-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support SPDX 2.3 #1292
Comments
Yes, we definitely want this, too! We are currently using the spdx/tools-golang library for SPDX support and have opened a PR to get SPDX 2.3 support added there, which seems like it might be close, after which time we'll definitely update support in Syft! |
Awesome, looking forward to it. |
|
Cool, thanks! We will upgrade the version of syft used in jenkins X pipelines :) |
What would you like to be added:
The latest version of spdx specification is 2.3. SBOMs produced by Syft are still on version 2.2.
It would be nice to add support for 2.3. Other sbom authoring tools like ko, apko and kubernetes sbom tool already support producing sbom with version 2.3 as the default.
https://spdx.github.io/spdx-spec/v2.3/
The text was updated successfully, but these errors were encountered: