Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: prototype 3.0 model #247

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

kzantow
Copy link
Collaborator

@kzantow kzantow commented Aug 1, 2024

This PR implements one possible data model to support SPDX 3, along with functional JSON serialization / deserialization. There are sure to be some rough edges!

The easiest way to understand what usage looks like is to check out the tests -- they perform some basic document creation, along with serializing, deserializing, and re-serializing to verify the documents are the same.

A few rough edges with SPDX 3 in general seem to be:

  • all elements are required to have a creation Info; this PR includes a feature during JSON serialization to set all elements creation info if it is unset, I don't know if this is a great idea but it would make things a lot easier to deal with...
  • all SPDX elements must have an spdxId; I also added a way to do this prior to serialization
  • it could be possible to have multiple SPDX document objects in the same json document
  • having an SPDX document and an SBOM independently is somewhat confusing
  • there's a chicken-and-egg problem between creation info and agent, where both are required and both reference each other, so some helper as I've implemented here would probably be good; maybe it should take different information

This PR does not add anything in the way of data validation, so it is probably pretty easy to create invalid documents. How to handle this is TBD.

This PR also does not add any conversion functionality to/from older versions of SPDX.

Feedback requested!

@kzantow kzantow force-pushed the feat/spdx-3-prototype branch 2 times, most recently from b71353a to 936ae58 Compare August 1, 2024 06:32
@kzantow kzantow changed the title feat: prototype v3_0 model feat: prototype 3.0 model Aug 1, 2024
@kzantow kzantow force-pushed the feat/spdx-3-prototype branch 2 times, most recently from ea44d2b to 14db0d0 Compare August 1, 2024 16:05
Signed-off-by: Keith Zantow <[email protected]>
@kzantow kzantow force-pushed the feat/spdx-3-prototype branch from 14db0d0 to 8e9125f Compare August 2, 2024 19:49
spdx/v3/v3_0/spdx_test.go Outdated Show resolved Hide resolved
Signed-off-by: Keith Zantow <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants