-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What should "SBOM Author" name be if SBOM created by a tool? #52
Comments
I should also note that using the
|
@rnjudge, thank you for investigating these bugs closely!
The tool CURRENTLY checks that the author is a person or organization. ntia-conformance-checker/ntia_conformance_checker/sbom_checker.py Lines 50 to 58 in caa2015
It seems that, IIUC, I'll put in a PR to fix this. |
That's a good point. There should be extra info here. I'll open a separate issue for that. |
Thanks for such a quick fix/response @jspeed-meyers! |
When I run this tool on an SPDX document created by Tern, I get a
False
status forSBOM author name provided
field. My question is, what should this field be when a document is created by a tool? According to the spec, https://spdx.github.io/spdx-spec/v2.3/how-to-use/#k22-mapping-ntia-minimum-elements-to-spdx-fields,Author
maps to theCreator
field. In this case, the creator is a tool and the SBOM includes this information:What is the tool looking for?
The text was updated successfully, but these errors were encountered: