Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SPDX 2.3 #1292

Closed
ankitm123 opened this issue Oct 26, 2022 · 4 comments · Fixed by #1311
Closed

Support SPDX 2.3 #1292

ankitm123 opened this issue Oct 26, 2022 · 4 comments · Fixed by #1311
Assignees
@kzantow
Labels
enhancement New feature or request

Comments

@ankitm123
Copy link

What would you like to be added:

The latest version of spdx specification is 2.3. SBOMs produced by Syft are still on version 2.2.
It would be nice to add support for 2.3. Other sbom authoring tools like ko, apko and kubernetes sbom tool already support producing sbom with version 2.3 as the default.

https://spdx.github.io/spdx-spec/v2.3/
@ankitm123 ankitm123 added the enhancement New feature or request label Oct 26, 2022
@kzantow
Copy link
Contributor

kzantow commented Oct 26, 2022

Yes, we definitely want this, too! We are currently using the spdx/tools-golang library for SPDX support and have opened a PR to get SPDX 2.3 support added there, which seems like it might be close, after which time we'll definitely update support in Syft!

@kzantow kzantow added this to OSS Oct 26, 2022
@kzantow kzantow moved this to Parking Lot (Comments or Progress) in OSS Oct 26, 2022
@kzantow kzantow added the blocked Progress is being stopped by something label Oct 26, 2022
@ankitm123
Copy link
Author

Awesome, looking forward to it.

@kzantow kzantow moved this from Parking Lot (Comments or Progress) to In Progress (Actively Resolving) in OSS Oct 26, 2022
@kzantow kzantow changed the title Support spdx 2.3 Support SPDX 2.3 Oct 26, 2022
@kzantow kzantow removed the blocked Progress is being stopped by something label Nov 1, 2022
@kzantow kzantow self-assigned this Nov 1, 2022
@kzantow kzantow mentioned this issue Nov 2, 2022
Merged
@kzantow kzantow added the blocked Progress is being stopped by something label Nov 7, 2022
@kzantow
Copy link
Contributor

kzantow commented Nov 7, 2022
edited
Loading

NOTE: we need to get one more change merged into the tools-golang repo: spdx/tools-golang#170 -- Done!

Repository owner moved this from In Progress (Actively Resolving) to Done in OSS Nov 18, 2022
@dependabot dependabot bot mentioned this issue Nov 19, 2022
Closed
@ankitm123
Copy link
Author

Cool, thanks! We will upgrade the version of syft used in jenkins X pipelines :)

This was referenced Nov 21, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@dependabot dependabot bot mentioned this issue Nov 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kzantow kzantow

Labels
enhancement New feature or request
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SPDX 2.3 support kzantow-anchore/syft
2 participants
@kzantow @ankitm123