diff --git a/internal/logicalstrings.go b/internal/logicalstrings.go
index f2288af4a898..0620d2fd5d5f 100644
--- a/internal/logicalstrings.go
+++ b/internal/logicalstrings.go
@@ -3,6 +3,8 @@ package internal
 import (
 	"fmt"
 	"strings"
+
+	"github.com/invopop/jsonschema"
 )
 
 type Joiner string
@@ -47,6 +49,20 @@ func (l LogicalStrings) String() string {
 	return strings.Join(parts, fmt.Sprintf(" %s ", joiner))
 }
 
+func (l LogicalStrings) MarshalJSON() ([]byte, error) {
+	return []byte(fmt.Sprintf(`"%s"`, l.String())), nil
+}
+
+func (l *LogicalStrings) UnmarshalJSON(data []byte) error {
+	raw := strings.Trim(string(data), `"`)
+	ls, err := ParseLogicalStrings(raw)
+	if err != nil {
+		return err
+	}
+	*l = ls
+	return nil
+}
+
 // Process processes each simple element inside the LogicalStrings through a provided function,
 // returning a new LogicalStrings with the fields replaced.
 func (l LogicalStrings) Process(f func(string) string) LogicalStrings {
@@ -70,6 +86,14 @@ func (l LogicalStrings) Elements() []string {
 	return elements
 }
 
+func (l LogicalStrings) JSONSchema() *jsonschema.Schema {
+	return &jsonschema.Schema{
+		Type:        "string",
+		Title:       "Logical Strings",
+		Description: "strings with simple or complex logical combinations",
+	}
+}
+
 // ParseLogicalStrings parse strings joined by AND or OR, as well as compounded by ( and ), into a LogicalStrings struct
 func ParseLogicalStrings(s string) (LogicalStrings, error) {
 	var (
@@ -105,7 +129,9 @@ func ParseLogicalStrings(s string) (LogicalStrings, error) {
 	}
 	if currentExpression != "" {
 		simple, joiner := parseSimpleExpression(currentExpression)
-		currentLS.Simple = append(currentLS.Simple, simple...)
+		if len(simple) > 0 {
+			currentLS.Simple = append(currentLS.Simple, simple...)
+		}
 		currentLS.Joiner = joiner
 	}
 	return currentLS, nil
diff --git a/schema/json/schema-7.0.0.json b/schema/json/schema-7.0.0.json
index 63161e14d01b..575f51e53553 100644
--- a/schema/json/schema-7.0.0.json
+++ b/schema/json/schema-7.0.0.json
@@ -202,16 +202,21 @@
     },
     "BinaryMetadata": {
       "properties": {
-        "matches": {
-          "items": {
-            "$ref": "#/$defs/ClassifierMatch"
-          },
-          "type": "array"
+        "classifier": {
+          "type": "string"
+        },
+        "realPath": {
+          "type": "string"
+        },
+        "virtualPath": {
+          "type": "string"
         }
       },
       "type": "object",
       "required": [
-        "matches"
+        "classifier",
+        "realPath",
+        "virtualPath"
       ]
     },
     "CargoPackageMetadata": {
@@ -244,21 +249,6 @@
         "dependencies"
       ]
     },
-    "ClassifierMatch": {
-      "properties": {
-        "classifier": {
-          "type": "string"
-        },
-        "location": {
-          "$ref": "#/$defs/Location"
-        }
-      },
-      "type": "object",
-      "required": [
-        "classifier",
-        "location"
-      ]
-    },
     "CocoapodsMetadata": {
       "properties": {
         "checksum": {
@@ -803,22 +793,10 @@
       },
       "type": "object"
     },
-    "Location": {
-      "properties": {
-        "path": {
-          "type": "string"
-        },
-        "layerID": {
-          "type": "string"
-        },
-        "virtualPath": {
-          "type": "string"
-        }
-      },
-      "type": "object",
-      "required": [
-        "path"
-      ]
+    "LogicalStrings": {
+      "type": "string",
+      "title": "Logical Strings",
+      "description": "strings with simple or complex logical combinations"
     },
     "MixLockMetadata": {
       "properties": {
@@ -930,10 +908,7 @@
           "type": "array"
         },
         "licenses": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+          "$ref": "#/$defs/LogicalStrings"
         },
         "language": {
           "type": "string"
diff --git a/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden b/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden
index e85036214d92..632a1f2d995c 100644
Binary files a/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden and b/syft/file/test-fixtures/snapshot/stereoscope-fixture-image-file-type-mix.golden differ
diff --git a/syft/formats/common/cyclonedxhelpers/decoder_test.go b/syft/formats/common/cyclonedxhelpers/decoder_test.go
index 70f648e78a28..ffb0504dd86e 100644
--- a/syft/formats/common/cyclonedxhelpers/decoder_test.go
+++ b/syft/formats/common/cyclonedxhelpers/decoder_test.go
@@ -280,7 +280,7 @@ func Test_missingDataDecode(t *testing.T) {
 		},
 	})
 
-	assert.Len(t, pkg.Licenses, 0)
+	assert.Equal(t, pkg.Licenses.Size(), 0)
 }
 
 func Test_missingComponentsDecode(t *testing.T) {
diff --git a/syft/formats/common/spdxhelpers/license.go b/syft/formats/common/spdxhelpers/license.go
index 8abccebd746e..a3198a869aa6 100644
--- a/syft/formats/common/spdxhelpers/license.go
+++ b/syft/formats/common/spdxhelpers/license.go
@@ -1,10 +1,16 @@
 package spdxhelpers
 
 import (
+	"regexp"
+
 	"github.com/anchore/syft/internal/spdxlicense"
 	"github.com/anchore/syft/syft/pkg"
 )
 
