1. Spdx
  2. Topics

SPDX Merging #spdx

Patil, Sandeep
 

Hi All, 
Is there any tool to merge two spdx file ? 

Regards
Sandeep 

Gary O'Neall
 

I’m not aware of a tool that currently supports merging.  There is an issue open on the SPDX Java tools – any java programmers out there who would like to volunteer a solution is welcome to create a pull request.

 

Regards,

Gary

 

From: spdx@... <spdx@...> On Behalf Of Patil, Sandeep via lists.spdx.org
Sent: Monday, August 8, 2022 4:07 AM
To: spdx@...
Subject: [spdx] SPDX Merging #spdx

 

Hi All, 
Is there any tool to merge two spdx file ? 

Regards
Sandeep 

Ivana Atanasova
 

Hi,

 

I’m currently working on a composer tool that supports merging. Shortly to be open-sourced.

 

Best,

Ivana

 

---

Ivana Atanasova

Open Source Engineer

VMware Open Source Program Office

 

From: spdx@... <spdx@...> on behalf of Gary O'Neall via lists.spdx.org <gary=sourceauditor.com@...>
Date: Monday, 8 August 2022, 20:07
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Merging #spdx

I’m not aware of a tool that currently supports merging.  There is an issue open on the SPDX Java tools – any java programmers out there who would like to volunteer a solution is welcome to create a pull request.

 

Regards,

Gary

 

From: spdx@... <spdx@...> On Behalf Of Patil, Sandeep via lists.spdx.org
Sent: Monday, August 8, 2022 4:07 AM
To: spdx@...
Subject: [spdx] SPDX Merging #spdx

 

Hi All, 
Is there any tool to merge two spdx file ? 

Regards
Sandeep 

 

Joe Bussell
 

Shouldn’t this be done by creating a third SBOM that refers back to the subordinate SBOMs, including all three in the result chain?

 

From: spdx@... <spdx@...> On Behalf Of Gary O'Neall via lists.spdx.org
Sent: Monday, August 8, 2022 10:07 AM
To: spdx@...
Subject: [EXTERNAL] Re: [spdx] SPDX Merging #spdx

 

I’m not aware of a tool that currently supports merging.  There is an issue open on the SPDX Java tools – any java programmers out there who would like to volunteer a solution is welcome to create a pull request.

 

Regards,

Gary

 

From: spdx@... <spdx@...> On Behalf Of Patil, Sandeep via lists.spdx.org
Sent: Monday, August 8, 2022 4:07 AM
To: spdx@...
Subject: [spdx] SPDX Merging #spdx

 

Hi All, 
Is there any tool to merge two spdx file ? 

Regards
Sandeep 

Ivana Atanasova
 

Hi,

 

Just made the sbom-composer tool public. It’s been only run with sboms that I generated, so would be very happy to hear your feedback and do any following updates if necessary.

 

Joe, it does the merge based on these guidelines. As an example these two sboms result in this composed.spdx. Shortly, it just appends the data without the document creation information, allows the latter to be configurable and updates the references. Would be happy to hear your feedback if any.

 

Best,

Ivana

 

---

Ivana Atanasova

Open Source Engineer

VMware Open Source Program Office

 

From: spdx@... <spdx@...> on behalf of Joe Bussell via lists.spdx.org <joe.bussell=microsoft.com@...>
Date: Tuesday, 9 August 2022, 20:09
To: spdx@... <spdx@...>
Subject: Re: [spdx] SPDX Merging #spdx

Shouldn’t this be done by creating a third SBOM that refers back to the subordinate SBOMs, including all three in the result chain?

 

From: spdx@... <spdx@...> On Behalf Of Gary O'Neall via lists.spdx.org
Sent: Monday, August 8, 2022 10:07 AM
To: spdx@...
Subject: [EXTERNAL] Re: [spdx] SPDX Merging #spdx

 

I’m not aware of a tool that currently supports merging.  There is an issue open on the SPDX Java tools – any java programmers out there who would like to volunteer a solution is welcome to create a pull request.

 

Regards,

Gary

 

From: spdx@... <spdx@...> On Behalf Of Patil, Sandeep via lists.spdx.org
Sent: Monday, August 8, 2022 4:07 AM
To: spdx@...
Subject: [spdx] SPDX Merging #spdx

 

Hi All, 
Is there any tool to merge two spdx file ? 

Regards
Sandeep 

 

1 - 5 of 5