Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for spdx-tools >= 0.8 #5428

Closed
fabaff opened this issue Aug 10, 2023 · 1 comment · Fixed by #5431
Closed

Support for spdx-tools >= 0.8 #5428

fabaff opened this issue Aug 10, 2023 · 1 comment · Fixed by #5431
Assignees
@gruebel
Labels
outputs
Milestone
outputs

Comments

@fabaff
Copy link

fabaff commented Aug 10, 2023

Describe the issue
The 0.8 version of the spdx-toolsmodule lays the groundwork for the upcoming SPDX-3.0 implementation. Unfortunately 0.8 contains breaking changes.

At first glance it looks like that at least common/output/spdx.py needs some modifications.

Version (please complete the following information):

  • Checkov Version: latest

Additional context
This issue is mainly relevant for distributions which are shipping checkov as package and not users who are running with a Python venv.
@fabaff fabaff added the checks Check additions or changes label Aug 10, 2023
@fabaff fabaff mentioned this issue Aug 10, 2023
Merged
12 tasks
@gruebel
Copy link
Contributor

gruebel commented Aug 10, 2023

hey @fabaff thanks for reaching out.

We intentionally upper bounded it, because the 0.8.0 version will introduce breaking changes. So, thanks for letting us know, because I was not aware it was already released. I don't think it will be a heavy lift on our side, because it is just used to create the SPDX output 😄

@gruebel gruebel added outputs and removed checks Check additions or changes labels Aug 10, 2023
@gruebel gruebel self-assigned this Aug 10, 2023
@gruebel gruebel added this to checkov Aug 10, 2023
@gruebel gruebel moved this to 🐶 Ready in checkov Aug 10, 2023
@gruebel gruebel added this to the outputs milestone Aug 10, 2023
@gruebel gruebel mentioned this issue Aug 11, 2023
Merged
7 tasks
@github-project-automation github-project-automation bot moved this from 🐶 Ready to 🚀 Done in checkov Aug 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gruebel gruebel

Labels
outputs
Projects
checkov
Status: 🚀 Done
Milestone
outputs
Development

Successfully merging a pull request may close this issue.

feat(sca): update spdx-tools dep to version 0.8.0 and lower bound it bridgecrewio/checkov
2 participants
@fabaff @gruebel