Skip to content

Java library which implements the Java object model for SPDX and provides useful helper functions

License

Notifications You must be signed in to change notification settings

dwalluck/Spdx-Java-Library

 
 

Repository files navigation

Spdx-Java-Library

Maven Central Java CI with Maven

Java library which implements the Java object model for SPDX and provides useful helper functions.

Code quality badges

| Bugs | Security Rating | Maintainability Rating | Technical Debt |

Storage Interface

The Spdx-Java-Library allows for different implementations of SPDX object storage. The storage facility implements the org.spdx.storage.IModelStore interface. This is a low level Service Provider Interface (SPI). The ISerializableModelStore extends the IModelStore and supports serializing and de-serializing the store to an I/O Stream. This interface is currently used to implement JSON, XML, YAML, and RDF/XML formats. The default storage interface is an in-memory Map which should be sufficient for light weight usage of the library.

Most common use of the library would de-serialize an existing SPDX document using one of the supported formats and model stores. To create SPDX objects from scratch, simply create the Java objects found in the org.spdx.library.model package. The model follows the SPDX Object Model. The model objects themselves are stateless and do not store information. All information is retrieved from the model store when properties are access. Storage to the classes will store the updates through the use of the storage interface.

Multi-Threaded Considerations

The methods enterCriticalSection and leaveCritialSection are available to support multi-threaded applications. These methods serialize access to the model store for the specific SPDX document used for the SPDX model object.

Getting Started

The library is available in Maven Central org.spdx:java-spdx-library.

If you are using Maven, you can add the following dependency in your POM file:

<dependency>
  <groupId>org.spdx</groupId>
  <artifactId>java-spdx-library</artifactId>
  <version>(,1.0]</version>
</dependency>

API JavaDocs are available here.

There are a couple of static classes that help common usage scenarios:

  • org.spdx.library.SPDXModelFactory supports the creation of specific model objects
  • org.spdx.library.model.license.LicenseInfoFactory supports the parsing of SPDX license expressions, creation, and comparison of SPDX licenses

Configuration options

Spdx-Java-Library can be configured using either Java system properties or a Java properties file located in the runtime CLASSPATH at /resources/spdx-java-library.properties.

The library has these configuration options:

  1. org.spdx.useJARLicenseInfoOnly - a boolean that controls whether the (potentially out of date) listed license information bundled inside the JAR is used (true), vs the library downloading the latest files from the SPDX website (false). Default is false (always download the latest files from the SPDX website).
  2. org.spdx.downloadCacheEnabled - a boolean that enables or disables the download cache. Defaults to false (the cache is disabled). The cache location is determined as per the XDG Base Directory Specification (i.e. ${XDG_CACHE_HOME}/Spdx-Java-Library or ${HOME}/.cache/Spdx-Java-Library).
  3. org.spdx.downloadCacheCheckIntervalSecs - a long that controls how often each cache entry is rechecked for staleness, in units of seconds. Defaults to 86,400 seconds (24 hours). Set to 0 (zero) to have each cache entry checked every time (note: this will result in a lot more network I/O and negatively impact performance, albeit there is still a substantial performance saving vs not using the cache at all).

Note that these configuration options can only be modified prior to first use of Spdx-Java-Library. Once the library is initialized, subsequent changes will have no effect.

Update for new properties or classes

To update Spdx-Java-Library, the following is a very brief checklist:

  1. Update the SpdxContants with any new or changed properties and classes
  2. Update the Java code representing the model
  3. Update the SpdxComparer/SpdxFileComparer in the org.spdx.compare package
  4. Update unit tests

Development Status

Note: This library is mostly stable, but and contains some defects. Reviews, suggestions are welcome. Please enter an issue with any suggestions.

About

Java library which implements the Java object model for SPDX and provides useful helper functions

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 100.0%