+var (
+	invalidLicenseReg = regexp.MustCompile(`[^0-9A-Za-z\.-]`)
+)
+
 func License(p pkg.Package) string {
 	// source: https://spdx.github.io/spdx-spec/3-package-information/#313-concluded-license
 	// The options to populate this field are limited to:
@@ -24,12 +30,18 @@ func License(p pkg.Package) string {
 		if value, other, exists := spdxlicense.ID(s); exists {
 			parsed := value
 			if other != "" {
-				parsed = spdxlicense.LicenseRefPrefix + other
+				parsed = spdxlicense.LicenseRefPrefix + licenseScrubber(other)
 			}
 			return parsed
 		}
 		return ""
+
 	})
 
 	return parsedLicenses.String()
 }
+
+func licenseScrubber(s string) string {
+	// replace any characters that are *not* valid: alphanumeric, . -
+	return invalidLicenseReg.ReplaceAllString(s, "-")
+}
diff --git a/syft/formats/common/spdxhelpers/license_test.go b/syft/formats/common/spdxhelpers/license_test.go
index 76d42eaee836..a051622cdacc 100644
--- a/syft/formats/common/spdxhelpers/license_test.go
+++ b/syft/formats/common/spdxhelpers/license_test.go
@@ -83,3 +83,18 @@ func Test_License(t *testing.T) {
 		})
 	}
 }
+
+func TestLicenseScrubber(t *testing.T) {
+	tests := []struct {
+		in  string
+		out string
+	}{
+		{"A", "A"},
+		{"A-B", "A-B"},
+		{"A.B", "A.B"},
+		{"A.B:foo", "A.B-foo"},
+	}
+	for _, test := range tests {
+		assert.Equal(t, test.out, licenseScrubber(test.in))
+	}
+}
diff --git a/syft/formats/common/spdxhelpers/to_format_model.go b/syft/formats/common/spdxhelpers/to_format_model.go
index 2bcf257cc4b1..6382bd8cfbbf 100644
--- a/syft/formats/common/spdxhelpers/to_format_model.go
+++ b/syft/formats/common/spdxhelpers/to_format_model.go
@@ -516,18 +516,19 @@ func toOtherLicenses(catalog *pkg.Catalog) []*spdx.OtherLicense {
 	licenses := map[string]bool{}
 	for _, pkg := range catalog.Sorted() {
 		for _, license := range pkg.Licenses.Elements() {
-			if strings.HasPrefix(license, spdxlicense.LicenseRefPrefix) {
-				licenses[license] = true
+			value, other, exists := spdxlicense.ID(license)
+			if !exists || value != "" || other == "" {
+				continue
 			}
+
+			licenses[other] = true
 		}
 	}
 	var result []*spdx.OtherLicense
 	for license := range licenses {
-		// separate the actual ID from the prefix
-		name := strings.TrimPrefix(license, spdxlicense.LicenseRefPrefix)
 		result = append(result, &spdx.OtherLicense{
-			LicenseIdentifier: license,
-			LicenseName:       name,
+			LicenseIdentifier: fmt.Sprintf("%s%s", spdxlicense.LicenseRefPrefix, licenseScrubber(license)),
+			LicenseName:       license,
 			ExtractedText:     NONE, // we probably should have some extracted text here, but this is good enough for now
 		})
 	}
diff --git a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
index 7e7a3cdfe148..6e8f3b98e51b 100644
--- a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
+++ b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:0b628da1-274e-4c24-821c-f9452f37db54",
+  "serialNumber": "urn:uuid:11f78f35-2ea9-4785-90da-7e073c02ecfc",
   "version": 1,
   "metadata": {
-    "timestamp": "2022-12-22T18:33:51-05:00",
+    "timestamp": "2023-02-13T10:59:09-08:00",
     "tools": [
       {
         "vendor": "anchore",
@@ -20,7 +20,7 @@
   },
   "components": [
     {
-      "bom-ref": "1b1d0be59ac59d2c",
+      "bom-ref": "9f56614c62f539e9",
       "type": "library",
       "name": "package-1",
       "version": "1.0.1",
@@ -57,7 +57,7 @@
       ]
     },
     {
-      "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=db4abfe497c180d3",
+      "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=342b18b33e30ed0",
       "type": "library",
       "name": "package-2",
       "version": "2.0.1",
diff --git a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
index de3018170ed6..1b92f61df4e2 100644
--- a/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
+++ b/syft/formats/cyclonedxjson/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:542fc1a1-81ac-4b76-b9e2-8e6b9d8c840a",
+  "serialNumber": "urn:uuid:d383da54-a35f-4bd5-a85d-688b35e92c31",
   "version": 1,
   "metadata": {
-    "timestamp": "2022-12-22T18:33:51-05:00",
+    "timestamp": "2023-02-13T10:59:09-08:00",
     "tools": [
       {
         "vendor": "anchore",
@@ -13,7 +13,7 @@
       }
     ],
     "component": {
-      "bom-ref": "ffd645a093c0fe70",
+      "bom-ref": "b83149da0a7fd6c5",
       "type": "container",
       "name": "user-image-input",
       "version": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368"
@@ -21,7 +21,7 @@
   },
   "components": [
     {
-      "bom-ref": "66ba429119b8bec6",
+      "bom-ref": "de34d3845e98e85f",
       "type": "library",
       "name": "package-1",
       "version": "1.0.1",
@@ -53,7 +53,7 @@
         },
         {
           "name": "syft:location:0:layerID",
-          "value": "sha256:62058900d4ce269c900160b8dd255fe310c3a459dda236d041102fa070f84406"
+          "value": "sha256:626044c9c04b634ddb1659b81debbeebf312c5e3f2e6e8a693813866aa38a381"
         },
         {
           "name": "syft:location:0:path",
@@ -62,7 +62,7 @@
       ]
     },
     {
-      "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=958443e2d9304af4",
+      "bom-ref": "pkg:deb/debian/package-2@2.0.1?package-id=bad230a934158ee5",
       "type": "library",
       "name": "package-2",
       "version": "2.0.1",
@@ -83,7 +83,7 @@
         },
         {
           "name": "syft:location:0:layerID",
-          "value": "sha256:623ad97366f39ae279f1925673cdacb4851ddf2e3266f04e63010ec080a098c1"
+          "value": "sha256:2e0a2ae163675ae98403ca109fdee95bed2fea62f94e7d013146ac710d77de49"
         },
         {
           "name": "syft:location:0:path",
diff --git a/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
index 11a1958c8935..fc4e17e4f51f 100644
Binary files a/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/cyclonedxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ
diff --git a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
index 095d2c3b88ad..13f3b6834ace 100644
--- a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
+++ b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxDirectoryEncoder.golden
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:2939b822-b9cb-489d-8a8b-4431b755031d" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:01786e09-af5c-4c8b-83eb-f59341c278e2" version="1">
   <metadata>
-    <timestamp>2022-11-07T09:11:06-05:00</timestamp>
+    <timestamp>2023-02-13T10:59:09-08:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
@@ -14,7 +14,7 @@
     </component>
   </metadata>
   <components>
-    <component bom-ref="1b1d0be59ac59d2c" type="library">
+    <component bom-ref="9f56614c62f539e9" type="library">
       <name>package-1</name>
       <version>1.0.1</version>
       <licenses>
@@ -32,7 +32,7 @@
         <property name="syft:location:0:path">/some/path/pkg1</property>
       </properties>
     </component>
-    <component bom-ref="pkg:deb/debian/package-2@2.0.1?package-id=db4abfe497c180d3" type="library">
+    <component bom-ref="pkg:deb/debian/package-2@2.0.1?package-id=342b18b33e30ed0" type="library">
       <name>package-2</name>
       <version>2.0.1</version>
       <cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
diff --git a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
index 814962bedb37..ae5160108150 100644
--- a/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
+++ b/syft/formats/cyclonedxxml/test-fixtures/snapshot/TestCycloneDxImageEncoder.golden
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:2896b5ce-2016-49e8-a422-239d662846c7" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:5bc1ffb9-0fb4-4c08-b860-985de88d4448" version="1">
   <metadata>
-    <timestamp>2022-11-07T09:11:06-05:00</timestamp>
+    <timestamp>2023-02-13T10:59:09-08:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
@@ -9,13 +9,13 @@
         <version>v0.42.0-bogus</version>
       </tool>
     </tools>
-    <component bom-ref="522dc6b135a55bb4" type="container">
+    <component bom-ref="b83149da0a7fd6c5" type="container">
       <name>user-image-input</name>
       <version>sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368</version>
     </component>
   </metadata>
   <components>
-    <component bom-ref="66ba429119b8bec6" type="library">
+    <component bom-ref="de34d3845e98e85f" type="library">
       <name>package-1</name>
       <version>1.0.1</version>
       <licenses>
@@ -30,11 +30,11 @@
         <property name="syft:package:language">python</property>
         <property name="syft:package:metadataType">PythonPackageMetadata</property>
         <property name="syft:package:type">python</property>
-        <property name="syft:location:0:layerID">sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59</property>
+        <property name="syft:location:0:layerID">sha256:626044c9c04b634ddb1659b81debbeebf312c5e3f2e6e8a693813866aa38a381</property>
         <property name="syft:location:0:path">/somefile-1.txt</property>
       </properties>
     </component>
-    <component bom-ref="pkg:deb/debian/package-2@2.0.1?package-id=958443e2d9304af4" type="library">
+    <component bom-ref="pkg:deb/debian/package-2@2.0.1?package-id=bad230a934158ee5" type="library">
       <name>package-2</name>
       <version>2.0.1</version>
       <cpe>cpe:2.3:*:some:package:2:*:*:*:*:*:*:*</cpe>
@@ -43,7 +43,7 @@
         <property name="syft:package:foundBy">the-cataloger-2</property>
         <property name="syft:package:metadataType">DpkgMetadata</property>
         <property name="syft:package:type">deb</property>
-        <property name="syft:location:0:layerID">sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec</property>
+        <property name="syft:location:0:layerID">sha256:2e0a2ae163675ae98403ca109fdee95bed2fea62f94e7d013146ac710d77de49</property>
         <property name="syft:location:0:path">/somefile-2.txt</property>
         <property name="syft:metadata:installedSize">0</property>
       </properties>
diff --git a/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
index 11a1958c8935..fc4e17e4f51f 100644
Binary files a/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/cyclonedxxml/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ
diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
index 4ef14120dfe8..851eeb730993 100644
--- a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
+++ b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
@@ -3,19 +3,19 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "/some/path",
- "documentNamespace": "https://anchore.com/syft/dir/some/path-1fe34646-a616-48c7-974b-3d1e27d406e3",
+ "documentNamespace": "https://anchore.com/syft/dir/some/path-c5a351d0-f803-453a-a599-1b388bb321cf",
  "creationInfo": {
   "licenseListVersion": "3.19",
