Inconsistent warnings for including verification code when files not analyzed while validating SBOM

spdx / spdx-online-tools

Source for the website providing online SPDX tools

https://tools.spdx.org

Apache License 2.0

60 stars 57 forks source link

Inconsistent warnings for including verification code when files not analyzed while validating SBOM #514

Closed JohnnyHobbs closed 10 months ago

JohnnyHobbs commented 11 months ago

In the attached, 52 of the 65 packages have filesAnalyzed set to false and have a packageVerificationCode, but only 4 get a warning, while jquery.cookie also has filesAnalyzed set to false and does not have a packageVerificationCode, but does get the warning, " Verification code must not be included when files not analyzed." Inconsistencies.json

goneall commented 11 months ago

Thanks @JohnnyHobbs for reporting this. It looks like this issue has been fixed in the spdx-java-library which is used by the online tool.

We just need to update to the latest version. I'm hoping to do a release over the next week or so.

goneall commented 10 months ago

Fixed with PR #517