-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can one parse a JSON containing Elements extended by an unsupported / unknown profile? #42
Comments
@maxhbr Good question. This is very related to a long running debate on how to treat serialization level information in the document. Parsing implies that there is a deserialization going on of something that was serialized - let's call that an SPDXDocument for the purpose of this comment. If the SPDXDocument has creation information and that creation information would represent the intent of the SPDXDocument creator . The profile field in the SPDXDocument element could be used to guide the deserialization and would give you the answer in a very straightforward and high performance manner (e.g. you don't have to interpret each element and try to reverse engineer the profiles based on type etc.). In the current model diagram - the "collection -> SpdxCollection?" class could be used for that purpose since it already contains information specific to the serialization. This approach isn't as powerful as interpreting each individual element since each element could conceivably have a different profile, but I would find this approach to be rather difficult to implement. |
Yes, the assumption is that a SBOM was serialized to a json and its abbreviated version is above.
This creationInfo just contains |
Hey, I have looked at the following example taken from the current png and I have a question related to it, regarding "one does not need to support every profile and just looses information that is not relevant".
For this example lets assume that I do not have support for software profile. Since SBOM is basically a BOM I would assume that I still should be able to parse it (despite loosing some information, that is not relevant for me).
But how do I know that it is basically a BOM, the JSON does not contain that information?
(A rather ugly workaround would be to have something like
"@type": "SBOM:BOM:Bundle:Collection:Element"
in the serialization.)The text was updated successfully, but these errors were encountered: