From 9b980dab9c27bcf6ee16fcf7e14316416a81b430 Mon Sep 17 00:00:00 2001 From: Marc-Etienne Vargenau Date: Tue, 25 Feb 2025 17:19:10 +0100 Subject: [PATCH 01/94] Update README with RC2 Signed-off-by: Marc-Etienne Vargenau --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index f057491..2453b1a 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Non-security related issues should be added to the [SPDX tools issues list](http ## Syntax The command line interface of the spdx tools can be used like this: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar ## SPDX format converters The following converter tools support spdx format: @@ -49,17 +49,17 @@ The following converter tools support spdx format: Example to convert a SPDX file from tag to rdf format: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: * use the file extension `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: ``` -java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD +java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ``` ## Compare utilities @@ -69,13 +69,13 @@ The following tools can be used to compare one or more SPDX documents: Example to compare multiple SPDX files provided in rdf format and provide a spreadsheet with the results: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN * CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer The following tool can be used to "Pretty Print" an SPDX document. @@ -84,7 +84,7 @@ The following tool can be used to "Pretty Print" an SPDX document. Sample usage: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier The following tool can be used to verify an SPDX document: @@ -93,7 +93,7 @@ The following tool can be used to verify an SPDX document: Sample usage: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators The following tool can be used to generate an SPDX verification code from a directory of source files: @@ -102,7 +102,7 @@ The following tool can be used to generate an SPDX verification code from a dire Sample usage: - java -jar tools-java-2.0.0-Alpha-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. The [SPDX Validation Tool](https://tools.spdx.org/app/validate/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. From 2a121b832dc89128d81da59ce2090d4156d17ef6 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Tue, 25 Feb 2025 09:08:49 -0800 Subject: [PATCH 02/94] Add a step to update the README on new releases --- RELEASE-CHECKLIST.md | 1 + 1 file changed, 1 insertion(+) diff --git a/RELEASE-CHECKLIST.md b/RELEASE-CHECKLIST.md index f711dcb..ab53894 100644 --- a/RELEASE-CHECKLIST.md +++ b/RELEASE-CHECKLIST.md @@ -8,3 +8,4 @@ - [ ] Release artifacts to Maven Central - [ ] Create a Git release including release notes - [ ] Zip up the files from the Maven archive and add them to the release +- [ ] Update README to refer to the new release in the Syntax section From 463ff16d26070d37e4a9445273e34fbc4046faf7 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 1 Feb 2025 06:14:28 +0100 Subject: [PATCH 03/94] Standardise SPDX header in source files Also fix few typos Signed-off-by: Arthit Suriyawongkul --- CONTRIBUTING.md | 12 ++++++--- .../ExistingSpdxDocumentV2Compat.java | 3 ++- .../examples/SimpleSpdxDocumentV2Compat.java | 3 ++- .../java/org/spdx/tools/CompareSpdxDocs.java | 21 ++++----------- .../spdx/tools/GenerateVerificationCode.java | 19 +++----------- .../spdx/tools/InvalidFileNameException.java | 19 +++----------- src/main/java/org/spdx/tools/Main.java | 19 ++------------ .../spdx/tools/MatchingStandardLicenses.java | 20 +++----------- .../org/spdx/tools/OnlineToolException.java | 19 +++----------- .../spdx/tools/RdfSchemaToJsonContext.java | 19 +++----------- .../org/spdx/tools/RdfSchemaToJsonSchema.java | 21 +++------------ .../java/org/spdx/tools/RdfSchemaToXsd.java | 26 +++++-------------- .../java/org/spdx/tools/SpdxConverter.java | 17 ++---------- .../spdx/tools/SpdxConverterException.java | 21 +++------------ .../java/org/spdx/tools/SpdxToolsHelper.java | 7 +++-- .../spdx/tools/SpdxVerificationException.java | 21 +++------------ src/main/java/org/spdx/tools/SpdxVersion.java | 18 ++----------- src/main/java/org/spdx/tools/SpdxViewer.java | 23 +++------------- src/main/java/org/spdx/tools/Verify.java | 20 +++----------- .../compare/AbstractFileCompareSheet.java | 19 +++----------- .../org/spdx/tools/compare/AbstractSheet.java | 17 +++--------- .../org/spdx/tools/compare/CompareHelper.java | 19 +++----------- .../org/spdx/tools/compare/CreatorSheet.java | 21 ++++----------- .../compare/DocumentAnnotationSheet.java | 19 +++----------- .../compare/DocumentRelationshipSheet.java | 19 +++----------- .../org/spdx/tools/compare/DocumentSheet.java | 22 ++++------------ .../compare/ExternalReferencesSheet.java | 19 +++----------- .../tools/compare/ExtractedLicenseSheet.java | 21 ++++----------- .../tools/compare/FileAnnotationSheet.java | 19 +++----------- .../tools/compare/FileAttributionSheet.java | 19 +++----------- .../spdx/tools/compare/FileChecksumSheet.java | 21 ++++----------- .../spdx/tools/compare/FileCommentSheet.java | 19 +++----------- .../tools/compare/FileConcludedSheet.java | 21 ++++----------- .../tools/compare/FileContributorsSheet.java | 19 +++----------- .../tools/compare/FileCopyrightSheet.java | 19 +++----------- .../compare/FileLicenseCommentsSheet.java | 21 ++++----------- .../tools/compare/FileLicenseInfoSheet.java | 21 ++++----------- .../spdx/tools/compare/FileNoticeSheet.java | 19 +++----------- .../tools/compare/FileRelationshipSheet.java | 19 +++----------- .../spdx/tools/compare/FileSpdxIdSheet.java | 22 ++++------------ .../org/spdx/tools/compare/FileTypeSheet.java | 21 ++++----------- .../compare/MultiDocumentSpreadsheet.java | 21 ++++----------- .../compare/NormalizedFileNameComparator.java | 19 +++----------- .../org/spdx/tools/compare/PackageSheet.java | 23 +++++----------- .../org/spdx/tools/compare/SnippetSheet.java | 24 +++++------------ .../spdx/tools/compare/VerificationSheet.java | 23 +++++----------- .../org/spdx/tools/compare/package-info.java | 21 +++------------ .../tools/schema/AbstractOwlRdfConverter.java | 16 ++---------- .../spdx/tools/schema/OwlToJsonContext.java | 16 ++---------- .../spdx/tools/schema/OwlToJsonSchema.java | 19 +++----------- .../java/org/spdx/tools/schema/OwlToXsd.java | 16 ++---------- .../spdx/tools/schema/SchemaException.java | 19 +++----------- .../org/spdx/tools/schema/package-info.java | 17 +++--------- .../org/spdx/tools/CompareSpdxDocsTest.java | 25 ++++-------------- .../org/spdx/tools/SpdxConverterTestV2.java | 21 +++------------ .../org/spdx/tools/SpdxConverterTestV3.java | 6 +++-- .../sourcefiles/AbstractFileCompareSheet.java | 19 +++----------- testResources/sourcefiles/AbstractSheet.java | 17 +++--------- testResources/sourcefiles/CompareHelper.java | 19 +++----------- testResources/sourcefiles/CreatorSheet.java | 21 ++++----------- .../sourcefiles/DocumentAnnotationSheet.java | 19 +++----------- .../DocumentRelationshipSheet.java | 19 +++----------- testResources/sourcefiles/DocumentSheet.java | 21 ++++----------- .../sourcefiles/ExternalReferencesSheet.java | 19 +++----------- .../sourcefiles/ExtractedLicenseSheet.java | 21 ++++----------- .../sourcefiles/FileAnnotationSheet.java | 19 +++----------- .../sourcefiles/FileAttributionSheet.java | 19 +++----------- .../sourcefiles/FileChecksumSheet.java | 21 ++++----------- .../sourcefiles/FileCommentSheet.java | 21 ++++----------- .../sourcefiles/FileConcludedSheet.java | 23 ++++------------ .../sourcefiles/FileContributorsSheet.java | 20 +++----------- .../sourcefiles/FileCopyrightSheet.java | 20 +++----------- .../sourcefiles/FileLicenseCommentsSheet.java | 22 ++++------------ .../sourcefiles/FileLicenseInfoSheet.java | 22 ++++------------ .../sourcefiles/FileNoticeSheet.java | 20 +++----------- .../sourcefiles/FileRelationshipSheet.java | 20 +++----------- .../sourcefiles/FileSpdxIdSheet.java | 23 +++++----------- testResources/sourcefiles/FileTypeSheet.java | 22 ++++------------ .../sourcefiles/MultiDocumentSpreadsheet.java | 22 ++++------------ .../NormalizedFileNameComparator.java | 20 +++----------- testResources/sourcefiles/PackageSheet.java | 22 ++++------------ testResources/sourcefiles/SnippetSheet.java | 22 ++++------------ .../sourcefiles/VerificationSheet.java | 22 ++++------------ testResources/sourcefiles/package-info.java | 21 +++------------ 84 files changed, 346 insertions(+), 1280 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index edf73a4..c4a6f5f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,7 +1,11 @@ +--- +SPDX-FileType: DOCUMENTATION SPDX-License-Identifier: CC-BY-4.0 +--- Contributing ============ + Thank you for your interest in `tools-java`. The project is open-source software, and bug reports, suggestions, and most especially patches are welcome. All contributions must include a "Signed-off-by" line in the commit message. @@ -10,12 +14,14 @@ This indicates that the contribution is made pursuant to the [Developer Certific Issues ------ + `tools-java` has a [project page on GitHub](https://github.com/spdx/tools-java/) where you can [create an issue](https://github.com/spdx/tools-java/issues/new) to report a bug, make a suggestion, or propose a substantial change or improvement that you might like to make. You may also wish to contact the SPDX working group technical team through its mailing list, [spdx-tech@lists.spdx.org](mailto:spdx-tech@lists.spdx.org). If you would like to work on a fix for any issue, please assign the issue to yourself prior to creating a patch. Patches ------- + The source code for `spdx-tools` is hosted on [github.com/spdx/tools-java](https://github.com/spdx/tools-java). Please review [open pull requests](https://github.com/spdx/tools-java/pulls) and [active branches](https://github.com/spdx/tools-java/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. To submit a patch via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. @@ -24,20 +30,19 @@ To contribute an implementation of a feature defined by a version of the SPDX sp Once implemented, submit a pull request with `spec/X.X` branch as the parent branch. - Licensing --------- New **code files** should include a [short-form SPDX ID](https://spdx.org/ids) at the top, indicating the project license for code, which is Apache-2.0. This should look like the following: -``` +```java // SPDX-License-Identifier: Apache-2.0 ``` Developer Certificate of Origin (DCO) ------------------------------------- -``` +```text Developer Certificate of Origin Version 1.1 @@ -76,4 +81,3 @@ By making a contribution to this project, I certify that: maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. ``` - diff --git a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java index 2d0b245..226ad06 100644 --- a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java @@ -1,6 +1,7 @@ /** + * SPDX-FileCopyrightText: Copyright (c) 2021 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2021 Source Auditor Inc. */ package org.spdx.examples; diff --git a/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java b/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java index 07be22c..117569d 100644 --- a/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java @@ -1,6 +1,7 @@ /** + * SPDX-FileCopyrightText: Copyright (c) 2021 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2021 Source Auditor Inc. */ package org.spdx.examples; diff --git a/src/main/java/org/spdx/tools/CompareSpdxDocs.java b/src/main/java/org/spdx/tools/CompareSpdxDocs.java index 6894031..c0a8ad3 100644 --- a/src/main/java/org/spdx/tools/CompareSpdxDocs.java +++ b/src/main/java/org/spdx/tools/CompareSpdxDocs.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; diff --git a/src/main/java/org/spdx/tools/GenerateVerificationCode.java b/src/main/java/org/spdx/tools/GenerateVerificationCode.java index f84ff34..308783e 100644 --- a/src/main/java/org/spdx/tools/GenerateVerificationCode.java +++ b/src/main/java/org/spdx/tools/GenerateVerificationCode.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2011 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; diff --git a/src/main/java/org/spdx/tools/InvalidFileNameException.java b/src/main/java/org/spdx/tools/InvalidFileNameException.java index 8e3e404..f27ab1b 100644 --- a/src/main/java/org/spdx/tools/InvalidFileNameException.java +++ b/src/main/java/org/spdx/tools/InvalidFileNameException.java @@ -1,26 +1,13 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools; /** - * Illegal paramater fro a file name + * Illegal parameter fro a file name * @author Gary O'Neall - * */ public class InvalidFileNameException extends Exception { diff --git a/src/main/java/org/spdx/tools/Main.java b/src/main/java/org/spdx/tools/Main.java index 94ddfdb..1c658e0 100644 --- a/src/main/java/org/spdx/tools/Main.java +++ b/src/main/java/org/spdx/tools/Main.java @@ -1,20 +1,6 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; @@ -26,7 +12,6 @@ * Dispatch individual tools * * @author Gary O'Neall - * */ public class Main { diff --git a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java index 9d0ddc2..62e1b80 100644 --- a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java +++ b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2014 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2014 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; @@ -30,7 +19,6 @@ * license ID's that are equivalent using the SPDX Legal team's license matching * guidelines (http://spdx.org/spdx-license-list/matching-guidelines) * @author Gary O'Neall - * */ public class MatchingStandardLicenses { diff --git a/src/main/java/org/spdx/tools/OnlineToolException.java b/src/main/java/org/spdx/tools/OnlineToolException.java index ac84aef..cc827aa 100644 --- a/src/main/java/org/spdx/tools/OnlineToolException.java +++ b/src/main/java/org/spdx/tools/OnlineToolException.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2017 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2017 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; /** diff --git a/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java b/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java index da78787..ebc4f97 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java @@ -1,19 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools; @@ -35,9 +23,8 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** - * Convert an RDF schema file containing SPDX property to a JSON context file for all properties in the SPDX namspace + * Convert an RDF schema file containing SPDX property to a JSON context file for all properties in the SPDX namespace * @author Gary O'Neall - * */ public class RdfSchemaToJsonContext { diff --git a/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java b/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java index af32803..123fe98 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java @@ -1,19 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools; @@ -37,9 +25,8 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** - * Convert an RDF schema file containing SPDX property to a JSON schema file for all properties in the SPDX namspace + * Convert an RDF schema file containing SPDX property to a JSON schema file for all properties in the SPDX namespace * @author Gary O'Neall - * */ public class RdfSchemaToJsonSchema { @@ -120,7 +107,7 @@ public static void main(String[] args) { public static void usage() { System.out.println("Usage:"); - System.out.println("RdfSchemaToJsonScema rdfSchemaFile jsonSchemaFile"); + System.out.println("RdfSchemaToJsonSchema rdfSchemaFile jsonSchemaFile"); System.out.println("\trdfSchemaFile RDF schema file in RDF/XML format"); System.out.println("\tjsonSchemaFile output JSON Schema file"); } diff --git a/src/main/java/org/spdx/tools/RdfSchemaToXsd.java b/src/main/java/org/spdx/tools/RdfSchemaToXsd.java index 5eed1d3..864bfa6 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToXsd.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToXsd.java @@ -1,4 +1,10 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -16,29 +22,9 @@ import org.spdx.tools.schema.OwlToXsd; import org.spdx.tools.schema.SchemaException; - -/** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - /** * Convert an RDF OWL document to an XML Schema * @author Gary O'Neall - * */ public class RdfSchemaToXsd { diff --git a/src/main/java/org/spdx/tools/SpdxConverter.java b/src/main/java/org/spdx/tools/SpdxConverter.java index aeb500e..2ebf311 100644 --- a/src/main/java/org/spdx/tools/SpdxConverter.java +++ b/src/main/java/org/spdx/tools/SpdxConverter.java @@ -1,19 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools; @@ -47,7 +35,6 @@ * * the covert(...) methods can be called programmatically to convert files * @author Gary O'Neall - * */ public class SpdxConverter { static final Logger logger = LoggerFactory.getLogger(SpdxConverter.class); diff --git a/src/main/java/org/spdx/tools/SpdxConverterException.java b/src/main/java/org/spdx/tools/SpdxConverterException.java index bef43d2..5bfdafb 100644 --- a/src/main/java/org/spdx/tools/SpdxConverterException.java +++ b/src/main/java/org/spdx/tools/SpdxConverterException.java @@ -1,29 +1,14 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; /** - * @author Gary O'Neall - * * Exceptions related to the SPDX converter utility * + * @author Gary O'Neall */ public class SpdxConverterException extends Exception { diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index 5c525b7..ee9bb6a 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -1,8 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/src/main/java/org/spdx/tools/SpdxVerificationException.java b/src/main/java/org/spdx/tools/SpdxVerificationException.java index 65faf49..7c1cf41 100644 --- a/src/main/java/org/spdx/tools/SpdxVerificationException.java +++ b/src/main/java/org/spdx/tools/SpdxVerificationException.java @@ -1,29 +1,14 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; /** - * @author Gary O'Neall - * * Exceptions for the SPDX Verify tools * + * @author Gary O'Neall */ public class SpdxVerificationException extends Exception { diff --git a/src/main/java/org/spdx/tools/SpdxVersion.java b/src/main/java/org/spdx/tools/SpdxVersion.java index b432b60..e0643f4 100644 --- a/src/main/java/org/spdx/tools/SpdxVersion.java +++ b/src/main/java/org/spdx/tools/SpdxVersion.java @@ -1,20 +1,6 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxViewer.java b/src/main/java/org/spdx/tools/SpdxViewer.java index 269a894..b9d7440 100644 --- a/src/main/java/org/spdx/tools/SpdxViewer.java +++ b/src/main/java/org/spdx/tools/SpdxViewer.java @@ -1,21 +1,9 @@ -package org.spdx.tools; /** - * Copyright (c) 2010 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2010 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 */ - +package org.spdx.tools; import java.io.File; import java.io.PrintWriter; @@ -37,7 +25,6 @@ * @author Gary O'Neall * @version 0.1 */ - public class SpdxViewer { static final int MIN_ARGS = 1; @@ -48,9 +35,7 @@ public class SpdxViewer { * Pretty Printer for an SPDX Document * * @param args args[0] SPDX file path; args[1] [RDFXML|JSON|XLS|XLSX|YAML|TAG] an optional file type - if not present, file type of the to file will be used - * */ - public static void main(String[] args) { if (args.length < MIN_ARGS) { System.err diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index de421f2..33b3ad2 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; @@ -46,7 +35,6 @@ /** * Verifies an SPDX document and lists any verification errors * @author Gary O'Neall - * */ public class Verify { diff --git a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java index e42492f..ab1aaf9 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.List; diff --git a/src/main/java/org/spdx/tools/compare/AbstractSheet.java b/src/main/java/org/spdx/tools/compare/AbstractSheet.java index e44cfb4..e37b2a9 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractSheet.java @@ -1,18 +1,7 @@ /** - * Copyright (c) 2011 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/CompareHelper.java b/src/main/java/org/spdx/tools/compare/CompareHelper.java index ad7121f..cef6413 100644 --- a/src/main/java/org/spdx/tools/compare/CompareHelper.java +++ b/src/main/java/org/spdx/tools/compare/CompareHelper.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.net.URI; diff --git a/src/main/java/org/spdx/tools/compare/CreatorSheet.java b/src/main/java/org/spdx/tools/compare/CreatorSheet.java index 882760b..f66f058 100644 --- a/src/main/java/org/spdx/tools/compare/CreatorSheet.java +++ b/src/main/java/org/spdx/tools/compare/CreatorSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; diff --git a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java index 28af862..3e287dc 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java index 9237bd6..5503e18 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/src/main/java/org/spdx/tools/compare/DocumentSheet.java b/src/main/java/org/spdx/tools/compare/DocumentSheet.java index b0e2a1a..7ce6709 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.List; @@ -36,7 +25,6 @@ * The first row summarizes which fields are different, the subsequent rows are the * specific date from each result * @author Gary O'Neall - * */ public class DocumentSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java index 7c3cb2f..51d0c2a 100644 --- a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java index 0c23d7c..a051cab 100644 --- a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java index 21b372f..7837906 100644 --- a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; diff --git a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java index 36a9020..531057f 100644 --- a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Collection; diff --git a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java index f063b54..a99beca 100644 --- a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Objects; diff --git a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java index c809b24..e19cb76 100644 --- a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Optional; diff --git a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java index 24f6cfb..171f677 100644 --- a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; diff --git a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java index 5812a9a..d0223b7 100644 --- a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Collection; diff --git a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java index 6de6819..2ca4270 100644 --- a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java index 8c71fc7..3fa541b 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Optional; diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java index 7881578..a30ca83 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Collection; diff --git a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java index 0832232..4645f23 100644 --- a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Optional; diff --git a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java index c389860..f93d1b8 100644 --- a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; diff --git a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java index d870ebc..a263c96 100644 --- a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -22,8 +11,7 @@ import org.spdx.utility.compare.SpdxComparer; /** - * @author Gary - * + * @author Gary O'Neall */ public class FileSpdxIdSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java index 0e8c954..17fe24b 100644 --- a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; diff --git a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java index dedd571..5553876 100644 --- a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java +++ b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.File; diff --git a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java index e98437c..5d3c9d6 100644 --- a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java +++ b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/src/main/java/org/spdx/tools/compare/PackageSheet.java b/src/main/java/org/spdx/tools/compare/PackageSheet.java index 2d33d62..406ac91 100644 --- a/src/main/java/org/spdx/tools/compare/PackageSheet.java +++ b/src/main/java/org/spdx/tools/compare/PackageSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -39,12 +28,12 @@ import org.spdx.utility.compare.SpdxCompareException; import org.spdx.utility.compare.SpdxComparer; import org.spdx.utility.compare.SpdxPackageComparer; + /** * Document level fields for comparison spreadsheet * Column1 is the document field name, column2 indicates if all docs are equal, * columns3 through columnN are document specific field values * @author Gary O'Neall - * */ public class PackageSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/SnippetSheet.java b/src/main/java/org/spdx/tools/compare/SnippetSheet.java index ac0dbe7..f172bbd 100644 --- a/src/main/java/org/spdx/tools/compare/SnippetSheet.java +++ b/src/main/java/org/spdx/tools/compare/SnippetSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2016 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2016 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -38,9 +27,8 @@ import org.spdx.utility.compare.SpdxSnippetComparer; /** - * Comparsion sheet for SPDX Snippets - * @author Gary O'Neall - * + * Comparison sheet for SPDX Snippets + * @author Gary O'Neal */ public class SnippetSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/VerificationSheet.java b/src/main/java/org/spdx/tools/compare/VerificationSheet.java index 235a998..86e3da3 100644 --- a/src/main/java/org/spdx/tools/compare/VerificationSheet.java +++ b/src/main/java/org/spdx/tools/compare/VerificationSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.List; @@ -28,9 +17,9 @@ /** * Worksheet containing verification errors + * * Columns are package names, rows are individual verification errors * @author Gary O'Neall - * */ public class VerificationSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/package-info.java b/src/main/java/org/spdx/tools/compare/package-info.java index 9b41c4a..9bf2e0f 100644 --- a/src/main/java/org/spdx/tools/compare/package-info.java +++ b/src/main/java/org/spdx/tools/compare/package-info.java @@ -1,26 +1,11 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ /** - * @author Gary O'Neall - * * Classes related to the Compare SPDX Docs utilities * + * @author Gary O'Neall */ package org.spdx.tools.compare; \ No newline at end of file diff --git a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java index af16822..d268786 100644 --- a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java +++ b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java @@ -1,19 