Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fill in SPDX originator for all supported package types #2822

Merged
merged 2 commits into from
Apr 29, 2024
Merged

Fill in SPDX originator for all supported package types #2822

merged 2 commits into from
Apr 29, 2024

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Apr 29, 2024
edited
Loading

Today the SPDX originator field is partially filled in based on the package type. This enhances this processing in a few ways:

  • adds several more types considered during processing
  • adds completion testing, such that more package metadata types will result in requiring to add such originator processing here as well
  • combines testing for originator and supplier fields, which are semantically linked thus should both be considered during test

Fixes #2632

@wagoodman
add failing test + beef up doc comments
d2f0978 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman
cover more metadata types in spdx originator processing
b7b8073 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman requested a review from a team April 29, 2024 18:01
spiffcs
spiffcs approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢

@wagoodman wagoodman merged commit 5b03788 into main Apr 29, 2024
11 checks passed
@wagoodman wagoodman deleted the upgrade-spdx-originator branch April 29, 2024 20:33
spiffcs added a commit that referenced this pull request Apr 30, 2024
@spiffcs
Merge branch 'main' into dependabot/github_actions/github/codeql-acti…
e6fc92f 
…on-3.25.3

* main:
  Fill in SPDX originator for all supported package types (#2822)
  chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#2821)
  update spdx license list to 3.23 (#2818)
spiffcs added a commit to camcui/syft that referenced this pull request May 1, 2024
@spiffcs
Merge branch 'main' into camcui/main
72ccbd4 
* main:
  chore(deps): bump github.com/docker/docker (anchore#2827)
  fix(spdx): include required fields (anchore#2168)
  fix: add correct vendor for dnsmasq CPE (anchore#2659)
  fix: close temp rpmdb file (anchore#2792)
  chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3 (anchore#2817)
  Fill in SPDX originator for all supported package types (anchore#2822)
  chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (anchore#2821)
  update spdx license list to 3.23 (anchore#2818)
@BrewTestBot BrewTestBot mentioned this pull request May 9, 2024
Merged
@kzantow kzantow mentioned this pull request May 14, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SPDX originator is not always populated
2 participants
@wagoodman @spiffcs