   "creators": [
    "Organization: Anchore, Inc",
    "Tool: syft-v0.42.0-bogus"
   ],
-  "created": "2023-01-20T21:41:03Z"
+  "created": "2023-02-13T18:59:09Z"
  },
  "packages": [
   {
    "name": "package-1",
-   "SPDXID": "SPDXRef-Package-python-package-1-1b1d0be59ac59d2c",
+   "SPDXID": "SPDXRef-Package-python-package-1-9f56614c62f539e9",
    "versionInfo": "1.0.1",
    "downloadLocation": "NOASSERTION",
    "sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1",
@@ -37,7 +37,7 @@
   },
   {
    "name": "package-2",
-   "SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3",
+   "SPDXID": "SPDXRef-Package-deb-package-2-342b18b33e30ed0",
    "versionInfo": "2.0.1",
    "downloadLocation": "NOASSERTION",
    "sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1",
diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
index 8a5214f293ff..fa96ae4af071 100644
--- a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
+++ b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
@@ -3,19 +3,19 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "user-image-input",
- "documentNamespace": "https://anchore.com/syft/image/user-image-input-33759ac3-6006-4f2c-bdc4-f40b9287a7f0",
+ "documentNamespace": "https://anchore.com/syft/image/user-image-input-2ddd36be-7a79-4bdb-9619-8cf35e0e223d",
  "creationInfo": {
   "licenseListVersion": "3.19",
   "creators": [
    "Organization: Anchore, Inc",
    "Tool: syft-v0.42.0-bogus"
   ],
-  "created": "2023-01-20T21:41:03Z"
+  "created": "2023-02-13T18:59:09Z"
  },
  "packages": [
   {
    "name": "package-1",
-   "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "SPDXID": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "versionInfo": "1.0.1",
    "downloadLocation": "NOASSERTION",
    "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
@@ -37,7 +37,7 @@
   },
   {
    "name": "package-2",
-   "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4",
+   "SPDXID": "SPDXRef-Package-deb-package-2-bad230a934158ee5",
    "versionInfo": "2.0.1",
    "downloadLocation": "NOASSERTION",
    "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
index 9e8e1453cc1a..f7c80e70b787 100644
--- a/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
+++ b/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
@@ -3,19 +3,19 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "user-image-input",
- "documentNamespace": "https://anchore.com/syft/image/user-image-input-ce98f51f-b483-4e93-9a15-5a8a16d35de6",
+ "documentNamespace": "https://anchore.com/syft/image/user-image-input-f006ebea-b878-40d7-8733-4d2c3e0f6e34",
  "creationInfo": {
   "licenseListVersion": "3.19",
   "creators": [
    "Organization: Anchore, Inc",
    "Tool: syft-v0.42.0-bogus"
   ],
-  "created": "2023-01-20T21:41:03Z"
+  "created": "2023-02-13T18:59:10Z"
  },
  "packages": [
   {
    "name": "package-1",
-   "SPDXID": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "SPDXID": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "versionInfo": "1.0.1",
    "downloadLocation": "NOASSERTION",
    "sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
@@ -37,7 +37,7 @@
   },
   {
    "name": "package-2",
-   "SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4",
+   "SPDXID": "SPDXRef-Package-deb-package-2-bad230a934158ee5",
    "versionInfo": "2.0.1",
    "downloadLocation": "NOASSERTION",
    "sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
@@ -152,32 +152,32 @@
  ],
  "relationships": [
   {
-   "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "relatedSpdxElement": "SPDXRef-5265a4dde3edbf7c",
    "relationshipType": "CONTAINS"
   },
   {
-   "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "relatedSpdxElement": "SPDXRef-839d99ee67d9d174",
    "relationshipType": "CONTAINS"
   },
   {
-   "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "relatedSpdxElement": "SPDXRef-9c2f7510199b17f6",
    "relationshipType": "CONTAINS"
   },
   {
-   "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "relatedSpdxElement": "SPDXRef-c641caa71518099f",
    "relationshipType": "CONTAINS"
   },
   {
-   "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "relatedSpdxElement": "SPDXRef-c6f5b29dca12661f",
    "relationshipType": "CONTAINS"
   },
   {
-   "spdxElementId": "SPDXRef-Package-python-package-1-66ba429119b8bec6",
+   "spdxElementId": "SPDXRef-Package-python-package-1-de34d3845e98e85f",
    "relatedSpdxElement": "SPDXRef-f9e49132a4b96ccd",
    "relationshipType": "CONTAINS"
   },
diff --git a/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
index b9ddf6e33390..fc4e17e4f51f 100644
Binary files a/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/spdxjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ
diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden
index c017916c28f9..97ba72f334fe 100644
--- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden
+++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXJSONSPDXIDs.golden
@@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: foobar/baz
-DocumentNamespace: https://anchore.com/syft/dir/foobar/baz-478e410d-7fad-472c-b4e9-a4068ef28160
+DocumentNamespace: https://anchore.com/syft/dir/foobar/baz-0cf4b09e-0f7b-486f-a84d-d0d91620476b
 LicenseListVersion: 3.19
 Creator: Organization: Anchore, Inc
 Creator: Tool: syft-v0.42.0-bogus
-Created: 2022-12-21T03:39:05Z
+Created: 2023-02-13T18:59:10Z
 
