Support for SPDX 2.3? - Githubissues

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

BSD 2-Clause "Simplified" License

960 stars 188 forks source link

Support for SPDX 2.3? #1246

Open nishakm opened 8 months ago

nishakm commented 8 months ago

Describe the Feature I'm using tern to generate an SPDX-json formatted SBOM but it only seems to support SDPX 2.2

Use Cases I would like to generate a SPDX 2.3 document to maintain parity with the SPDX maven plugin

Implementation Changes Perhaps an SPDX version switch? It may mean a code refactor.

rnjudge commented 8 months ago

@nishakm There's actually a PR ready to merge that covers this using the SPDX python libraries - do you want to take a look? https://github.com/tern-tools/tern/pull/1233

I meant to review before maternity leave but ran out of time.