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools.schema; diff --git a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java index 792fa37..53905c5 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java +++ b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java @@ -1,19 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools.schema; diff --git a/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java b/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java index 790c87f..d1a5c4d 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java +++ b/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java @@ -1,19 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools.schema; @@ -46,10 +34,9 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** - * @author Gary O'Neall - * * Converts from RDF/OWL RDF/XML documents to JSON Schema draft 7 * + * @author Gary O'Neall */ public class OwlToJsonSchema extends AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/OwlToXsd.java b/src/main/java/org/spdx/tools/schema/OwlToXsd.java index 24c4741..fff8d58 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToXsd.java +++ b/src/main/java/org/spdx/tools/schema/OwlToXsd.java @@ -1,19 +1,7 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools.schema; diff --git a/src/main/java/org/spdx/tools/schema/SchemaException.java b/src/main/java/org/spdx/tools/schema/SchemaException.java index e009b2b..d57e263 100644 --- a/src/main/java/org/spdx/tools/schema/SchemaException.java +++ b/src/main/java/org/spdx/tools/schema/SchemaException.java @@ -1,25 +1,12 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package org.spdx.tools.schema; /** - * @author gary - * + * @author Gary O'Neall */ public class SchemaException extends Exception { diff --git a/src/main/java/org/spdx/tools/schema/package-info.java b/src/main/java/org/spdx/tools/schema/package-info.java index a317a47..f682dc9 100644 --- a/src/main/java/org/spdx/tools/schema/package-info.java +++ b/src/main/java/org/spdx/tools/schema/package-info.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ + /** * This package contains classes implementing tools for managing various schemas for the SPDX documents. * diff --git a/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java b/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java index 8f1f85c..6792a9b 100644 --- a/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java +++ b/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java @@ -1,20 +1,6 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; @@ -41,10 +27,9 @@ import junit.framework.TestCase; /** - * @author Gary O'Neall - * * Test cases for CompareSpdxDocs * + * @author Gary O'Neall */ public class CompareSpdxDocsTest extends TestCase { @@ -65,7 +50,7 @@ public class CompareSpdxDocsTest extends TestCase { static final String TEST_XML_FILE_PATH_23 = TEST_DIR + File.separator + "SPDXXMLExample-v2.3.spdx.xml"; static final String TEST_YAML_FILE_PATH_23 = TEST_DIR + File.separator + "SPDXYAMLExample-2.3.spdx.yaml"; - static final String TEST_DIFF_FILE_COMMNENT_FILE_PATH = TEST_DIR + File.separator + "DifferentFileComment.spdx.yaml"; + static final String TEST_DIFF_FILE_COMMENT_FILE_PATH = TEST_DIR + File.separator + "DifferentFileComment.spdx.yaml"; @@ -137,7 +122,7 @@ public void testCompareDocumentsv22() throws OnlineToolException, SpreadsheetExc public void testDifferentDocuments() throws OnlineToolException, SpreadsheetException { String outputFilePath = tempDirPath + File.separator + "comp.xlsx"; String[] params = new String[] {outputFilePath, - TEST_YAML_FILE_PATH_22, TEST_DIFF_FILE_COMMNENT_FILE_PATH + TEST_YAML_FILE_PATH_22, TEST_DIFF_FILE_COMMENT_FILE_PATH }; CompareSpdxDocs.onlineFunction(params); MultiDocumentSpreadsheet result = new MultiDocumentSpreadsheet(new File(outputFilePath), false, true); diff --git a/src/test/java/org/spdx/tools/SpdxConverterTestV2.java b/src/test/java/org/spdx/tools/SpdxConverterTestV2.java index 547ff58..e91d479 100644 --- a/src/test/java/org/spdx/tools/SpdxConverterTestV2.java +++ b/src/test/java/org/spdx/tools/SpdxConverterTestV2.java @@ -1,20 +1,6 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; @@ -47,8 +33,7 @@ import junit.framework.TestCase; /** - * @author gary - * + * @author Gary O'Neall */ public class SpdxConverterTestV2 extends TestCase { diff --git a/src/test/java/org/spdx/tools/SpdxConverterTestV3.java b/src/test/java/org/spdx/tools/SpdxConverterTestV3.java index 608a23e..dadc29f 100644 --- a/src/test/java/org/spdx/tools/SpdxConverterTestV3.java +++ b/src/test/java/org/spdx/tools/SpdxConverterTestV3.java @@ -1,6 +1,7 @@ /** + * SPDX-FileCopyrightText: Copyright (c) 2024 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2024 Source Auditor Inc. */ package org.spdx.tools; @@ -32,8 +33,9 @@ import junit.framework.TestCase; /** - * @author gary + * Test SPDX converter v3 * + * @author Gary O'Neall */ public class SpdxConverterTestV3 extends TestCase { diff --git a/testResources/sourcefiles/AbstractFileCompareSheet.java b/testResources/sourcefiles/AbstractFileCompareSheet.java index 2e481a4..1f194d0 100644 --- a/testResources/sourcefiles/AbstractFileCompareSheet.java +++ b/testResources/sourcefiles/AbstractFileCompareSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.List; diff --git a/testResources/sourcefiles/AbstractSheet.java b/testResources/sourcefiles/AbstractSheet.java index 88a2be1..de7c9f4 100644 --- a/testResources/sourcefiles/AbstractSheet.java +++ b/testResources/sourcefiles/AbstractSheet.java @@ -1,18 +1,7 @@ /** - * Copyright (c) 2011 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/CompareHelper.java b/testResources/sourcefiles/CompareHelper.java index c90a146..2571377 100644 --- a/testResources/sourcefiles/CompareHelper.java +++ b/testResources/sourcefiles/CompareHelper.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.net.URI; diff --git a/testResources/sourcefiles/CreatorSheet.java b/testResources/sourcefiles/CreatorSheet.java index 4f2bc7e..d4a995f 100644 --- a/testResources/sourcefiles/CreatorSheet.java +++ b/testResources/sourcefiles/CreatorSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; diff --git a/testResources/sourcefiles/DocumentAnnotationSheet.java b/testResources/sourcefiles/DocumentAnnotationSheet.java index 9b879cc..610969c 100644 --- a/testResources/sourcefiles/DocumentAnnotationSheet.java +++ b/testResources/sourcefiles/DocumentAnnotationSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/testResources/sourcefiles/DocumentRelationshipSheet.java b/testResources/sourcefiles/DocumentRelationshipSheet.java index 84c4da3..fcb81b7 100644 --- a/testResources/sourcefiles/DocumentRelationshipSheet.java +++ b/testResources/sourcefiles/DocumentRelationshipSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/testResources/sourcefiles/DocumentSheet.java b/testResources/sourcefiles/DocumentSheet.java index 0b9f378..eafd67a 100644 --- a/testResources/sourcefiles/DocumentSheet.java +++ b/testResources/sourcefiles/DocumentSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.List; diff --git a/testResources/sourcefiles/ExternalReferencesSheet.java b/testResources/sourcefiles/ExternalReferencesSheet.java index f5f3ecd..00296bb 100644 --- a/testResources/sourcefiles/ExternalReferencesSheet.java +++ b/testResources/sourcefiles/ExternalReferencesSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/testResources/sourcefiles/ExtractedLicenseSheet.java b/testResources/sourcefiles/ExtractedLicenseSheet.java index d18f7fe..01a2460 100644 --- a/testResources/sourcefiles/ExtractedLicenseSheet.java +++ b/testResources/sourcefiles/ExtractedLicenseSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; diff --git a/testResources/sourcefiles/FileAnnotationSheet.java b/testResources/sourcefiles/FileAnnotationSheet.java index 1b1f3f7..c517de7 100644 --- a/testResources/sourcefiles/FileAnnotationSheet.java +++ b/testResources/sourcefiles/FileAnnotationSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; diff --git a/testResources/sourcefiles/FileAttributionSheet.java b/testResources/sourcefiles/FileAttributionSheet.java index 1850612..ad5775f 100644 --- a/testResources/sourcefiles/FileAttributionSheet.java +++ b/testResources/sourcefiles/FileAttributionSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Collection; diff --git a/testResources/sourcefiles/FileChecksumSheet.java b/testResources/sourcefiles/FileChecksumSheet.java index 1f0f248..4926a03 100644 --- a/testResources/sourcefiles/FileChecksumSheet.java +++ b/testResources/sourcefiles/FileChecksumSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Objects; diff --git a/testResources/sourcefiles/FileCommentSheet.java b/testResources/sourcefiles/FileCommentSheet.java index 10597b8..ef0ab08 100644 --- a/testResources/sourcefiles/FileCommentSheet.java +++ b/testResources/sourcefiles/FileCommentSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -23,7 +12,7 @@ import org.spdx.utility.compare.SpdxComparer; /** - * Sheet continaing results for file comment comparison + * Sheet containing results for file comment comparison * @author Gary O'Neall * */ diff --git a/testResources/sourcefiles/FileConcludedSheet.java b/testResources/sourcefiles/FileConcludedSheet.java index c1e96db..caef38f 100644 --- a/testResources/sourcefiles/FileConcludedSheet.java +++ b/testResources/sourcefiles/FileConcludedSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -23,10 +12,8 @@ import org.spdx.utility.compare.SpdxCompareException; import org.spdx.utility.compare.SpdxComparer; - /** * @author Source Auditor - * */ public class FileConcludedSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileContributorsSheet.java b/testResources/sourcefiles/FileContributorsSheet.java index 165e812..08b86b4 100644 --- a/testResources/sourcefiles/FileContributorsSheet.java +++ b/testResources/sourcefiles/FileContributorsSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Collection; @@ -27,7 +16,6 @@ /** * Sheet with results for file AttributionText comparison results * @author Gary O'Neall - * */ public class FileContributorsSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileCopyrightSheet.java b/testResources/sourcefiles/FileCopyrightSheet.java index d63e014..f45b236 100644 --- a/testResources/sourcefiles/FileCopyrightSheet.java +++ b/testResources/sourcefiles/FileCopyrightSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +14,6 @@ /** * Sheet comparing file copyrights * @author Gary O'Neall - * */ public class FileCopyrightSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileLicenseCommentsSheet.java b/testResources/sourcefiles/FileLicenseCommentsSheet.java index a34abe1..b4f7889 100644 --- a/testResources/sourcefiles/FileLicenseCommentsSheet.java +++ b/testResources/sourcefiles/FileLicenseCommentsSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -26,7 +15,6 @@ /** * Sheet of comparison results for file license comments * @author Gary O'Neall - * */ public class FileLicenseCommentsSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileLicenseInfoSheet.java b/testResources/sourcefiles/FileLicenseInfoSheet.java index 7760f9c..d847efe 100644 --- a/testResources/sourcefiles/FileLicenseInfoSheet.java +++ b/testResources/sourcefiles/FileLicenseInfoSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Collection; @@ -30,7 +19,6 @@ /** * Sheet of the comparison results for the file seen licenses * @author Gary O'Neall - * */ public class FileLicenseInfoSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileNoticeSheet.java b/testResources/sourcefiles/FileNoticeSheet.java index 03d1652..6e27aa3 100644 --- a/testResources/sourcefiles/FileNoticeSheet.java +++ b/testResources/sourcefiles/FileNoticeSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Optional; @@ -27,7 +16,6 @@ /** * Sheet for file notice comparison results * @author Gary O'Neall - * */ public class FileNoticeSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileRelationshipSheet.java b/testResources/sourcefiles/FileRelationshipSheet.java index e424286..d3c3ac8 100644 --- a/testResources/sourcefiles/FileRelationshipSheet.java +++ b/testResources/sourcefiles/FileRelationshipSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -25,7 +14,6 @@ /** * Sheet comparing file relationships * @author Gary O'Neall - * */ public class FileRelationshipSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileSpdxIdSheet.java b/testResources/sourcefiles/FileSpdxIdSheet.java index 1ca68bf..2866ba6 100644 --- a/testResources/sourcefiles/FileSpdxIdSheet.java +++ b/testResources/sourcefiles/FileSpdxIdSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2015 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import org.apache.poi.ss.usermodel.Workbook; @@ -22,8 +11,8 @@ import org.spdx.utility.compare.SpdxComparer; /** - * @author Gary - * + * Sheet containing file SPDX ID + * @author Gary O'Neall */ public class FileSpdxIdSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileTypeSheet.java b/testResources/sourcefiles/FileTypeSheet.java index c6fb446..56fa640 100644 --- a/testResources/sourcefiles/FileTypeSheet.java +++ b/testResources/sourcefiles/FileTypeSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -29,7 +18,6 @@ /** * Sheet containing File Type * @author Gary O'Neall - * */ public class FileTypeSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/MultiDocumentSpreadsheet.java b/testResources/sourcefiles/MultiDocumentSpreadsheet.java index bba8104..b786f06 100644 --- a/testResources/sourcefiles/MultiDocumentSpreadsheet.java +++ b/testResources/sourcefiles/MultiDocumentSpreadsheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.File; @@ -59,7 +48,6 @@ * - verification: List of any verification errors * * @author Gary O'Neall - * */ public class MultiDocumentSpreadsheet { diff --git a/testResources/sourcefiles/NormalizedFileNameComparator.java b/testResources/sourcefiles/NormalizedFileNameComparator.java index e98437c..351f77a 100644 --- a/testResources/sourcefiles/NormalizedFileNameComparator.java +++ b/testResources/sourcefiles/NormalizedFileNameComparator.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.io.Serializable; @@ -25,7 +14,6 @@ * - File separator character is "/" * - Must begin with "./" * @author Gary O'Neall - * */ public class NormalizedFileNameComparator implements Comparator>, Serializable { diff --git a/testResources/sourcefiles/PackageSheet.java b/testResources/sourcefiles/PackageSheet.java index f6d3d0e..9ec328d 100644 --- a/testResources/sourcefiles/PackageSheet.java +++ b/testResources/sourcefiles/PackageSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -43,7 +32,6 @@ * Column1 is the document field name, column2 indicates if all docs are equal, * columns3 through columnN are document specific field values * @author Gary O'Neall - * */ public class PackageSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/SnippetSheet.java b/testResources/sourcefiles/SnippetSheet.java index 0147ecb..1bbfa2f 100644 --- a/testResources/sourcefiles/SnippetSheet.java +++ b/testResources/sourcefiles/SnippetSheet.java @@ -1,19 +1,8 @@ /** - * Copyright (c) 2016 Source Auditor Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2016 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.Arrays; @@ -38,9 +27,8 @@ import org.spdx.utility.compare.SpdxSnippetComparer; /** - * Comparsion sheet for SPDX Snippets + * Comparison sheet for SPDX Snippets * @author Gary O'Neall - * */ public class SnippetSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/VerificationSheet.java b/testResources/sourcefiles/VerificationSheet.java index 235a998..d1e46f3 100644 --- a/testResources/sourcefiles/VerificationSheet.java +++ b/testResources/sourcefiles/VerificationSheet.java @@ -1,20 +1,9 @@ /** - * Copyright (c) 2013 Source Auditor Inc. - * Copyright (c) 2013 Black Duck Software Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * -*/ + * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. + * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.compare; import java.util.List; @@ -30,7 +19,6 @@ * Worksheet containing verification errors * Columns are package names, rows are individual verification errors * @author Gary O'Neall - * */ public class VerificationSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/package-info.java b/testResources/sourcefiles/package-info.java index 9b41c4a..9bf2e0f 100644 --- a/testResources/sourcefiles/package-info.java +++ b/testResources/sourcefiles/package-info.java @@ -1,26 +1,11 @@ /** - * Copyright (c) 2020 Source Auditor Inc. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ /** - * @author Gary O'Neall - * * Classes related to the Compare SPDX Docs utilities * + * @author Gary O'Neall */ package org.spdx.tools.compare; \ No newline at end of file From eb80da7565c40618d171394aa3cc5f3c094199c0 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 1 Feb 2025 07:48:35 +0100 Subject: [PATCH 04/94] Add missing copyright headers Signed-off-by: Arthit Suriyawongkul --- .../examples/ExistingSpdxDocumentV2Compat.java | 5 ++--- .../spdx/examples/SimpleSpdxDocumentV2Compat.java | 1 - src/main/java/org/spdx/tools/CompareSpdxDocs.java | 1 - .../org/spdx/tools/GenerateVerificationCode.java | 1 - .../java/org/spdx/tools/OnlineToolException.java | 14 ++++++-------- src/main/java/org/spdx/tools/SpdxToolsHelper.java | 1 - .../tools/compare/AbstractFileCompareSheet.java | 1 - .../java/org/spdx/tools/compare/AbstractSheet.java | 1 - .../java/org/spdx/tools/compare/CompareHelper.java | 1 - .../java/org/spdx/tools/compare/CreatorSheet.java | 1 - .../tools/compare/DocumentAnnotationSheet.java | 1 - .../tools/compare/DocumentRelationshipSheet.java | 1 - .../tools/compare/ExternalReferencesSheet.java | 1 - .../spdx/tools/compare/ExtractedLicenseSheet.java | 1 - .../spdx/tools/compare/FileAnnotationSheet.java | 1 - .../spdx/tools/compare/FileAttributionSheet.java | 1 - .../org/spdx/tools/compare/FileChecksumSheet.java | 1 - .../org/spdx/tools/compare/FileCommentSheet.java | 3 +-- .../org/spdx/tools/compare/FileConcludedSheet.java | 2 +- .../spdx/tools/compare/FileContributorsSheet.java | 1 - .../org/spdx/tools/compare/FileCopyrightSheet.java | 1 - .../tools/compare/FileLicenseCommentsSheet.java | 1 - .../spdx/tools/compare/FileLicenseInfoSheet.java | 1 - .../org/spdx/tools/compare/FileNoticeSheet.java | 1 - .../spdx/tools/compare/FileRelationshipSheet.java | 1 - .../org/spdx/tools/compare/FileSpdxIdSheet.java | 1 + .../java/org/spdx/tools/compare/FileTypeSheet.java | 1 - .../tools/compare/MultiDocumentSpreadsheet.java | 1 - .../compare/NormalizedFileNameComparator.java | 2 +- .../java/org/spdx/tools/compare/package-info.java | 3 ++- .../spdx/tools/schema/AbstractOwlRdfConverter.java | 1 - .../org/spdx/tools/schema/OwlToJsonContext.java | 1 - src/main/java/org/spdx/tools/schema/OwlToXsd.java | 1 - .../java/org/spdx/tools/schema/package-info.java | 1 - .../spdx/tools/GenerateVerificationCodeTest.java | 5 +++++ src/test/java/org/spdx/tools/VerifyTest.java | 5 +++++ .../java/org/spdx/tools/schema/OwlToXSDTest.java | 5 +++++ .../sourcefiles/AbstractFileCompareSheet.java | 1 - testResources/sourcefiles/AbstractSheet.java | 1 - testResources/sourcefiles/CompareHelper.java | 1 - testResources/sourcefiles/CreatorSheet.java | 1 - .../sourcefiles/DocumentAnnotationSheet.java | 1 - .../sourcefiles/DocumentRelationshipSheet.java | 1 - testResources/sourcefiles/DocumentSheet.java | 1 - .../sourcefiles/ExternalReferencesSheet.java | 1 - .../sourcefiles/ExtractedLicenseSheet.java | 1 - testResources/sourcefiles/FileAnnotationSheet.java | 1 - .../sourcefiles/FileAttributionSheet.java | 1 - testResources/sourcefiles/FileChecksumSheet.java | 1 - testResources/sourcefiles/FileCommentSheet.java | 1 - 50 files changed, 29 insertions(+), 56 deletions(-) diff --git a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java index 226ad06..584fdce 100644 --- a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java @@ -34,7 +34,6 @@ * This example depends on the Spdx-Java-Library and the spdx-java-jackson store libraries * * @author Gary O'Neall - * */ public class ExistingSpdxDocumentV2Compat { @@ -53,7 +52,7 @@ public static void main(String[] args) { } /* - * First thing we need is a store deseralize the SPDX document into. + * First thing we need is a store deserialize the SPDX document into. * We'll chose the MultiFormatStore since it supports serializing to JSON files * It takes an underlying model store as the first parameter - the inMemSpdxStore is a simple * built in store included in the Spdx-Java-Library. The second parameter is the format @@ -75,7 +74,7 @@ public static void main(String[] args) { * license information over to the document model store */ ModelCopyManager copyManager = new ModelCopyManager(); - // Let's deseralize the document + // Let's deserialize the document try (InputStream stream = new FileInputStream(inputFile)) { modelStore.deSerialize(stream, false); diff --git a/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java b/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java index 117569d..f99a182 100644 --- a/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/SimpleSpdxDocumentV2Compat.java @@ -36,7 +36,6 @@ * This example depends on the Spdx-Java-Library and the spdx-java-jackson store libraries * * @author Gary O'Neall - * */ public class SimpleSpdxDocumentV2Compat { diff --git a/src/main/java/org/spdx/tools/CompareSpdxDocs.java b/src/main/java/org/spdx/tools/CompareSpdxDocs.java index c0a8ad3..4183bc8 100644 --- a/src/main/java/org/spdx/tools/CompareSpdxDocs.java +++ b/src/main/java/org/spdx/tools/CompareSpdxDocs.java @@ -33,7 +33,6 @@ * Document files can be either in RDF/XML or tag/value format * * @author Gary O'Neall - * */ public class CompareSpdxDocs { static final int MIN_ARGS = 2; diff --git a/src/main/java/org/spdx/tools/GenerateVerificationCode.java b/src/main/java/org/spdx/tools/GenerateVerificationCode.java index 308783e..0b711fd 100644 --- a/src/main/java/org/spdx/tools/GenerateVerificationCode.java +++ b/src/main/java/org/spdx/tools/GenerateVerificationCode.java @@ -25,7 +25,6 @@ /** * Generates a verification code for a specific directory * @author Gary O'Neall - * */ public class GenerateVerificationCode { diff --git a/src/main/java/org/spdx/tools/OnlineToolException.java b/src/main/java/org/spdx/tools/OnlineToolException.java index cc827aa..b1a831e 100644 --- a/src/main/java/org/spdx/tools/OnlineToolException.java +++ b/src/main/java/org/spdx/tools/OnlineToolException.java @@ -9,24 +9,22 @@ * Default Exception thrown to the Online Tool * * @author Rohit Lodha - * */ - public class OnlineToolException extends Exception { /** - * + * Serial version UID */ private static final long serialVersionUID = 1L; /** - * + * Default constructor for OnlineToolException. */ public OnlineToolException() { } /** - * + * Constructs an OnlineToolException with the specified message. * @param arg0 */ public OnlineToolException(String arg0) { @@ -34,7 +32,7 @@ public OnlineToolException(String arg0) { } /** - * + * Constructs an OnlineToolException with the specified throwable. * @param arg0 */ public OnlineToolException(Throwable arg0) { @@ -42,7 +40,7 @@ public OnlineToolException(Throwable arg0) { } /** - * + * Constructs an OnlineToolException with the specified message and throwable. * @param arg0 * @param arg1 */ @@ -51,7 +49,7 @@ public OnlineToolException(String arg0, Throwable arg1) { } /** - * + * Constructs an OnlineToolException with the specified message, throwable, and booleans. * @param arg0 * @param arg1 * @param arg2 diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index ee9bb6a..9505ffd 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -55,7 +55,6 @@ * Static helper methods for the various tools * * @author Gary O'Neall - * */ public class SpdxToolsHelper { diff --git a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java index ab1aaf9..57ccd54 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java @@ -24,7 +24,6 @@ * The first column is the file path, second column indicates if all documents are equal, * columns 3 through N are for the values of the individual documents * @author Gary O'Neall - * */ public abstract class AbstractFileCompareSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/AbstractSheet.java b/src/main/java/org/spdx/tools/compare/AbstractSheet.java index e37b2a9..4a13b90 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractSheet.java @@ -27,7 +27,6 @@ /** * Abstract class representing a workbook sheet used in storing structured data * @author Gary O'Neall - * */ public abstract class AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/CompareHelper.java b/src/main/java/org/spdx/tools/compare/CompareHelper.java index cef6413..73b5a2d 100644 --- a/src/main/java/org/spdx/tools/compare/CompareHelper.java +++ b/src/main/java/org/spdx/tools/compare/CompareHelper.java @@ -29,7 +29,6 @@ /** * Helper class for comparisons * @author Gary O'Neall - * */ public class CompareHelper { diff --git a/src/main/java/org/spdx/tools/compare/CreatorSheet.java b/src/main/java/org/spdx/tools/compare/CreatorSheet.java index f66f058..bf75398 100644 --- a/src/main/java/org/spdx/tools/compare/CreatorSheet.java +++ b/src/main/java/org/spdx/tools/compare/CreatorSheet.java @@ -24,7 +24,6 @@ * Column 1 describes if the creator is the same or different * Columns 2 through N are for creators in each of the documents * @author Gary O'Neall - * */ public class CreatorSheet extends AbstractSheet { private static final int COL_WIDTH = 50; diff --git a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java index 3e287dc..c69f924 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java @@ -24,7 +24,6 @@ /** * Sheet for document level annotations * @author Gary O'Neall - * */ public class DocumentAnnotationSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java index 5503e18..ef03a05 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java @@ -26,7 +26,6 @@ /** * Sheet for document level relationships * @author Gary O'Neall - * */ public class DocumentRelationshipSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java index 51d0c2a..100cad2 100644 --- a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java @@ -26,7 +26,6 @@ /** * Sheet that compares the external document references * @author Gary O'Neall - * */ public class ExternalReferencesSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java index a051cab..add8986 100644 --- a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java @@ -29,7 +29,6 @@ * Column 1 contains the extracted text * Columns 2 through N contains the license information in the format licenseId [licenseName] {licenceUrls} (licenseComment) * @author Gary O'Neall - * */ public class ExtractedLicenseSheet extends AbstractSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java