Does the tool support to generate SPDX file ?

[perifitdevs]

Hello, I'd like to generate SPDX file with this java tool. Is it possible ?

Thanks

[goneall]

@perifitdevs - It depends. This tool doesn't do any analysis of source or build metadata - there are several open source and commercial tools that will generate SPDX files from source or build files.

There is a list of tools at https://spdx.dev/tools

Can you describe more about the scenario you are using to generate an SPDX file?

[perifitdevs]

@goneall Thanks for responding. I'd like to generate SBOM with SPDX format to pass some security requirements for my app. I tried Syft which is an open source tool and generated SPDX successfully. I just want to use another tool for comparison the result, so I've picked tools- java.

[goneall]

@perifitdevs this utility will translate, verify, and "pretty print" SPDX SBOM's, but doesn't do any analysis.

The Java libraries this is based on is used in other commercial and open source tools that do produce SPDX documents.

I would refer to the SPDX tools web pages for other tools you can try out.

A couple of open source tools that analyze code and generate SPDX are ORT, Scancode, FOSSOlogy.

[goneall]

I believe the question has been answered - closing the issue