Converting Errors

[sdd4181]

I went through the documented setup, and running ./mvnw clean package succeeds. When trying to run the spdxcyclone I am getting issues.

I am running this on a windows vm with jdk 11.0.15, and I'm running spdxcyclone-0.0.1-SNAPSHOT-jar-with-dependencies.jar because all others exit with no main manifest attribute. I run this jar file identically to the usage command java -jar spdxcyclone-0.0.1-SNAPSHOT-jar-with-dependencies.jar ./cyclonedx.json ./spdx.json and get the following error.

Thank you for any help you can provide!

11:52:33.229 [main] ERROR org.spdx.jacksonstore.JacksonSerializer - Invalid ID SPDXRef-pkg-maven-com.google.errorprone-error_prone_annotations-2.2.0-type-jar.  Must be an SPDX Identifier or Anonymous
Exception in thread "main" java.lang.RuntimeException: org.spdx.library.InvalidSPDXAnalysisException: Invalid ID SPDXRef-pkg-maven-com.google.errorprone-error_prone_annotations-2.2.0-type-jar.  Must be an SPDX Identifier or Anonymous
        at org.spdx.jacksonstore.JacksonSerializer.lambda$1(JacksonSerializer.java:245)
        at java.base/java.util.stream.ReduceOps$4ReducingSink.accept(ReduceOps.java:220)
        at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:589)
        at org.spdx.jacksonstore.JacksonSerializer.getDocElements(JacksonSerializer.java:240)
        at org.spdx.jacksonstore.JacksonSerializer.docToJsonNode(JacksonSerializer.java:117)
        at org.spdx.jacksonstore.MultiFormatStore.serialize(MultiFormatStore.java:166)
        at com.sourceauditor.spdxcyclone.CycloneToSpdx.cycloneDxToSpdx(CycloneToSpdx.java:278)
        at com.sourceauditor.spdxcyclone.CycloneToSpdx.main(CycloneToSpdx.java:218)
Caused by: org.spdx.library.InvalidSPDXAnalysisException: Invalid ID SPDXRef-pkg-maven-com.google.errorprone-error_prone_annotations-2.2.0-type-jar.  Must be an SPDX Identifier or Anonymous
        at org.spdx.jacksonstore.JacksonSerializer.typedValueToObjectNode(JacksonSerializer.java:178)
        at org.spdx.jacksonstore.JacksonSerializer.lambda$1(JacksonSerializer.java:243)
        ... 12 more

[goneall]

@sdd4181 I added PR #12 to improve the README for running the correct JAR file.

[goneall]

@sdd4181 Can you attached the cyclonedx.json file you are trying to convert?

[sdd4181]

It wouldn't let me send json file formats so I zipped the 3 files I used and attached them below.
cycloneSBOM.zip

[goneall]

@sdd4181 I was able to duplicate this translating the file dubboMavenSBOMCycloneDX.json. Definitely an issue with this utility or one of the library dependencies.

I'll do some investigating over the next few days and update the issue.

[sdd4181]

ok, thank you for your help!