index 7837906..0a54402 100644 --- a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java @@ -14,7 +14,6 @@ /** * Sheet comparing file annotations * @author Gary O'Neall - * */ public class FileAnnotationSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java index 531057f..8fd68fd 100644 --- a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java @@ -17,7 +17,6 @@ /** * Sheet with results for file contributor comparison results * @author Gary O'Neall - * */ public class FileAttributionSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java index a99beca..dd23d9b 100644 --- a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java @@ -17,7 +17,6 @@ /** * Sheet of comparison results for file checksums * @author Gary O'Neall - * */ public class FileChecksumSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java index e19cb76..7676a2a 100644 --- a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java @@ -14,9 +14,8 @@ import org.spdx.utility.compare.SpdxComparer; /** - * Sheet continaing results for file comment comparison + * Sheet containing results for file comment comparison * @author Gary O'Neall - * */ public class FileCommentSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java index 171f677..ad36be3 100644 --- a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java @@ -14,8 +14,8 @@ /** + * Sheet with results for file concluded license comparison results * @author Source Auditor - * */ public class FileConcludedSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java index d0223b7..61ebb43 100644 --- a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java @@ -16,7 +16,6 @@ /** * Sheet with results for file AttributionText comparison results * @author Gary O'Neall - * */ public class FileContributorsSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java index 2ca4270..2ccae4d 100644 --- a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java @@ -14,7 +14,6 @@ /** * Sheet comparing file copyrights * @author Gary O'Neall - * */ public class FileCopyrightSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java index 3fa541b..8f020b6 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java @@ -17,7 +17,6 @@ /** * Sheet of comparison results for file license comments * @author Gary O'Neall - * */ public class FileLicenseCommentsSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java index a30ca83..8a5abd1 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java @@ -19,7 +19,6 @@ /** * Sheet of the comparison results for the file seen licenses * @author Gary O'Neall - * */ public class FileLicenseInfoSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java index 4645f23..784b67b 100644 --- a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java @@ -16,7 +16,6 @@ /** * Sheet for file notice comparison results * @author Gary O'Neall - * */ public class FileNoticeSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java index f93d1b8..edc2896 100644 --- a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java @@ -14,7 +14,6 @@ /** * Sheet comparing file relationships * @author Gary O'Neall - * */ public class FileRelationshipSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java index a263c96..ab8cf80 100644 --- a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java @@ -11,6 +11,7 @@ import org.spdx.utility.compare.SpdxComparer; /** + * Sheet comparing file SPDX IDs * @author Gary O'Neall */ public class FileSpdxIdSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java index 17fe24b..31f934a 100644 --- a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java @@ -18,7 +18,6 @@ /** * Sheet containing File Type * @author Gary O'Neall - * */ public class FileTypeSheet extends AbstractFileCompareSheet { diff --git a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java index 5553876..9328cf0 100644 --- a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java +++ b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java @@ -48,7 +48,6 @@ * - verification: List of any verification errors * * @author Gary O'Neall - * */ public class MultiDocumentSpreadsheet { diff --git a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java index 5d3c9d6..a03d082 100644 --- a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java +++ b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java @@ -14,7 +14,6 @@ * - File separator character is "/" * - Must begin with "./" * @author Gary O'Neall - * */ public class NormalizedFileNameComparator implements Comparator>, Serializable { @@ -25,6 +24,7 @@ public class NormalizedFileNameComparator implements Comparator static final char DOS_SEPARATOR = '\\'; static final char UNIX_SEPARATOR = '/'; static final String RELATIVE_DIR = "./"; + /* (non-Javadoc) * @see java.util.Comparator#compare(java.lang.Object, java.lang.Object) */ diff --git a/src/main/java/org/spdx/tools/compare/package-info.java b/src/main/java/org/spdx/tools/compare/package-info.java index 9bf2e0f..3f7dc30 100644 --- a/src/main/java/org/spdx/tools/compare/package-info.java +++ b/src/main/java/org/spdx/tools/compare/package-info.java @@ -3,9 +3,10 @@ * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ + /** * Classes related to the Compare SPDX Docs utilities * * @author Gary O'Neall */ -package org.spdx.tools.compare; \ No newline at end of file +package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java index d268786..284e6e3 100644 --- a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java +++ b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java @@ -39,7 +39,6 @@ * Abstract class for implementing classes which convert from RDF/XML OWL format to some other format * * @author Gary O'Neall - * */ public class AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java index 53905c5..d31b406 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java +++ b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java @@ -26,7 +26,6 @@ * Convert OWL RDF schema to a JSON Context file * * @author Gary O'Neall - * */ public class OwlToJsonContext extends AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/OwlToXsd.java b/src/main/java/org/spdx/tools/schema/OwlToXsd.java index fff8d58..3947814 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToXsd.java +++ b/src/main/java/org/spdx/tools/schema/OwlToXsd.java @@ -48,7 +48,6 @@ * * * @author Gary O'Neall - * */ public class OwlToXsd extends AbstractOwlRdfConverter { diff --git a/src/main/java/org/spdx/tools/schema/package-info.java b/src/main/java/org/spdx/tools/schema/package-info.java index f682dc9..ddb494f 100644 --- a/src/main/java/org/spdx/tools/schema/package-info.java +++ b/src/main/java/org/spdx/tools/schema/package-info.java @@ -12,6 +12,5 @@ * - RDF/OWL in RDF/XML format * - JSON Schema Draft 7 * - JSON LD (Linked Data) - * */ package org.spdx.tools.schema; \ No newline at end of file diff --git a/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java b/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java index 5c437a7..5e3b753 100644 --- a/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java +++ b/src/test/java/org/spdx/tools/GenerateVerificationCodeTest.java @@ -1,3 +1,8 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; diff --git a/src/test/java/org/spdx/tools/VerifyTest.java b/src/test/java/org/spdx/tools/VerifyTest.java index 7b2f627..f2d03fe 100644 --- a/src/test/java/org/spdx/tools/VerifyTest.java +++ b/src/test/java/org/spdx/tools/VerifyTest.java @@ -1,3 +1,8 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.File; diff --git a/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java b/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java index 3d022e2..d32d63f 100644 --- a/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java +++ b/src/test/java/org/spdx/tools/schema/OwlToXSDTest.java @@ -1,3 +1,8 @@ +/** + * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools.schema; import java.io.File; diff --git a/testResources/sourcefiles/AbstractFileCompareSheet.java b/testResources/sourcefiles/AbstractFileCompareSheet.java index 1f194d0..6be9eca 100644 --- a/testResources/sourcefiles/AbstractFileCompareSheet.java +++ b/testResources/sourcefiles/AbstractFileCompareSheet.java @@ -24,7 +24,6 @@ * The first column is the file path, second column indicates if all documents are equal, * columns 3 through N are for the values of the individual documents * @author Gary O'Neall - * */ public abstract class AbstractFileCompareSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/AbstractSheet.java b/testResources/sourcefiles/AbstractSheet.java index de7c9f4..2a95922 100644 --- a/testResources/sourcefiles/AbstractSheet.java +++ b/testResources/sourcefiles/AbstractSheet.java @@ -27,7 +27,6 @@ /** * Abstract class representing a workbook sheet used in storing structured data * @author Gary O'Neall - * */ public abstract class AbstractSheet { diff --git a/testResources/sourcefiles/CompareHelper.java b/testResources/sourcefiles/CompareHelper.java