Schema fixes

- Add specVersion to creationInfo object - Only one context allowed - originatedBy is an array - dataLicense is not required - Fix element list in example7-third-party-modules.spdx.json - Remove build conformance (requires more information about the build) Signed-off-by: Nisha Kumar <[email protected]>
spdx · Aug 7, 2024 · a37b6b7 · a37b6b7
1 parent 66311c9
commit a37b6b7
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 28 deletions.
diff --git a/software/example7/spdx-3.0/example7-bin.spdx.json b/software/example7/spdx-3.0/example7-bin.spdx.json
@@ -1,7 +1,5 @@
 {
-  "@context": [
-    "https://spdx.org/rdf/3.0.0/spdx-context.jsonld"
-  ],
+  "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld",
   "@graph": [
     {
       "spdxId": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228",
@@ -20,6 +18,7 @@
     {
       "@id": "_:creationInfo",
       "type": "CreationInfo",
+      "specVersion": "3.0.0",
       "created": "2020-11-24T01:12:27Z",
       "createdBy": [
         "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228"
@@ -32,7 +31,9 @@
       "name": "hello",
       "creationInfo": "_:creationInfo",
       "comment": "This binary was created by building go source code",
-      "originatedBy": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228",
+      "originatedBy": [
+        "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228"
+      ],
       "software_primaryPurpose": "executable"
     },
     {
@@ -147,11 +148,9 @@
       "comment": "This document's primary communication is the SBOM",
       "name": "example7-bin.spdx",
       "profileConformance": [
-	"core",
-        "software",
-        "build"
+        "core",
+        "software"
       ],
-      "dataLicense": "CC0-1.0",
       "rootElement": [
         "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f"
       ]

diff --git a/software/example7/spdx-3.0/example7-go-module.spdx.json b/software/example7/spdx-3.0/example7-go-module.spdx.json
@@ -1,7 +1,5 @@
 {
-  "@context": [
-    "https://spdx.org/rdf/3.0.0/spdx-context.jsonld"
-  ],
+  "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld",
   "@graph": [
     {
       "spdxId": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8",
@@ -20,6 +18,7 @@
     {
       "@id": "_:creationInfo",
       "type": "CreationInfo",
+      "specVersion": "3.0.0",
       "created": "2020-11-25T01:12:27Z",
       "createdBy": [
         "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8"
@@ -34,7 +33,9 @@
       "comment": "This is version controlled source code, generated by the ssame person who made this document",
       "software_primaryPurpose": "source",
       "software_downloadLocation": "git://github.com/spdx/spdx-examples.git#software/example7/src/hello",
-      "originatedBy": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8"
+      "originatedBy": [
+        "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8"
+      ]
     },
     {
       "type": "software_Sbom",
@@ -56,10 +57,9 @@
       "comment": "This document's primary communication is the SBOM",
       "name": "example7-go-module.spdx",
       "profileConformance": [
-	"core",
+        "core",
         "software"
       ],
-      "dataLicense": "CC0-1.0",
       "rootElement": [
         "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345"
       ]

diff --git a/software/example7/spdx-3.0/example7-golang.spdx.json b/software/example7/spdx-3.0/example7-golang.spdx.json
@@ -1,7 +1,5 @@
 {
-  "@context": [
-    "https://spdx.org/rdf/3.0.0/spdx-context.jsonld"
-  ],
+  "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld",
   "@graph": [
     {
       "spdxId": "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b",
@@ -27,6 +25,7 @@
     {
       "@id": "_:creationInfo",
       "type": "CreationInfo",
+      "specVersion": "3.0.0",
       "created": "2020-11-24T01:12:27Z",
       "createdBy": [
         "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b"
@@ -42,7 +41,9 @@
       "software_packageVersion": "1.16.4",
       "software_primaryPurpose": "install",
       "software_downloadLocation": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz",
-      "originatedBy": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d",
+      "originatedBy": [
+        "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d"
+      ],
       "verifiedUsing": [
         {
           "type": "Hash",
@@ -57,7 +58,9 @@
       "name": "go",
       "creationInfo": "_:creationInfo",
       "comment": "The installation comes with an executable",
-      "originatedBy": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d",
+      "originatedBy": [
+        "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d"
+      ],
       "software_primaryPurpose": "executable"
     },
     {
@@ -93,10 +96,9 @@
       "comment": "This document's primary communication is the SBOM",
       "name": "example7-golang.spdx",
       "profileConformance": [
-	"core",
+        "core",
         "software"
       ],
-      "dataLicense": "CC0-1.0",
       "rootElement": [
         "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad"
       ]

diff --git a/software/example7/spdx-3.0/example7-third-party-modules.spdx.json b/software/example7/spdx-3.0/example7-third-party-modules.spdx.json
@@ -1,7 +1,5 @@
 { 
-  "@context": [
-    "https://spdx.org/rdf/3.0.0/spdx-context.jsonld"
-  ],
+  "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld",
   "@graph": [
     {
       "spdxId": "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb",
@@ -34,6 +32,7 @@
     {
       "@id": "_:creationInfo",
       "type": "CreationInfo",
+      "specVersion": "3.0.0",
       "created": "2020-11-25T01:12:27Z",
       "createdBy": [
         "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb"
@@ -48,7 +47,9 @@
       "comment": "Go module dependency. The author is not given",
       "software_primaryPurpose": "library",
       "software_downloadLocation": "git://golang.org/x/[email protected]",
-      "originatedBy": "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1"
+      "originatedBy": [
+        "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1"
+      ]
     },
     {
       "spdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73",
@@ -58,7 +59,9 @@
       "comment": "Go module dependency. The author is not given",
       "software_primaryPurpose": "library",
       "software_downloadLocation": "git://rsc.io/[email protected]",
-      "originatedBy": "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2"
+      "originatedBy": [
+        "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2"
+      ]
     },
     {
       "type": "software_Sbom",
@@ -71,7 +74,8 @@
       ],
       "element": [
         "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb",
-        "urn:uuid:0ae67aec-e3f7-4020-b0bc-068486068127",
+        "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1",
+        "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2",
         "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5",
         "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73"      
       ]
@@ -86,7 +90,6 @@
 	"core",
         "software"
       ],
-      "dataLicense": "CC0-1.0",
       "rootElement": [
         "urn:uuid:30bebcfc-096f-4cbd-9fea-da1b8c5f8ea6"
       ]