 ##### Package: @at-sign
 
 PackageName: @at-sign
-SPDXID: SPDXRef-Package---at-sign-3732f7a5679bdec4
+SPDXID: SPDXRef-Package---at-sign-14c1788ed9aa0270
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 PackageSourceInfo: acquired package info from the following paths: 
@@ -22,7 +22,7 @@ PackageCopyrightText: NOASSERTION
 ##### Package: some/slashes
 
 PackageName: some/slashes
-SPDXID: SPDXRef-Package--some-slashes-1345166d4801153b
+SPDXID: SPDXRef-Package--some-slashes-5b91aeb05a1fea5e
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 PackageSourceInfo: acquired package info from the following paths: 
@@ -33,7 +33,7 @@ PackageCopyrightText: NOASSERTION
 ##### Package: under_scores
 
 PackageName: under_scores
-SPDXID: SPDXRef-Package--under-scores-290d5c77210978c1
+SPDXID: SPDXRef-Package--under-scores-111cadb6afff78d4
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
 PackageSourceInfo: acquired package info from the following paths: 
diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
index 94cd399de233..ad391e928c4f 100644
--- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
+++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
@@ -2,11 +2,11 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: user-image-input
-DocumentNamespace: https://anchore.com/syft/image/user-image-input-73433e8c-364f-42b6-b5b7-9a4da8799868
+DocumentNamespace: https://anchore.com/syft/image/user-image-input-279e1d70-8051-447c-a64f-bbf2f291e9e3
 LicenseListVersion: 3.19
 Creator: Organization: Anchore, Inc
 Creator: Tool: syft-v0.42.0-bogus
-Created: 2022-12-21T03:39:05Z
+Created: 2023-02-13T18:59:10Z
 
 ##### Unpackaged files
 
@@ -49,7 +49,7 @@ LicenseConcluded: NOASSERTION
 ##### Package: package-2
 
 PackageName: package-2
-SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4
+SPDXID: SPDXRef-Package-deb-package-2-bad230a934158ee5
 PackageVersion: 2.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
@@ -63,7 +63,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1
 ##### Package: package-1
 
 PackageName: package-1
-SPDXID: SPDXRef-Package-python-package-1-66ba429119b8bec6
+SPDXID: SPDXRef-Package-python-package-1-de34d3845e98e85f
 PackageVersion: 1.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
@@ -76,11 +76,11 @@ ExternalRef: PACKAGE-MANAGER purl a-purl-1
 
 ##### Relationships
 
-Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-5265a4dde3edbf7c
-Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-839d99ee67d9d174
-Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-9c2f7510199b17f6
-Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-c641caa71518099f
-Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-c6f5b29dca12661f
-Relationship: SPDXRef-Package-python-package-1-66ba429119b8bec6 CONTAINS SPDXRef-f9e49132a4b96ccd
+Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-5265a4dde3edbf7c
+Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-839d99ee67d9d174
+Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-9c2f7510199b17f6
+Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-c641caa71518099f
+Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-c6f5b29dca12661f
+Relationship: SPDXRef-Package-python-package-1-de34d3845e98e85f CONTAINS SPDXRef-f9e49132a4b96ccd
 Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-DOCUMENT
 
diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden
index 7bd71f05f057..d0c6e12313e8 100644
--- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden
+++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueDirectoryEncoder.golden
@@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: /some/path
-DocumentNamespace: https://anchore.com/syft/dir/some/path-1d303762-46d2-47b5-9c81-defa91387275
+DocumentNamespace: https://anchore.com/syft/dir/some/path-63e04b9b-c306-41a2-b2fd-1e5d376abf88
 LicenseListVersion: 3.19
 Creator: Organization: Anchore, Inc
 Creator: Tool: syft-v0.42.0-bogus
-Created: 2022-12-21T03:39:05Z
+Created: 2023-02-13T18:59:10Z
 
 ##### Package: package-2
 
 PackageName: package-2
-SPDXID: SPDXRef-Package-deb-package-2-db4abfe497c180d3
+SPDXID: SPDXRef-Package-deb-package-2-342b18b33e30ed0
 PackageVersion: 2.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
@@ -25,7 +25,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1
 ##### Package: package-1
 
 PackageName: package-1
-SPDXID: SPDXRef-Package-python-package-1-1b1d0be59ac59d2c
+SPDXID: SPDXRef-Package-python-package-1-9f56614c62f539e9
 PackageVersion: 1.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden
index df1cb1467d3b..5c9bdee6beca 100644
--- a/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden
+++ b/syft/formats/spdxtagvalue/test-fixtures/snapshot/TestSPDXTagValueImageEncoder.golden
@@ -2,16 +2,16 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: user-image-input
-DocumentNamespace: https://anchore.com/syft/image/user-image-input-559af225-63af-4bc0-94fb-bce94913bcfa
+DocumentNamespace: https://anchore.com/syft/image/user-image-input-972cb3d7-7347-4acc-afcc-dff755139b4e
 LicenseListVersion: 3.19
 Creator: Organization: Anchore, Inc
 Creator: Tool: syft-v0.42.0-bogus
-Created: 2022-12-21T03:39:05Z
+Created: 2023-02-13T18:59:10Z
 
 ##### Package: package-2
 
 PackageName: package-2
-SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4
+SPDXID: SPDXRef-Package-deb-package-2-bad230a934158ee5
 PackageVersion: 2.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
@@ -25,7 +25,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1
 ##### Package: package-1
 
