Export specific format versions (SPDX)

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

BSD 2-Clause "Simplified" License

960 stars 188 forks source link

Export specific format versions (SPDX) #1211

Open vargenau opened 1 year ago

vargenau commented 1 year ago

We now have SPDX 2.2 (the ISO version) and SPDX 2.3, and soon we will have SPDX 3.0.

It would be good to be able to specify in which version of SPDX we want the result.

Some users are required to use the ISO version, and some have tools that require a specific version of SPDX.

Syft has planned to implement it: Export specific format versions (SPDX)

We could use the same syntax to specify the version.

rnjudge commented 1 year ago

Thanks @vargenau. This is on our radar but due to limited resources, not high priority.. Ideally, we would only support the latest SPDX release since.