-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to output to JSON #230
Conversation
Signed-off-by: Amith K K <amithkumaran@gmail.com>
Signed-off-by: Amith K K <amithkumaran@gmail.com>
@amithkk, thank you for this pull request and welcome to SPDX! :) We have a conference call meeting on Tuesday if you'd like to join - it's at 16:00 UTC; all the details are at https://wiki.spdx.org/view/Technical_Team. I'm sure everyone would love to see your contribution! |
It seems as if the generated JSON may contain duplicate SPDX Elements. Running the command on this repository, there are multiple definitions of |
… tag for struct Signed-off-by: Amith K K <amithkumaran@gmail.com>
@seabass-labrax Thank you for the warm welcome 😄 Nice catch! That was caused by subpackages also being added to the document's packages array. I've updated the pull request to address that and the typo in the json tags. Will try to join the technical meeting |
018457e
to
b4a9852
Compare
Signed-off-by: Amith K K <amithkumaran@gmail.com>
Brilliant! There are just two things to change and then this should generate schema-valid SPDX JSON documents :)
Your idea of using a template for generating the tag/value data is really nice too; it might be worth rebasing the commits to make this change more visible to other developers. Looking forward to hearing from you at today's meeting if you can make it :) |
Updated asserted package checksums to be in checksums[] array for JSON, update logic appropriately in Tag Value renderer Signed-off-by: Amith K K <amithkumaran@gmail.com>
@seabass-labrax Thanks for the review! Addressed those comments in my previous commit. I've also updated the checksums[] array to appropriately render and have also validated the resulting SBOM against a JSONSchema validator to double check. |
@niravpatel27, would you be able to merge this please? Thanks :) |
@seabass-labrax sorry everyone, I got really busy on something and missed this one. I will be on it. |
Signed-off-by: Amith <amithkumaran@gmail.com> Signed-off-by: GitHub <noreply@github.com>
I've updated the branch to add the missing license identifiers for the two new code files |
Hi @niravpatel27, hope you are doing well 😄 - any updates on this? |
This pull request adds support for creating JSON SPDX SBOMs (thereby resolving #117 if merged)
This is achieved by
Additionally, this pull request also completes the todo item of reimplementing the tag-value format (.spdx) renderer as a go template.