 PackageName: package-1
-SPDXID: SPDXRef-Package-python-package-1-66ba429119b8bec6
+SPDXID: SPDXRef-Package-python-package-1-de34d3845e98e85f
 PackageVersion: 1.0.1
 PackageDownloadLocation: NOASSERTION
 FilesAnalyzed: false
diff --git a/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
index b9ddf6e33390..fc4e17e4f51f 100644
Binary files a/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/spdxtagvalue/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ
diff --git a/syft/formats/syftjson/model/package_test.go b/syft/formats/syftjson/model/package_test.go
index 2aa2cda05156..32f1958c01e2 100644
--- a/syft/formats/syftjson/model/package_test.go
+++ b/syft/formats/syftjson/model/package_test.go
@@ -30,7 +30,7 @@ func TestUnmarshalPackageGolang(t *testing.T) {
 				    "path": "/Users/hal/go/bin/syft"
 				  }
 				],
-				"licenses": [],
+				"licenses": "",
 				"language": "go",
 				"cpes": [],
 				"purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0",
@@ -61,7 +61,7 @@ func TestUnmarshalPackageGolang(t *testing.T) {
 				    "path": "/Users/hal/go/bin/syft"
 				  }
 				],
-				"licenses": [],
+				"licenses": "",
 				"language": "go",
 				"cpes": [],
 				"purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0"
@@ -105,7 +105,7 @@ func Test_unpackMetadata(t *testing.T) {
 				    "path": "/Users/hal/go/bin/syft"
 				  }
 				],
-				"licenses": [],
+				"licenses": "",
 				"language": "go",
 				"cpes": [],
 				"purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0",
@@ -131,7 +131,7 @@ func Test_unpackMetadata(t *testing.T) {
 				    "path": "/Users/hal/go/bin/syft"
 				  }
 				],
-				"licenses": [],
+				"licenses": "",
 				"language": "go",
 				"cpes": [],
 				"purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0"
@@ -152,9 +152,7 @@ func Test_unpackMetadata(t *testing.T) {
 					 "layerID": "sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"
 					}
 				],
-				"licenses": [
-					"GPLv2+"
-				],
+				"licenses": "GPLv2+",
 				"language": "",
 				"cpes": [
 					"cpe:2.3:a:centos:acl:2.2.53-1.el8:*:*:*:*:*:*:*",
@@ -191,7 +189,7 @@ func Test_unpackMetadata(t *testing.T) {
 				    "path": "/Users/hal/go/bin/syft"
 				  }
 				],
-				"licenses": [],
+				"licenses": "",
 				"language": "go",
 				"cpes": [],
 				"purl": "pkg:golang/gopkg.in/square/go-jose.v2@v2.6.0",
diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden
index 6a051331a0e7..9d3273b861a5 100644
--- a/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden
+++ b/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden
@@ -1,7 +1,7 @@
 {
  "artifacts": [
   {
-   "id": "1b1d0be59ac59d2c",
+   "id": "9f56614c62f539e9",
    "name": "package-1",
    "version": "1.0.1",
    "type": "python",
@@ -11,9 +11,7 @@
      "path": "/some/path/pkg1"
     }
    ],
-   "licenses": [
-    "MIT"
-   ],
+   "licenses": "MIT",
    "language": "python",
    "cpes": [
     "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
@@ -36,7 +34,7 @@
    }
   },
   {
-   "id": "db4abfe497c180d3",
+   "id": "342b18b33e30ed0",
    "name": "package-2",
    "version": "2.0.1",
    "type": "deb",
@@ -46,7 +44,7 @@
      "path": "/some/path/pkg1"
     }
    ],
-   "licenses": [],
+   "licenses": "",
    "language": "",
    "cpes": [
     "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
@@ -89,7 +87,7 @@
   }
  },
  "schema": {
-  "version": "6.2.0",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-6.2.0.json"
+  "version": "7.0.0",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-7.0.0.json"
  }
 }
diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden
index 3b638f941069..554966ade29b 100644
--- a/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden
+++ b/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden
@@ -1,7 +1,7 @@
 {
  "artifacts": [
   {
-   "id": "304a5a8e5958a49d",
+   "id": "63a4be05cd4c2eec",
    "name": "package-1",
    "version": "1.0.1",
    "type": "python",
@@ -11,9 +11,7 @@
      "path": "/a/place/a"
     }
    ],
-   "licenses": [
-    "MIT"
-   ],
+   "licenses": "MIT",
    "language": "python",
    "cpes": [
     "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"
@@ -31,7 +29,7 @@
    }
   },
   {
-   "id": "9fd0b9f41034991d",
+   "id": "72e7b9a70006ab6b",
    "name": "package-2",
    "version": "2.0.1",
    "type": "deb",
@@ -41,7 +39,7 @@
      "path": "/b/place/b"
     }
    ],
-   "licenses": [],
+   "licenses": "",
    "language": "",
    "cpes": [
     "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
@@ -185,7 +183,7 @@
   }
  },
  "schema": {
-  "version": "6.2.0",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-6.2.0.json"
+  "version": "7.0.0",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-7.0.0.json"
  }
 }
diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden
index a72adb10c600..c178bf43f7f7 100644
--- a/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden
+++ b/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden
@@ -1,7 +1,7 @@
 {
  "artifacts": [
   {
-   "id": "66ba429119b8bec6",
+   "id": "de34d3845e98e85f",
    "name": "package-1",
    "version": "1.0.1",
    "type": "python",
@@ -12,9 +12,7 @@
      "layerID": "sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59"
     }
    ],
-   "licenses": [
-    "MIT"
-   ],
+   "licenses": "MIT",
    "language": "python",
    "cpes": [
     "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"
@@ -32,7 +30,7 @@
    }
   },
   {
-   "id": "958443e2d9304af4",
+   "id": "bad230a934158ee5",
    "name": "package-2",
    "version": "2.0.1",
    "type": "deb",
@@ -43,7 +41,7 @@
      "layerID": "sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec"
     }
    ],
-   "licenses": [],
+   "licenses": "",
    "language": "",
    "cpes": [
     "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
@@ -112,7 +110,7 @@
   }
  },
  "schema": {
-  "version": "6.2.0",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-6.2.0.json"
+  "version": "7.0.0",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-7.0.0.json"
  }
 }
diff --git a/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
index 11a1958c8935..fc4e17e4f51f 100644
Binary files a/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/syftjson/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ
diff --git a/syft/formats/test-fixtures/alpine-syft.json b/syft/formats/test-fixtures/alpine-syft.json
index ba8e02693499..1af906cb9aca 100644
--- a/syft/formats/test-fixtures/alpine-syft.json
+++ b/syft/formats/test-fixtures/alpine-syft.json
@@ -12,9 +12,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r16:*:*:*:*:*:*:*",
@@ -492,9 +490,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "MIT"
-   ],
+   "licenses": "MIT",
    "language": "",
    "cpes": [
     "cpe:2.3:a:alpine-keys:alpine-keys:2.3-r1:*:*:*:*:*:*:*",
@@ -778,9 +774,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:apk-tools:apk-tools:2.12.7-r0:*:*:*:*:*:*:*",
@@ -875,9 +869,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:busybox:busybox:1.33.1-r3:*:*:*:*:*:*:*"
@@ -1041,11 +1033,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "MPL-2.0",
-    "AND",
-    "MIT"
-   ],
+   "licenses": "MPL-2.0 AND MIT",
    "language": "",
    "cpes": [
     "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20191127-r5:*:*:*:*:*:*:*",
@@ -1117,11 +1105,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "BSD-2-Clause",
-    "AND",
-    "BSD-3-Clause"
-   ],
+   "licenses": "BSD-2-Clause AND BSD-3-Clause",
    "language": "",
    "cpes": [
     "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*",
@@ -1162,9 +1146,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "OpenSSL"
-   ],
+   "licenses": "OpenSSL",
    "language": "",
    "cpes": [
     "cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1l-r0:*:*:*:*:*:*:*"
@@ -1336,13 +1318,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "ISC",
-    "AND",
-    "(BSD-3-Clause",
-    "OR",
-    "MIT)"
-   ],
+   "licenses": "ISC AND (BSD-3-Clause OR MIT)",
    "language": "",
    "cpes": [
     "cpe:2.3:a:libretls:libretls:3.3.3p1-r2:*:*:*:*:*:*:*"
@@ -1405,9 +1381,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "OpenSSL"
-   ],
+   "licenses": "OpenSSL",
    "language": "",
    "cpes": [
     "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1l-r0:*:*:*:*:*:*:*"
@@ -1473,9 +1447,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "MIT"
-   ],
+   "licenses": "MIT",
    "language": "",
    "cpes": [
     "cpe:2.3:a:musl:musl:1.2.2-r3:*:*:*:*:*:*:*"
@@ -1535,11 +1507,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "MIT",
-    "BSD",
-    "GPL2+"
-   ],
+   "licenses": "MIT AND BSD AND GPL2+",
    "language": "",
    "cpes": [
     "cpe:2.3:a:musl-utils:musl-utils:1.2.2-r3:*:*:*:*:*:*:*",
@@ -1640,9 +1608,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:scanelf:scanelf:1.3.2-r0:*:*:*:*:*:*:*"
@@ -1695,9 +1661,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:ssl-client:ssl-client:1.33.1-r3:*:*:*:*:*:*:*",
@@ -1755,9 +1719,7 @@
      "layerID": "sha256:e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68"
     }
    ],
-   "licenses": [
-    "Zlib"
-   ],
+   "licenses": "Zlib",
    "language": "",
    "cpes": [
     "cpe:2.3:a:zlib:zlib:1.2.11-r3:*:*:*:*:*:*:*"
diff --git a/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden b/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden
index 4ab3a446e0c5..ff8104039353 100644
--- a/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden
+++ b/syft/formats/text/test-fixtures/snapshot/TestTextImageEncoder.golden
@@ -1,11 +1,11 @@
 [Image]
  Layer:		 0
- Digest:	 sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59
+ Digest:	 sha256:626044c9c04b634ddb1659b81debbeebf312c5e3f2e6e8a693813866aa38a381
  Size:		 22
  MediaType:	 application/vnd.docker.image.rootfs.diff.tar.gzip
 
