From 4294c4fa9d5adbba72d9ef565b45bd978283b8a8 Mon Sep 17 00:00:00 2001 From: Maximilian Huber Date: Fri, 3 May 2024 15:40:32 +0200 Subject: [PATCH 1/4] start fixing examples Signed-off-by: Maximilian Huber --- serialization/json_ld/examples/spdx_document3.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/serialization/json_ld/examples/spdx_document3.json b/serialization/json_ld/examples/spdx_document3.json index 44180e4e4..df73f48e9 100644 --- a/serialization/json_ld/examples/spdx_document3.json +++ b/serialization/json_ld/examples/spdx_document3.json @@ -6,18 +6,18 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, { "type": "SpdxDocument", "spdxId": "https://some.namespace#spdxdocument159", "creationInfo": "_:creationInfo1", "name": "Doc 159 - two File elements", + "profileConformance": ["core", "software"], "element": [ "https://some.namespace#SPDXRef-Package", - "https://some.namespace#File1", + "https://some.namespace#file1", + "https://some.namespace#file2", "https://spdx.dev/elements/3F26391C#spdx-spec-v2.3", "https://some.namespace#relationship1" ], @@ -26,19 +26,19 @@ ] }, { - "type": "Package", + "type": "software_Package", "spdxId": "https://some.namespace#SPDXRef-Package", "name": "packageName", "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "https://some.namespace#file1", "name": "file1", "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "https://some.namespace#file2", "name": "file2", "creationInfo": "_:creationInfo1" From af89af7d9837a0c900dd226e730f2b2694707e3e Mon Sep 17 00:00:00 2001 From: Maximilian Huber Date: Fri, 3 May 2024 16:34:49 +0200 Subject: [PATCH 2/4] continue fixing examples Signed-off-by: Maximilian Huber --- serialization/json_ld/examples/agent1.json | 4 +- .../json_ld/examples/annotation1.json | 4 +- .../examples/converted_from_spdx_2.json | 111 +++++++++--------- 3 files changed, 55 insertions(+), 64 deletions(-) diff --git a/serialization/json_ld/examples/agent1.json b/serialization/json_ld/examples/agent1.json index 7285a3dd0..ae65a0fbd 100644 --- a/serialization/json_ld/examples/agent1.json +++ b/serialization/json_ld/examples/agent1.json @@ -6,9 +6,7 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "John Smith", "externalIdentifier": [ diff --git a/serialization/json_ld/examples/annotation1.json b/serialization/json_ld/examples/annotation1.json index 3c808b051..470e8abc3 100644 --- a/serialization/json_ld/examples/annotation1.json +++ b/serialization/json_ld/examples/annotation1.json @@ -6,9 +6,7 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "Acme Corp. Super SBOM-o-lator", "annotationType": "review", diff --git a/serialization/json_ld/examples/converted_from_spdx_2.json b/serialization/json_ld/examples/converted_from_spdx_2.json index a3469e4a1..0007afd77 100644 --- a/serialization/json_ld/examples/converted_from_spdx_2.json +++ b/serialization/json_ld/examples/converted_from_spdx_2.json @@ -18,12 +18,6 @@ "createdUsing": [ "spdx-example:SPDXRef-Actor-LicenseFind-1.0" ], - "profile": [ - "core", - "software", - "licensing" - ], - "dataLicense": "https://spdx.org/licenses/CC0-1.0", "comment": "This is the SPDX-2.3 JSON example converted to SPDX-3.0. As there is currently no closure on how to treat licenses, they are omitted here for now." }, { @@ -50,6 +44,10 @@ "creationInfo": "_:creationInfo1", "name": "SPDX-Tools-v2.0", "comment": "This document was created using SPDX 2.0 using licenses from the web site.", + "profileConformance": [ + "core", + "software" + ], "element": [ "spdx-example:SPDXRef-Actor-LicenseFind-1.0", "spdx-example:SPDXRef-Actor-ExampleCodeInspect", @@ -88,7 +86,7 @@ "spdx-example:SPDXRef-File", "spdx-example:SPDXRef-Package" ], - "namespaces": [ + "namespaceMap": [ { "type": "NamespaceMap", "prefix": "DocumentRef-spdx-tool-1.2", @@ -98,7 +96,7 @@ "imports": [ { "type": "ExternalMap", - "externalId": "DocumentRef-spdx-tool-1.2:SPDXRef-DOCUMENT", + "externalSpdxId": "DocumentRef-spdx-tool-1.2:SPDXRef-DOCUMENT", "verifiedUsing": [ { "type": "Hash", @@ -136,7 +134,7 @@ "creationInfo": "_:creationInfo1" }, { - "type": "Package", + "type": "software_Package", "spdxId": "spdx-example:SPDXRef-Package", "name": "glibc", "summary": "GNU C library.", @@ -159,7 +157,7 @@ }, { "type": "Hash", - "algorithm": "blake2B384", + "algorithm": "blake2b384", "hashValue": "aaabd89c926ab525c242e6621f2f5fa73aa4afe3d9e24aed727faaadd6af38b620bdb623dd2b4788b1c8086984af8706" } ], @@ -173,42 +171,38 @@ "originatedBy": [ "spdx-example:SPDXRef-Actor-ExampleCodeInspect-contact@example.com" ], - "suppliedBy": [ - "spdx-example:SPDXRef-Actor-JaneDoe-jane.doe@example.com" - ], + "suppliedBy": "spdx-example:SPDXRef-Actor-JaneDoe-jane.doe@example.com" , "builtTime": "2011-01-29T18:30:22Z", "releaseTime": "2012-01-29T18:30:22Z", "validUntilTime": "2014-01-29T18:30:22Z", - "purpose": [ - "source" - ], - "copyrightText": "Copyright 2008-2010 John Smith", - "attributionText": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.", - "packageVersion": "2.11.1", - "downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", - "homepage": "http://ftp.gnu.org/gnu/glibc", - "sourceInfo": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", + "software_primaryPurpose": "source", + "software_copyrightText": "Copyright 2008-2010 John Smith", + "software_attributionText": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.", + "software_packageVersion": "2.11.1", + "software_downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "software_homePage": "http://ftp.gnu.org/gnu/glibc", + "software_sourceInfo": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.", "creationInfo": "_:creationInfo1" }, { - "type": "Package", + "type": "software_Package", "spdxId": "spdx-example:SPDXRef-fromDoap-1", "name": "Apache Commons Lang", - "homepage": "http://commons.apache.org/proper/commons-lang/", + "software_homePage": "http://commons.apache.org/proper/commons-lang/", "creationInfo": "_:creationInfo1" }, { - "type": "Package", + "type": "software_Package", "spdxId": "spdx-example:SPDXRef-fromDoap-0", "name": "Jena", - "packageVersion": "3.12.0", - "downloadLocation": "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz", - "packageUrl": "pkg:maven/org.apache.jena/apache-jena@3.12.0", - "homepage": "http://www.openjena.org/", + "software_packageVersion": "3.12.0", + "software_downloadLocation": "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz", + "software_packageUrl": "pkg:maven/org.apache.jena/apache-jena@3.12.0", + "software_homePage": "http://www.openjena.org/", "creationInfo": "_:creationInfo1" }, { - "type": "Package", + "type": "software_Package", "spdxId": "spdx-example:SPDXRef-Saxon", "name": "Saxon", "description": "The Saxon package is a collection of tools for processing XML documents.", @@ -219,14 +213,14 @@ "hashValue": "85ed0817af83a24ad8da68c2b5094de69833983c" } ], - "copyrightText": "Copyright Saxonica Ltd", - "packageVersion": "8.8", - "downloadLocation": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", - "homepage": "http://saxon.sourceforge.net/", + "software_copyrightText": "Copyright Saxonica Ltd", + "software_packageVersion": "8.8", + "software_downloadLocation": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "software_homePage": "http://saxon.sourceforge.net/", "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "spdx-example:SPDXRef-DoapSource", "name": "./src/org/spdx/parser/DOAPProject.java", "verifiedUsing": [ @@ -236,10 +230,10 @@ "hashValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" } ], - "copyrightText": "Copyright 2010, 2011 Source Auditor Inc." + "software_copyrightText": "Copyright 2010, 2011 Source Auditor Inc." }, { - "type": "File", + "type": "software_File", "spdxId": "spdx-example:SPDXRef-CommonsLangSrc", "name": "./lib-source/commons-lang3-3.1-sources.jar", "comment": "This file is used by Jena", @@ -250,11 +244,11 @@ "hashValue": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" } ], - "copyrightText": "Copyright 2001-2011 The Apache Software Foundation", + "software_copyrightText": "Copyright 2001-2011 The Apache Software Foundation", "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "spdx-example:SPDXRef-JenaLib", "name": "./lib-source/jena-2.6.3-sources.jar", "comment": "This file belongs to Jena", @@ -265,10 +259,10 @@ "hashValue": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" } ], - "copyrightText": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP" + "software_copyrightText": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP" }, { - "type": "File", + "type": "software_File", "spdxId": "spdx-example:SPDXRef-Specification", "name": "./docs/myspec.pdf", "comment": "Specification Documentation", @@ -282,7 +276,7 @@ "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "spdx-example:SPDXRef-File", "name": "./package/foo.c", "comment": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.", @@ -298,22 +292,24 @@ "hashValue": "624c1abb3664f4b35547e7c73864ad24" } ], - "copyrightText": "Copyright 2008-2010 John Smith", + "software_copyrightText": "Copyright 2008-2010 John Smith", "creationInfo": "_:creationInfo1" }, { - "type": "Snippet", + "type": "software_Snippet", "spdxId": "spdx-example:SPDXRef-Snippet", "name": "from linux kernel", "comment": "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.", - "copyrightText": "Copyright 2008-2010 John Smith", - "byteRange": { - "begin": 310, - "end": 420 + "software_copyrightText": "Copyright 2008-2010 John Smith", + "software_byteRange": { + "type": "PositiveIntegerRange", + "beginIntegerRange": 310, + "endIntegerRange": 420 }, - "lineRange": { - "begin": 5, - "end": 23 + "software_lineRange": { + "type": "PositiveIntegerRange", + "beginIntegerRange": 5, + "endIntegerRange": 23 }, "creationInfo": "_:creationInfo1" }, @@ -334,18 +330,17 @@ "to": [ "spdx-example:DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement" ], - "relationshipType": "copy", + "relationshipType": "copiedTo", "creationInfo": "_:creationInfo1" }, { - "type": "SoftwareDependencyRelationship", - "spdxId": "spdx-example:SPDXRef-Relationship-2", + "type": "Relationship", + "spdxId": "spdx-example:SPDXef-Relationship-2", "from": "spdx-example:SPDXRef-Package", "to": [ "spdx-example:SPDXRef-Saxon" ], "relationshipType": "dependsOn", - "softwareLinkage": "dynamic", "creationInfo": "_:creationInfo1" }, { @@ -361,11 +356,11 @@ { "type": "Relationship", "spdxId": "spdx-example:SPDXRef-Relationship-5", - "from": "spdx-example:SPDXRef-Specification", + "from": "spdx-example:SPDXRef-fromDoap-0", "to": [ - "spdx-example:SPDXRef-fromDoap-0" + "spdx-example:SPDXRef-Specification" ], - "relationshipType": "specificationFor", + "relationshipType": "hasSpecification", "creationInfo": "_:creationInfo1" }, { From d4fc15996cd9b39d135f3438ee4f49184384241d Mon Sep 17 00:00:00 2001 From: Maximilian Huber Date: Fri, 3 May 2024 17:03:51 +0200 Subject: [PATCH 3/4] continue fixing examples Signed-off-by: Maximilian Huber --- serialization/json_ld/examples/file1.json | 11 +++----- serialization/json_ld/examples/org1.json | 4 +-- serialization/json_ld/examples/package1.json | 25 ++++++++----------- serialization/json_ld/examples/person1.json | 4 +-- serialization/json_ld/examples/person2.json | 2 -- .../json_ld/examples/relationship1.json | 4 +-- serialization/json_ld/examples/sbom1.json | 8 +++--- .../json_ld/examples/spdx_document1.json | 5 ++-- .../json_ld/examples/spdx_document2.json | 19 ++++++-------- .../json_ld/examples/spdx_document4.json | 15 ++++++----- serialization/json_ld/examples/tool1.json | 5 ++-- serialization/json_ld/examples/two_sboms.json | 12 +++------ 12 files changed, 44 insertions(+), 70 deletions(-) diff --git a/serialization/json_ld/examples/file1.json b/serialization/json_ld/examples/file1.json index 538c0c2f8..f29d959ec 100644 --- a/serialization/json_ld/examples/file1.json +++ b/serialization/json_ld/examples/file1.json @@ -1,18 +1,15 @@ { "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", - "type": "File", + "type": "software_File", "spdxId": "https://some.namespace#file1", "creationInfo": { "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "model.png", - "contentType": "image/png", - "purpose": ["documentation"], - "contentIdentifier": "https://github.com/spdx/spdx-3-model/blob/main/model.png", + "software_contentType": "image/png", + "software_primaryPurpose": "documentation", "originatedBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] } diff --git a/serialization/json_ld/examples/org1.json b/serialization/json_ld/examples/org1.json index a3882cbe1..4965fd279 100644 --- a/serialization/json_ld/examples/org1.json +++ b/serialization/json_ld/examples/org1.json @@ -6,9 +6,7 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "spdx.dev" } diff --git a/serialization/json_ld/examples/package1.json b/serialization/json_ld/examples/package1.json index d12549d3e..fb5eb861f 100644 --- a/serialization/json_ld/examples/package1.json +++ b/serialization/json_ld/examples/package1.json @@ -1,27 +1,24 @@ { "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", - "type": "Package", + "type": "software_Package", "spdxId": "https://some.namespace#SPDXRef-Package", "creationInfo": { "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "packageName", "summary": "packageSummary", "description": "packageDescription", "comment": "packageComment", - "packageVersion": "12.2", - "downloadLocation": "https://download.com", - "packageUrl": "https://some.purl", - "homepage": "https://homepage.com", - "purpose": ["source"], - "contentIdentifier": "urn:spdx.dev:pkg:123456789", + "software_packageVersion": "12.2", + "software_downloadLocation": "https://download.com", + "software_packageUrl": "https://some.purl", + "software_homePage": "https://homepage.com", + "software_primaryPurpose": "source", "originatedBy": ["https://some.namespace#SPDXRef-Agent-creatorName-some@mail.com"], - "suppliedBy": ["https://some.namespace#john_smith"], + "suppliedBy": "https://some.namespace#john_smith", "verifiedUsing": [ { "type": "Hash", @@ -34,10 +31,10 @@ "hashValue": "fbea580d286bbbbb41314430d58ba887716a74d7134119c5307cdc9f0c7a4299" } ], - "externalReference": [ + "externalRef": [ { - "type": "ExternalReference", - "externalReferenceType": "securityFix", + "type": "ExternalRef", + "externalRefType": "securityFix", "locator": ["https://support.com"] } ] diff --git a/serialization/json_ld/examples/person1.json b/serialization/json_ld/examples/person1.json index 0e0548243..f8789415f 100644 --- a/serialization/json_ld/examples/person1.json +++ b/serialization/json_ld/examples/person1.json @@ -6,9 +6,7 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "John Smith", "externalIdentifier": [ diff --git a/serialization/json_ld/examples/person2.json b/serialization/json_ld/examples/person2.json index 6b66af346..787bf03e6 100644 --- a/serialization/json_ld/examples/person2.json +++ b/serialization/json_ld/examples/person2.json @@ -8,8 +8,6 @@ "created": "2022-12-01T00:00:00Z", "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], "createdUsing": ["https://some.namespace#sbomolator_v2"], - "profile": ["core"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0", "comment": "Source: payroll list, 20221130" }, "name": "Alice Stone", diff --git a/serialization/json_ld/examples/relationship1.json b/serialization/json_ld/examples/relationship1.json index 8ff19f7ae..cf35e22ff 100644 --- a/serialization/json_ld/examples/relationship1.json +++ b/serialization/json_ld/examples/relationship1.json @@ -6,9 +6,7 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "from": "https://some.namespace#SPDXRef-Package", "to": [ diff --git a/serialization/json_ld/examples/sbom1.json b/serialization/json_ld/examples/sbom1.json index 160a34e04..688cef3e4 100644 --- a/serialization/json_ld/examples/sbom1.json +++ b/serialization/json_ld/examples/sbom1.json @@ -1,16 +1,14 @@ { "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", - "type": "Sbom", + "type": "software_Sbom", "spdxId": "https://some.namespace#SBOM", "creationInfo": { "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, - "sbomType": "TBD", + "software_sbomType": "analyzed", "element": [ "https://some.namespace#File1", "https://spdx.dev/elements/3F26391C#spdx-spec-v2.3" diff --git a/serialization/json_ld/examples/spdx_document1.json b/serialization/json_ld/examples/spdx_document1.json index ad550ad2a..9fd505d06 100644 --- a/serialization/json_ld/examples/spdx_document1.json +++ b/serialization/json_ld/examples/spdx_document1.json @@ -6,11 +6,10 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "Doc 159 - two File elements", + "profileConformance": ["core", "software"], "element": [ "https://some.namespace#File1", "https://spdx.dev/elements/3F26391C#spdx-spec-v2.3" diff --git a/serialization/json_ld/examples/spdx_document2.json b/serialization/json_ld/examples/spdx_document2.json index 65fdcb06e..fb1605985 100644 --- a/serialization/json_ld/examples/spdx_document2.json +++ b/serialization/json_ld/examples/spdx_document2.json @@ -6,15 +6,14 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, { "type": "SpdxDocument", "spdxId": "http://spdx.acme.org/3FA9CB25#spdxdocument159", "creationInfo": "_:creationInfo1", "name": "Doc 159 - two File elements", + "profileConformance": ["core", "software"], "element": [ "https://some.namespace#File1", "https://spdx.dev/elements/3F26391C#spdx-spec-v2.3" @@ -24,21 +23,19 @@ ] }, { - "type": "File", + "type": "software_File", "spdxId": "https://some.namespace#file1", "name": "model.png", - "contentType": "image/png", - "purpose": ["documentation"], - "contentIdentifier": "https://github.com/spdx/spdx-3-model/blob/main/model.png", + "software_contentType": "image/png", + "software_primaryPurpose": "documentation", "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "https://spdx.dev/elements/3F26391C#spdx-spec-v2.3", "name": "The Software Package Data Exchange® (SPDX®) Specification Version 2.3", - "contentType": "text/html", - "purpose": ["documentation"], - "contentIdentifier": "https://spdx.github.io/spdx-spec/v2.3/", + "software_contentType": "text/html", + "software_primaryPurpose": "documentation", "creationInfo": "_:creationInfo1" } ] diff --git a/serialization/json_ld/examples/spdx_document4.json b/serialization/json_ld/examples/spdx_document4.json index 717479464..d9b165b83 100644 --- a/serialization/json_ld/examples/spdx_document4.json +++ b/serialization/json_ld/examples/spdx_document4.json @@ -13,19 +13,18 @@ "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["spdxDev:spdx-dev"], - "profile": ["core", "software"], - "dataLicense": "spdxLicenses:CC0-1.0" + "createdBy": ["spdxDev:spdx-dev"] }, { "type": "SpdxDocument", "spdxId": "myNamespace:spdxdocument159", "creationInfo": "_:creationInfo1", "name": "Doc 159 - two File elements", + "profileConformance": ["core", "software"], "element": [ "myNamespace:SPDXRef-Package", - "myNamespace:File1", - "spdxDev:spdx-spec-v2.3", + "myNamespace:file1", + "myNamespace:file2", "myNamespace:relationship1" ], "rootElement": [ @@ -33,19 +32,19 @@ ] }, { - "type": "Package", + "type": "software_Package", "spdxId": "myNamespace:SPDXRef-Package", "name": "packageName", "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "myNamespace:file1", "name": "file1", "creationInfo": "_:creationInfo1" }, { - "type": "File", + "type": "software_File", "spdxId": "myNamespace:file2", "name": "file2", "creationInfo": "_:creationInfo1" diff --git a/serialization/json_ld/examples/tool1.json b/serialization/json_ld/examples/tool1.json index 975b6e64d..51c46272c 100644 --- a/serialization/json_ld/examples/tool1.json +++ b/serialization/json_ld/examples/tool1.json @@ -3,11 +3,10 @@ "type": "Tool", "spdxId": "https://some.namespace#sbomolator_v2", "creationInfo": { + "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], - "profile": ["core"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] }, "name": "Acme Corp. Super SBOM-o-lator" } diff --git a/serialization/json_ld/examples/two_sboms.json b/serialization/json_ld/examples/two_sboms.json index bb7a96c79..ef6a64efc 100644 --- a/serialization/json_ld/examples/two_sboms.json +++ b/serialization/json_ld/examples/two_sboms.json @@ -2,15 +2,13 @@ "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", "@graph": [ { - "type": "Sbom", + "type": "software_Sbom", "spdxId": "http://my_namespace.com/sbom1", "creationInfo": { "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://my_namespace.com/creator1"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://my_namespace.com/creator1"] }, "name": "My SBOM", "element": [ @@ -22,15 +20,13 @@ ] }, { - "type": "Sbom", + "type": "software_Sbom", "spdxId": "http://my_namespace.com/sbom2", "creationInfo": { "type": "CreationInfo", "specVersion": "3.0.0", "created": "2022-12-01T00:00:00Z", - "createdBy": ["https://my_namespace.com/creator1"], - "profile": ["core", "software"], - "dataLicense": "https://spdx.org/licenses/CC0-1.0" + "createdBy": ["https://my_namespace.com/creator1"] }, "name": "My other SBOM", "element": [ From fae69af57b99138cfd7462294fc387c1cecca6e6 Mon Sep 17 00:00:00 2001 From: Maximilian Huber Date: Fri, 3 May 2024 17:15:10 +0200 Subject: [PATCH 4/4] continue fixing examples Signed-off-by: Maximilian Huber --- serialization/json_ld/examples/converted_from_spdx_2.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/serialization/json_ld/examples/converted_from_spdx_2.json b/serialization/json_ld/examples/converted_from_spdx_2.json index 0007afd77..652d5709a 100644 --- a/serialization/json_ld/examples/converted_from_spdx_2.json +++ b/serialization/json_ld/examples/converted_from_spdx_2.json @@ -222,6 +222,7 @@ { "type": "software_File", "spdxId": "spdx-example:SPDXRef-DoapSource", + "creationInfo": "_:creationInfo1", "name": "./src/org/spdx/parser/DOAPProject.java", "verifiedUsing": [ { @@ -250,6 +251,7 @@ { "type": "software_File", "spdxId": "spdx-example:SPDXRef-JenaLib", + "creationInfo": "_:creationInfo1", "name": "./lib-source/jena-2.6.3-sources.jar", "comment": "This file belongs to Jena", "verifiedUsing": [