Matt Germonprez <germonprez@...>
Not sure if you saw this thread over at FOSSology. I think it might be of interest to SPDX too.
Hi All, Bob,
This is Kotrappa, from Wipro Technologies India.
We are using Fossology on a local sever for scanning some of packages for License/copyright info.
Recently we have installed Fossology+SPDX module on a local PC, and this gives spdx results as well.
Spdx.org gives open source tools to convert .rdf to .spdx, .spdx to .rdf, .xls to.rdf etc.
We would like to know after Fossology+SPDX scans a package and gives results in sdpx format,
Is there any command line tools to execute on command prompt in Local PC using localhost server running Fossology agents to get results in spdx format.
( Please note I cannot use Web Interface version of https://fossologyspdx.ist.unomaha.edu/?mod=Default because packages cannot be uploaded to public)
I mean, I should be able to get results something like mypackage_name.spdx or mypackage_name.rdf which complies with SPDX format
specified in spdx.org, which I can use as an input to spdx open source tools for conversion, comparison etc.
I’m confused why you mention that you cannot use fossologyspdx.ist.unomaha.edu since you have installed the spdx module on your own local machine. You shouldn’t have to use the unomaha machine since you have it installed locally.
Since you have installed the FOSSology+SPDX module on your local PC, then you can create spdx files (tag files). That option is the default but is specified in the “Output File Type” pull down on the SPDX Edit screen. So though we call it a .tag file, I think that is the same as the .spdx file.
The command line (web api) doc is at:
However, this does not generate the full .spdx (tag) output.
If I have not understood your question completely, please ask again. Liang Cao is the author of the SPDX module and he is on this list as well.
Liang Cao has added an option to generate a full SPDX document in TAG format from the command line. He has also provided a nice overview of how to work with the source.
The source is pushed to here:
The documentation is here:
The option for [fullSPDXFlag] is added.
[fullSPDXFlag]: true/false. Only when this option is set to "true", low definition version of the full SPDX contents are output. Skipping this option equals setting it to "false." This option should be set to "true" when you want to generate an SPDX document from the command line.
wget -qO - --no-check-certificate --post-file=./[mypackagename] --timeout=0 "https://domain/?mod=spdx_license_once&noCopyright=false&jsonOutput=false&fullSPDXFlag=true&packageNameInLog=[mypackagename]" > [mypackagename].spdx
wget -qO - --no-check-certificate --post-file=./time-1.7.tar --timeout=0 "https://fossologyspdx.ist.unomaha.edu/?mod=spdx_license_once&noCopyright=false&jsonOutput=false&fullSPDXFlag=false&packageNameInLog=time-1.7.tar" > time-1.7.tar.spdx
If you have any questions, please feel free to contact me or Liang. We are happy to help.
Matt Germonprez and Liang Cao