  Layer:		 1
- Digest:	 sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec
+ Digest:	 sha256:2e0a2ae163675ae98403ca109fdee95bed2fea62f94e7d013146ac710d77de49
  Size:		 16
  MediaType:	 application/vnd.docker.image.rootfs.diff.tar.gzip
 
diff --git a/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
index c1b1d2b797ec..fc4e17e4f51f 100644
Binary files a/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and b/syft/formats/text/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ
diff --git a/syft/pkg/cataloger/alpm/cataloger_test.go b/syft/pkg/cataloger/alpm/cataloger_test.go
index 65447d66d8ba..661a6c93dac4 100644
--- a/syft/pkg/cataloger/alpm/cataloger_test.go
+++ b/syft/pkg/cataloger/alpm/cataloger_test.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/google/go-cmp/cmp/cmpopts"
 
+	"github.com/anchore/syft/internal"
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/file"
 	"github.com/anchore/syft/syft/pkg"
@@ -20,7 +21,7 @@ func TestAlpmCataloger(t *testing.T) {
 			Version:      "6.2.1-2",
 			Type:         pkg.AlpmPkg,
 			FoundBy:      "alpmdb-cataloger",
-			Licenses:     []string{"LGPL3", "GPL"},
+			Licenses:     internal.LogicalStrings{Simple: []string{"LGPL3", "GPL"}},
 			Locations:    source.NewLocationSet(source.NewLocation("var/lib/pacman/local/gmp-6.2.1-2/desc")),
 			CPEs:         nil,
 			PURL:         "",
diff --git a/syft/pkg/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go
index 626243d83022..2b39cd3c93d3 100644
--- a/syft/pkg/cataloger/java/archive_parser.go
+++ b/syft/pkg/cataloger/java/archive_parser.go
@@ -185,10 +185,14 @@ func (j *archiveParser) discoverMainPackage() (*pkg.Package, error) {
 		log.Warnf("failed to create digest for file=%q: %+v", j.archivePath, err)
 	}
 
