search

spdx / cdx2spdx

Utility that converts SBOM documents from CycloneDX to SPDX
Apache License 2.0
29 stars 9 forks source link

Support for cpe data and a more lenient approch to invalid downloadLocation issues #32

Closed flemminglau closed 1 year ago

flemminglau commented 1 year ago

I added the code needed to import cpe data from CycloneDX file.

I also (to get it working with my files) changed a fatal exception on an invalid downloadLocation URL to just being a warning (and ignoring the data).

I have the code in my local system. Changes are minimal and isolated to CycloneSpdxConverter.java.

I am not a Github expert so putting things into a fork is somewhat beyond me.

CycloneSpdxConverter.java.tar.gz

goneall commented 1 year ago

Thanks @flemminglau - since you don't have a signed-off pull request for this, could you just add a comment to this issue that you are providing the code changes under the Apache-2.0 open source license?

Once I have that, I can create a pull request for review.

flemminglau commented 1 year ago

Actually I later did a pull request with a slightly later version. So this version could be discarded if I got the pull request thing right.

In any case yes. The Apache-2.0 license is fine for covering my submission.

goneall commented 1 year ago

@flemminglau - I didn't see a pull request on this repo - you may want to check to make sure the upstream PR is this repo - it should show up in the pull requests.

Let me know if you have any questions or would like any assistance on the PR.

I can also create a PR from your attached file.

flemminglau commented 1 year ago

Hereby under Apache-2.0 license:

CycloneSpdxConverter.zip

I just did a fork and then raised a PR.

I did wonder how this would end up with the original repo. Is there a button in Github I can press to set it up correctly or is that a git command?

goneall commented 1 year ago

@flemminglau I suspect you may have raised a PR in the forked repo rather than the upstream (this) repo.

The simplest way to create the PR would be to fork the repo, make the change in your forked repo, push back the changes to the forked repo then raise the PR. When you visit Github for your forked repo, you should see a button at the top to create a PR with your changes. If you push that button, on the left side is a drop down on the base - make sure that points to this repo - it should be in the dropdown list.

I'll go ahead and create a PR with your latest uploaded file.

goneall commented 1 year ago

Fixed by #33