abhishekdumaniya
commented
11 months ago Sir @goneall, I am interested in solving this issue, I want to work on it.
Open goneall opened 1 year ago
abhishekdumaniya
commented
11 months ago Sir @goneall, I am interested in solving this issue, I want to work on it.
goneall
commented
11 months ago @MazeJack - that would be great. Let me know if you need any help understanding the code.
abhishekdumaniya
commented
11 months ago sir @goneall,
I am a new member and would like to contribute to this issue. I came across a file named json-pom-use-artifact.xml. Could you please explain to me which dependencies are included in this .xml file and not in a .json file? do I have to rewrite code in the license.json file or any other .json file?
P.S. I found an externalReferences tag in json-pom-use-artifact.xml. Do I have to rewrite it in license.json or any other .json?
goneall
commented
11 months ago @MazeJack -The Java code that generates the external relationships will probably need to be modified.
The source file SpdxDependencyInformation is responsible for creating the external document references. Here's a link to the method that creates it:
I would suggest looking for where this method is called and see if it is only looking for XML files and whether it can also search for JSON files.
External document references are used for dependencies which have SPDX document as a repository artifact.
XML formatted documents are included. However, .json files are not. This is likely due to how the plugin looks for and finds the dependencies.