+	licenses := selectLicense(manifest)
+	if len(licenses) == 0 {
+		licenses = nil
+	}
 	return &pkg.Package{
 		Name:         selectName(manifest, j.fileInfo),
 		Version:      selectVersion(manifest, j.fileInfo),
-		Licenses:     internal.LogicalStrings{Simple: selectLicense(manifest)},
+		Licenses:     internal.LogicalStrings{Simple: licenses},
 		Language:     pkg.Java,
 		Locations:    source.NewLocationSet(j.location),
 		Type:         j.fileInfo.pkgType(),
diff --git a/syft/pkg/cataloger/javascript/package.go b/syft/pkg/cataloger/javascript/package.go
index 807c5689ae66..b65b0eb3013c 100644
--- a/syft/pkg/cataloger/javascript/package.go
+++ b/syft/pkg/cataloger/javascript/package.go
@@ -18,11 +18,15 @@ func newPackageJSONPackage(u packageJSON, locations ...source.Location) pkg.Pack
 	if err != nil {
 		log.Warnf("unable to extract licenses from javascript package.json: %+v", err)
 	}
+	licenseStructure := internal.LogicalStrings{}
+	if len(licenses) > 0 {
+		licenseStructure.Simple = licenses
+	}
 
 	p := pkg.Package{
 		Name:         u.Name,
 		Version:      u.Version,
-		Licenses:     internal.LogicalStrings{Simple: licenses},
+		Licenses:     licenseStructure,
 		PURL:         packageURL(u.Name, u.Version),
 		Locations:    source.NewLocationSet(locations...),
 		Language:     pkg.JavaScript,
diff --git a/syft/pkg/cataloger/portage/parse_portage_contents.go b/syft/pkg/cataloger/portage/parse_portage_contents.go
index dba65ace0dd8..7870648b81f4 100644
--- a/syft/pkg/cataloger/portage/parse_portage_contents.go
+++ b/syft/pkg/cataloger/portage/parse_portage_contents.go
@@ -116,7 +116,7 @@ func addLicenses(resolver source.FileResolver, dbLocation source.Location, p *pk
 	}
 	licenses := findings.ToSlice()
 	sort.Strings(licenses)
-	p.Licenses = licenses
+	p.Licenses = internal.LogicalStrings{Simple: licenses}
 	p.Locations.Add(*location)
 }
 
diff --git a/syft/pkg/cataloger/sbom/cataloger_test.go b/syft/pkg/cataloger/sbom/cataloger_test.go
index f986fa6bd869..7966fc713649 100644
--- a/syft/pkg/cataloger/sbom/cataloger_test.go
+++ b/syft/pkg/cataloger/sbom/cataloger_test.go
@@ -198,7 +198,7 @@ func Test_parseSBOM(t *testing.T) {
 			Version:   "1.2.3-r1",
 			Type:      "apk",
 			Locations: source.NewLocationSet(source.NewLocation("sbom.syft.json")),
-			Licenses:  internal.LogicalStrings{Simple: []string{"MIT", "BSD", "GPL2+"}},
+			Licenses:  internal.LogicalStrings{Simple: []string{"MIT", "BSD", "GPL2+"}, Joiner: internal.OR},
 			FoundBy:   "sbom-cataloger",
 			PURL:      "pkg:apk/alpine/musl-utils@1.2.3-r1?arch=x86_64&upstream=musl&distro=alpine-3.16.3",
 			CPEs: mustCPEs(
diff --git a/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json b/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json
index c9e83d12045b..ebe6d6a07cd0 100644
--- a/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json
+++ b/syft/pkg/cataloger/sbom/test-fixtures/alpine/syft-json/sbom.syft.json
@@ -12,9 +12,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.2.0-r23:*:*:*:*:*:*:*",
@@ -395,9 +393,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.2.0-r23:*:*:*:*:*:*:*",
@@ -558,9 +554,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "MIT"
-   ],
+   "licenses": "MIT",
    "language": "",
    "cpes": [
     "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*",
@@ -995,9 +989,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:apk-tools:apk-tools:2.12.9-r3:*:*:*:*:*:*:*",
@@ -1103,9 +1095,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:busybox:busybox:1.35.0-r17:*:*:*:*:*:*:*"
@@ -1276,11 +1266,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "MPL-2.0",
-    "AND",
-    "MIT"
-   ],
+   "licenses": "MPL-2.0 AND MIT",
    "language": "",
    "cpes": [
     "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20220614-r0:*:*:*:*:*:*:*",
@@ -1355,11 +1341,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "BSD-2-Clause",
-    "AND",
-    "BSD-3-Clause"
-   ],
+   "licenses": "BSD-2-Clause AND BSD-3-Clause",
    "language": "",
    "cpes": [
     "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r3:*:*:*:*:*:*:*",
@@ -1403,9 +1385,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "OpenSSL"
-   ],
+   "licenses": "OpenSSL",
    "language": "",
    "cpes": [
     "cpe:2.3:a:libcrypto1.1:libcrypto1.1:1.1.1s-r0:*:*:*:*:*:*:*"
@@ -1582,9 +1562,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "OpenSSL"
-   ],
+   "licenses": "OpenSSL",
    "language": "",
    "cpes": [
     "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1s-r0:*:*:*:*:*:*:*"
@@ -1656,9 +1634,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "MIT"
-   ],
+   "licenses": "MIT",
    "language": "",
    "cpes": [
     "cpe:2.3:a:musl:musl:1.2.3-r1:*:*:*:*:*:*:*"
@@ -1721,11 +1697,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "MIT",
-    "BSD",
-    "GPL2+"
-   ],
+   "licenses": "MIT OR BSD OR GPL2+",
    "language": "",
    "cpes": [
     "cpe:2.3:a:musl-utils:musl-utils:1.2.3-r1:*:*:*:*:*:*:*",
@@ -1836,9 +1808,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:scanelf:scanelf:1.3.4-r0:*:*:*:*:*:*:*"
@@ -1896,9 +1866,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "GPL-2.0-only"
-   ],
+   "licenses": "GPL-2.0-only",
    "language": "",
    "cpes": [
     "cpe:2.3:a:ssl-client:ssl-client:1.35.0-r17:*:*:*:*:*:*:*",
@@ -1963,9 +1931,7 @@
      "layerID": "sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd"
     }
    ],
-   "licenses": [
-    "Zlib"
-   ],
+   "licenses": "Zlib",
    "language": "",
    "cpes": [
     "cpe:2.3:a:zlib:zlib:1.2.12-r3:*:*:*:*:*:*:*"