Convert SPDX in JSON or XML format

[amedeopro]

Hi, how can i convert my spdx file in json format or xml format ??

thank you

[shamblett]

Unfortunately there is no option for this at the moment, it is envisaged other formatting options will be added in future releases.

Until this is added there are other tools such as this that will convert your spdx file into other formats.

[amedeopro]

ok thanks but this tool you reported to me does not include the spdx format

[shamblett]

Yes it does, it only deals with spdx, the format the package uses is spdx tag format, the tool allows you to convert from tag format to XML or json as you requested, try it on an spdx file generated by the package.

[amedeopro]

ok thank you, i have tried but the spdx do not contain the package name and versions but only my widget/component

[shamblett]

Not sure what you mean, an extract form the sbom.spdx file for one of my packages -

PackageName: cbor
SPDXID: SPDXRef-Package-cbor
PackageVersion: 5.1.1

clearly shows the package name and the version.

[amedeopro]

I use your package in a flutter project, i need to have in the file generated by sbom the packages installed in the project (pubspec.yaml) to be able to load it in a dependecy tracker and check if there are vulnerabilities or other ... currently in the sbom file generated by your package I have the list of my project files, I hope I have explained myself well

[shamblett]

Yes OK, the package doesn't do this, in theory each dependant package should have its own SBOM, generated by itself, this package does not generate SBOM's for dependant packages.