search

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.
394 stars 109 forks source link

Python(Go) - poetry - NOASSERTION is displayed for PackageLicenseConcluded/PackageLicenseDeclared is displayed even license exists for package #145

Open niruautomation opened 3 years ago

niruautomation commented 3 years ago

@lfpratik Tool Version Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool Test Repo https://github.com/lfpratik/spdx-poetry-demo OS Windows 10

  1. Followed all prerequisite steps as per https://confluence.linuxfoundation.org/display/PROD/SPDX+-+Python+Module+-+Prerequisites+For+Windows
  2. Followed Prerequisite and Steps as per below screenshot image
  3. Execute ./spdx-sbom-generator
  4. Observed that NOASSERTION is displayed for PackageLicenseConcluded/PackageLicenseDeclared is displayed even license exists for package Example1 When license file exists for root package image

image

Example1 When license file exists for package and also value exists in METADATA image

image

hasnatkscope commented 1 year ago

Opened #290 .