Skip to content

Use of deprecated field to state relationships in SBOM #1958

New issue
New issue
Open
#1962
Open
Use of deprecated field to state relationships in SBOM#1958
#1962
Labels
bugSomething isn't working
@Moullisha

Description

@Moullisha
Moullisha
opened on Nov 18, 2025

Describe the bug
documentDescribes is a deprecated field and should not be used to describe relationships in SBOM. Instead relationships array should be used.

System configuration

  • Which version of ScanCode.io are you running?
  • Are you running the app using Docker?
  • On which OS?
  • What inputs are you using?
  • Which pipeline are you running?

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior
As per SPDX schema, documentDescribes is a deprecated field and relationships array should be used to describe relationship b/w different packages of the SBOM.

https://github.com/spdx/spdx-spec/blob/support/2.3.1/schemas/spdx-schema.json

Screenshots
If applicable, add screenshots to help explain your problem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions