Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SPDX license list referenced in CyclonDX test to 3.23 #2818

Merged
merged 1 commit into from
Apr 26, 2024
Merged

Update SPDX license list referenced in CyclonDX test to 3.23 #2818

merged 1 commit into from
Apr 26, 2024

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Apr 26, 2024
edited

Currently we are seeing a failure of the CycloneDX schema validation:

Generating CycloneDX SBOMs...
go run ../../cmd/syft/main.go ubuntu:latest -v -o cyclonedx-xml=bom.xml -o cyclonedx-json=bom.json
[0000]  INFO syft version: [not provided]

Validating CycloneDX XML...
xmllint --noout --schema ./cyclonedx.xsd bom.xml
bom.xml:2: element id: Schemas validity error : Element '{http://cyclonedx.org/schema/bom/1.5}id': [facet 'enumeration'] The value 'Kazlib' is not an element of the set {'Interbase-1.0', 'Mup',...

The reason for this is because the SPDX license list used in schema validation is out of date -- this PR updates this list.

@wagoodman wagoodman added the changelog-ignore Don't include this issue in the release changelog label Apr 26, 2024
@wagoodman
update spdx license list to 3.23
d344aa3 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@willmurphyscode willmurphyscode enabled auto-merge (squash) April 26, 2024 14:44
@willmurphyscode willmurphyscode merged commit 87cd6c8 into main Apr 26, 2024
11 checks passed
@willmurphyscode willmurphyscode deleted the update-spdx-license-list branch April 26, 2024 14:50
spiffcs added a commit that referenced this pull request Apr 30, 2024
@spiffcs
Merge branch 'main' into dependabot/github_actions/github/codeql-acti…
e6fc92f 
…on-3.25.3

* main:
  Fill in SPDX originator for all supported package types (#2822)
  chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#2821)
  update spdx license list to 3.23 (#2818)
spiffcs added a commit to camcui/syft that referenced this pull request May 1, 2024
@spiffcs
Merge branch 'main' into camcui/main
72ccbd4 
* main:
  chore(deps): bump github.com/docker/docker (anchore#2827)
  fix(spdx): include required fields (anchore#2168)
  fix: add correct vendor for dnsmasq CPE (anchore#2659)
  fix: close temp rpmdb file (anchore#2792)
  chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3 (anchore#2817)
  Fill in SPDX originator for all supported package types (anchore#2822)
  chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (anchore#2821)
  update spdx license list to 3.23 (anchore#2818)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
changelog-ignore Don't include this issue in the release changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wagoodman @kzantow @willmurphyscode