Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SPDX 2.3 #1292

Closed
ankitm123 opened this issue Oct 26, 2022 · 4 comments · Fixed by #1311
Closed

Support SPDX 2.3 #1292

ankitm123 opened this issue Oct 26, 2022 · 4 comments · Fixed by #1311
Assignees
Labels
enhancement New feature or request

Comments

@ankitm123
Copy link

What would you like to be added:

The latest version of spdx specification is 2.3. SBOMs produced by Syft are still on version 2.2.
It would be nice to add support for 2.3. Other sbom authoring tools like ko, apko and kubernetes sbom tool already support producing sbom with version 2.3 as the default.

https://spdx.github.io/spdx-spec/v2.3/

@ankitm123 ankitm123 added the enhancement New feature or request label Oct 26, 2022
@kzantow
Copy link
Contributor

kzantow commented Oct 26, 2022

Yes, we definitely want this, too! We are currently using the spdx/tools-golang library for SPDX support and have opened a PR to get SPDX 2.3 support added there, which seems like it might be close, after which time we'll definitely update support in Syft!

@kzantow kzantow added the blocked Progress is being stopped by something label Oct 26, 2022
@ankitm123
Copy link
Author

Awesome, looking forward to it.

@kzantow kzantow changed the title Support spdx 2.3 Support SPDX 2.3 Oct 26, 2022
@kzantow kzantow removed the blocked Progress is being stopped by something label Nov 1, 2022
@kzantow kzantow self-assigned this Nov 1, 2022
@kzantow kzantow added the blocked Progress is being stopped by something label Nov 7, 2022
@kzantow
Copy link
Contributor

kzantow commented Nov 7, 2022

NOTE: we need to get one more change merged into the tools-golang repo: spdx/tools-golang#170 -- Done!

@ankitm123
Copy link
Author

Cool, thanks! We will upgrade the version of syft used in jenkins X pipelines :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants