Add an external-ref of type purl to the example files. #509
Conversation
…473 Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
| copyrightText: "Copyright 2008-2010 John Smith" | ||
| description: "The GNU C Library defines functions that are specified by the ISO\ | ||
| \ C standard, as well as additional features specific to POSIX and other derivatives\ | ||
| \ of the Unix operating system, and extensions specific to GNU systems." | ||
| downloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" | ||
| externalRefs: | ||
| - referenceCategory: "SECURITY" | ||
| referenceLocator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*" | ||
| referenceType: "http://spdx.org/rdf/references/cpe23Type" |
There was a problem hiding this comment.
According to #451, shouldn't this be just "cpe23Type"?
There was a problem hiding this comment.
Similar in other places, and also in the JSON.
There was a problem hiding this comment.
According to #451, shouldn't this be just "cpe23Type"?
@sschuberth I agree - this is a bug in the Java tools or libraries. I added an issue to track: spdx/spdx-java-jackson-store#18
There was a problem hiding this comment.
I just added a commit to manually fix the reference type.
BTW - the reference type for non-SPDX defined types are still full URI's to make sure they are unique.
There was a problem hiding this comment.
Just FYI - I'll be offline for a few days and may be a bit slow to responding to any additional review comments
…es rather than full URI Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
Resolves issue #473
Note that the examples already contain a CPE external ref.
Since these example files are machine generated, the order of the elements are somewhat random making the diffs rather useless. You can, however, run these files through compare and viewer or other verification tools to review.
Signed-off-by: Gary O'Neall gary@sourceauditor.com