Python library to parse, validate and create SPDX documents CI status (Linux, macOS and Windows): Breaking changes v0.7 -> v0.8 Please be aware that the upcoming 0.8 release has undergone a significant refactoring in preparation for the upcoming SPDX v3.0 release, leading to breaking changes ...
Python >= 3.6 is now required. Added pyspdxtools_convertor and pyspdxtools_parser CLI scripts. See the readme for usage instructions. Updated the tools to support SPDX versions up to 2.3 and to conform with the specification. Apart from many bugfixes and new properties, some of the more...
Describe the bug Validation error reported from the SPDX online validator https://www.python.org/ftp/python/3.12.2/Python-3.12.2.tgz.spdx.json Analysis exception processing SPDX file: Duplicate SPDX ID: SPDXRef-FILE-Lib-collections-abc.p...
https://opensource.apple.com/source/python/python-3/python/Modules/regexpr.h.auto.html I'd probably avoid using the copyright holder's name in this instance, since this copyright holder has shown up in other (unrelated) licenses on the license list, see e.g. https://spdx.org/licenses/...
Create a python3 virtual environment: python3 -m venv ternenv cd ternenv NOTE:Your OS might distribute each Python version separately. For example, on Ubuntu LTS, Python 2.7 is linked topython2and Python 3.6 is linked topython3. I develop with Python 3.7 which is installed separately with ...
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variet