - Maven - NOASSERTION is displayed for PackageLicenseConcluded/PackageLicenseDeclared even when license exists for all packages

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.

396 stars 109 forks source link

Java - Maven - NOASSERTION is displayed for PackageLicenseConcluded/PackageLicenseDeclared even when license exists for all packages #129

Open niruautomation opened 3 years ago

niruautomation commented 3 years ago

@prathapbproximabiz Tool Version Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool Test Repo https://github.com/zxing/zxing OS Windows 10

Observed that NOASSERTION is displayed for PackageLicenseConcluded/PackageLicenseDeclared even when license exists for all packages in pom.xml SPDX file

pom.xml

prathapbproximabiz commented 3 years ago

@niruautomation This issue is fixed. Will be sending PR shortly.

niruautomation commented 3 years ago

I cloned the code from master on 14-06-2021, build the tool and verified the ticket. Issue is still reproducible

bom-Java-Maven.spdx.txt

muzammil786 commented 2 years ago

@niruautomation This issue is fixed. Will be sending PR shortly.

Unfortunately, the issue still exists.