Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sbom): fix incompliant license format for spdx #3335

Merged
merged 7 commits into from
Mar 12, 2023
Merged

fix(sbom): fix incompliant license format for spdx #3335

merged 7 commits into from
Mar 12, 2023

Conversation

masahiro331
Copy link
Contributor

@masahiro331 masahiro331 commented Dec 24, 2022
edited by itaysk
Loading

Description

A licence parser has been added to support the SPDX licence format.
It is only used within the SPDX package so as not to affect the normalisation of existing licences.

SPDX license specification.
https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@masahiro331 masahiro331 self-assigned this Dec 24, 2022
@sentenz
Copy link

sentenz commented Jan 4, 2023

When will this merger be completed?

@beltran-rubo
Copy link

Any estimated date when this would be merged?

@masahiro331
Copy link
Contributor Author

Any estimated date when this would be merged?

Refactoring. Please wait a little longer.

@tokcum
Copy link

tokcum commented Jan 20, 2023

I'm also looking forward to get this merged and released.

@namandf
Copy link

namandf commented Feb 15, 2023

Looking forward to this change. The spdx report currently seems to be invalid according to https://tools.spdx.org/app/validate/

@itaysk
Copy link
Contributor

itaysk commented Mar 3, 2023

added to the description that this will also close #2249

@MarioSMC
Copy link

Thanks for the great fix. When will the review be completed?

@knqyf263 knqyf263 merged commit aaf2658 into aquasecurity:main Mar 12, 2023
@knqyf263 knqyf263 mentioned this pull request Mar 12, 2023
Merged
7 tasks
atombrella pushed a commit to atombrella/trivy that referenced this pull request Mar 25, 2023
@masahiro331 @atombrella
fix(sbom): fix incompliant license format for spdx (aquasecurity#3335)
c9d0208
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

@masahiro331 masahiro331

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Trivy is not generating compliant SPDX JSON Normalize detected licenses to SPDX License ID
8 participants
@masahiro331 @sentenz @beltran-rubo @tokcum @namandf @itaysk @MarioSMC @knqyf263