While generating spdx json documents from Tern, @maxhbr found a bug in the Tern SPDX JSON document that was not caught by the latest tools-java-1.0.2-jar-with-dependencies.jar release. He found the bug using jsonschema validation.
$ jsonschema -i tern.spdx.json spdx-schema.json
Tool: tern-2.8.0: 'Tool: tern-2.8.0' is not of type 'array'
false: 'false' is not of type 'boolean'
true: 'true' is not of type 'boolean'
{'name': 'layer.tar', 'SPDXID': 'SPDXRef-0b40512829', 'fileName': '50445ea47417946f2e6f276a78dcf8 [...] , 'LicenseRef-884dc06']}: Additional properties are not allowed ('fileName' was unexpected)
false: 'false' is not of type 'boolean'
None: None is not of type 'string'
Specifically missed errors in the document (more details here):
creators is a string and not an arrayfilesAnalyzed is a "false" string instead of a boolean- One package name was using the
fileName key but it should be packageFileName
- Some package names are
null instead of a string
I will fix this in Tern but also wanted to raise the issue here since we use this tooling suite to verify our documents are valid when we make changes to them.
While generating spdx json documents from Tern, @maxhbr found a bug in the Tern SPDX JSON document that was not caught by the latest
tools-java-1.0.2-jar-with-dependencies.jarrelease. He found the bug using jsonschema validation.Specifically missed errors in the document (more details here):
creatorsis a string and not an arrayfilesAnalyzedis a "false" string instead of a booleanfileNamekey but it should bepackageFileNamenullinstead of a stringI will fix this in Tern but also wanted to raise the issue here since we use this tooling suite to verify our documents are valid when we make changes to them.