Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sanitize SPDX LicenseRefs #1657

Merged
merged 1 commit into from
Mar 6, 2023
Merged

fix: sanitize SPDX LicenseRefs #1657

merged 1 commit into from
Mar 6, 2023

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Mar 6, 2023
edited

Some SPDX LicenseRefs may be output incorrectly with invalid characters or whitespace, this PR sanitizes licenseRefs to adhere to the spec.

Fixes: #1651

@kzantow
fix: sanitize SPDX LicenseRefs
f007c58 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow requested a review from a team March 6, 2023 15:08
@kzantow kzantow mentioned this pull request Mar 6, 2023
Closed
@kzantow kzantow merged commit 7cfdffa into anchore:main Mar 6, 2023
@kzantow kzantow deleted the fix/spdx-licenseref branch March 6, 2023 16:02
This was referenced Mar 9, 2023
Open
Open
Closed
Closed
Merged
Closed
Closed
Merged
@dependabot dependabot bot mentioned this pull request Mar 20, 2023
Closed
spiffcs added a commit to deitch/syft that referenced this pull request Mar 21, 2023
@spiffcs
Merge branch 'main' into proper-license-expression
fef61e1 
* main: (47 commits)
  Deprecate config.yaml as valid config source; Add unit regression for correct config paths (anchore#1640)
  chore: Update syft bootstrap tools to latest versions. (anchore#1682)
  Update documentation: (anchore#1680)
  chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (anchore#1681)
  fix: reduce logging for bad dpkg lines (anchore#1675)
  fix ruby classifier (anchore#1678)
  feat: add shared dir for easier cleanup (anchore#1676)
  chore(deps): bump github.com/google/go-containerregistry (anchore#1672)
  chore(deps): bump actions/setup-go from 3 to 4 (anchore#1671)
  fix: move defer after error to protect panic case (anchore#1670)
  feat: add argocd, helm, kustomize and kubectl binary classifiers (anchore#1663)
  defer closing file (anchore#1668)
  fix: remove author contributing to javascript CPEs (anchore#1669)
  fix: more python matching support (anchore#1667)
  Update syft bootstrap tools to latest versions. (anchore#1666)
  feat: add ruby classifier (anchore#1665)
  Update syft bootstrap tools to latest versions. (anchore#1658)
  fix: improved Python binary detection (anchore#1648)
  fix: suppress some known incorrect vendor candidates for npm CPEs (anchore#1659)
  fix: sanitize SPDX LicenseRefs (anchore#1657)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
fix: sanitize SPDX LicenseRefs (anchore#1657)
5459804 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SPDX][TV] SBOM value format is incorrect for LicenseID
2 participants
@kzantow @spiffcs