Closed ivanayov closed 1 year ago
Testing the failure of tern report -f spdxjson -i photon:3.0 -o spdx.json
locally the -o
flag doesn't generate any output. Same when building from the main branch. Seems like this fails in the CI as well.
Looks like not related to the PR changes, but probably a bug.
Finally getting around to testing this... The CI issue is related to SPDX document validation:
subprocess.CalledProcessError: Command 'tern report -f spdxjson -i photon:3.0 -o spdx.json && java -jar tools-java/target/tools-java-*-jar-with-dependencies.jar Verify spdx.json' returned non-zero exit status 1.
This error means that the SPDX JSON resulting from these changes is not validating properly with the changes.
Closing as it's addressed in a follow-up.
This change adds purl data to all packages listed
Addresses #1206
Signed-off-by: Ivana Atanasova iyovcheva@vmware.com