index 2571377..1b116e3 100644 --- a/testResources/sourcefiles/CompareHelper.java +++ b/testResources/sourcefiles/CompareHelper.java @@ -29,7 +29,6 @@ /** * Helper class for comparisons * @author Gary O'Neall - * */ public class CompareHelper { diff --git a/testResources/sourcefiles/CreatorSheet.java b/testResources/sourcefiles/CreatorSheet.java index d4a995f..cda89c0 100644 --- a/testResources/sourcefiles/CreatorSheet.java +++ b/testResources/sourcefiles/CreatorSheet.java @@ -23,7 +23,6 @@ * Column 1 describes if the creator is the same or different * Columns 2 through N are for creators in each of the documents * @author Gary O'Neall - * */ public class CreatorSheet extends AbstractSheet { private static final int COL_WIDTH = 50; diff --git a/testResources/sourcefiles/DocumentAnnotationSheet.java b/testResources/sourcefiles/DocumentAnnotationSheet.java index 610969c..4bd98bf 100644 --- a/testResources/sourcefiles/DocumentAnnotationSheet.java +++ b/testResources/sourcefiles/DocumentAnnotationSheet.java @@ -23,7 +23,6 @@ /** * Sheet for document level annotations * @author Gary O'Neall - * */ public class DocumentAnnotationSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/DocumentRelationshipSheet.java b/testResources/sourcefiles/DocumentRelationshipSheet.java index fcb81b7..8dfd639 100644 --- a/testResources/sourcefiles/DocumentRelationshipSheet.java +++ b/testResources/sourcefiles/DocumentRelationshipSheet.java @@ -23,7 +23,6 @@ /** * Sheet for document level relationships * @author Gary O'Neall - * */ public class DocumentRelationshipSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/DocumentSheet.java b/testResources/sourcefiles/DocumentSheet.java index eafd67a..0f37155 100644 --- a/testResources/sourcefiles/DocumentSheet.java +++ b/testResources/sourcefiles/DocumentSheet.java @@ -23,7 +23,6 @@ * The first row summarizes which fields are different, the subsequent rows are the * specific date from each result * @author Gary O'Neall - * */ public class DocumentSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/ExternalReferencesSheet.java b/testResources/sourcefiles/ExternalReferencesSheet.java index 00296bb..3094b6f 100644 --- a/testResources/sourcefiles/ExternalReferencesSheet.java +++ b/testResources/sourcefiles/ExternalReferencesSheet.java @@ -24,7 +24,6 @@ /** * Sheet that compares the external document references * @author Gary O'Neall - * */ public class ExternalReferencesSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/ExtractedLicenseSheet.java b/testResources/sourcefiles/ExtractedLicenseSheet.java index 01a2460..2ca153f 100644 --- a/testResources/sourcefiles/ExtractedLicenseSheet.java +++ b/testResources/sourcefiles/ExtractedLicenseSheet.java @@ -29,7 +29,6 @@ * Column 1 contains the extracted text * Columns 2 through N contains the license information in the format licenseId [licenseName] {licenceUrls} (licenseComment) * @author Gary O'Neall - * */ public class ExtractedLicenseSheet extends AbstractSheet { diff --git a/testResources/sourcefiles/FileAnnotationSheet.java b/testResources/sourcefiles/FileAnnotationSheet.java index c517de7..3a11b12 100644 --- a/testResources/sourcefiles/FileAnnotationSheet.java +++ b/testResources/sourcefiles/FileAnnotationSheet.java @@ -14,7 +14,6 @@ /** * Sheet comparing file annotations * @author Gary O'Neall - * */ public class FileAnnotationSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileAttributionSheet.java b/testResources/sourcefiles/FileAttributionSheet.java index ad5775f..3bbf3e6 100644 --- a/testResources/sourcefiles/FileAttributionSheet.java +++ b/testResources/sourcefiles/FileAttributionSheet.java @@ -17,7 +17,6 @@ /** * Sheet with results for file contributor comparison results * @author Gary O'Neall - * */ public class FileAttributionSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileChecksumSheet.java b/testResources/sourcefiles/FileChecksumSheet.java index 4926a03..a2a39cb 100644 --- a/testResources/sourcefiles/FileChecksumSheet.java +++ b/testResources/sourcefiles/FileChecksumSheet.java @@ -17,7 +17,6 @@ /** * Sheet of comparison results for file checksums * @author Gary O'Neall - * */ public class FileChecksumSheet extends AbstractFileCompareSheet { diff --git a/testResources/sourcefiles/FileCommentSheet.java b/testResources/sourcefiles/FileCommentSheet.java index ef0ab08..805518e 100644 --- a/testResources/sourcefiles/FileCommentSheet.java +++ b/testResources/sourcefiles/FileCommentSheet.java @@ -14,7 +14,6 @@ /** * Sheet containing results for file comment comparison * @author Gary O'Neall - * */ public class FileCommentSheet extends AbstractFileCompareSheet { From 32af783fd9c8896268a6c75eabccb9087cadb98e Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 1 Feb 2025 07:52:32 +0100 Subject: [PATCH 05/94] Add newline character at the end of file Signed-off-by: Arthit Suriyawongkul --- testResources/sourcefiles/package-info.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testResources/sourcefiles/package-info.java b/testResources/sourcefiles/package-info.java index 9bf2e0f..6c75bd3 100644 --- a/testResources/sourcefiles/package-info.java +++ b/testResources/sourcefiles/package-info.java @@ -8,4 +8,4 @@ * * @author Gary O'Neall */ -package org.spdx.tools.compare; \ No newline at end of file +package org.spdx.tools.compare; From 99e16337aad8e68150a4f39239e925bd36979343 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 3 Feb 2025 00:49:43 +0100 Subject: [PATCH 06/94] Update package-info.java Signed-off-by: Arthit Suriyawongkul --- testResources/sourcefiles/package-info.java | 1 + 1 file changed, 1 insertion(+) diff --git a/testResources/sourcefiles/package-info.java b/testResources/sourcefiles/package-info.java index 6c75bd3..3f7dc30 100644 --- a/testResources/sourcefiles/package-info.java +++ b/testResources/sourcefiles/package-info.java @@ -3,6 +3,7 @@ * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 */ + /** * Classes related to the Compare SPDX Docs utilities * From 7e236df385cc9cfa23b85510e9c35c484a438096 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 26 Feb 2025 08:45:16 +0800 Subject: [PATCH 07/94] Add back copyright notice text Signed-off-by: Arthit Suriyawongkul --- src/main/java/org/spdx/tools/CompareSpdxDocs.java | 13 +++++++++++++ .../org/spdx/tools/GenerateVerificationCode.java | 13 +++++++++++++ .../org/spdx/tools/InvalidFileNameException.java | 13 +++++++++++++ src/main/java/org/spdx/tools/Main.java | 13 +++++++++++++ .../org/spdx/tools/MatchingStandardLicenses.java | 13 +++++++++++++ .../java/org/spdx/tools/OnlineToolException.java | 13 +++++++++++++ .../java/org/spdx/tools/RdfSchemaToJsonContext.java | 13 +++++++++++++ .../java/org/spdx/tools/RdfSchemaToJsonSchema.java | 13 +++++++++++++ src/main/java/org/spdx/tools/RdfSchemaToXsd.java | 13 +++++++++++++ src/main/java/org/spdx/tools/SpdxConverter.java | 13 +++++++++++++ .../java/org/spdx/tools/SpdxConverterException.java | 13 +++++++++++++ src/main/java/org/spdx/tools/SpdxToolsHelper.java | 6 +++--- .../org/spdx/tools/SpdxVerificationException.java | 13 +++++++++++++ src/main/java/org/spdx/tools/SpdxVersion.java | 13 +++++++++++++ src/main/java/org/spdx/tools/SpdxViewer.java | 13 +++++++++++++ src/main/java/org/spdx/tools/Verify.java | 13 +++++++++++++ .../tools/compare/AbstractFileCompareSheet.java | 13 +++++++++++++ .../java/org/spdx/tools/compare/AbstractSheet.java | 13 +++++++++++++ 18 files changed, 224 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/spdx/tools/CompareSpdxDocs.java b/src/main/java/org/spdx/tools/CompareSpdxDocs.java index 4183bc8..5d02b77 100644 --- a/src/main/java/org/spdx/tools/CompareSpdxDocs.java +++ b/src/main/java/org/spdx/tools/CompareSpdxDocs.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/GenerateVerificationCode.java b/src/main/java/org/spdx/tools/GenerateVerificationCode.java index 0b711fd..c125df5 100644 --- a/src/main/java/org/spdx/tools/GenerateVerificationCode.java +++ b/src/main/java/org/spdx/tools/GenerateVerificationCode.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/InvalidFileNameException.java b/src/main/java/org/spdx/tools/InvalidFileNameException.java index f27ab1b..9f438fe 100644 --- a/src/main/java/org/spdx/tools/InvalidFileNameException.java +++ b/src/main/java/org/spdx/tools/InvalidFileNameException.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/Main.java b/src/main/java/org/spdx/tools/Main.java index 1c658e0..0f1123a 100644 --- a/src/main/java/org/spdx/tools/Main.java +++ b/src/main/java/org/spdx/tools/Main.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java index 62e1b80..272d95b 100644 --- a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java +++ b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2014 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/OnlineToolException.java b/src/main/java/org/spdx/tools/OnlineToolException.java index b1a831e..59be6fb 100644 --- a/src/main/java/org/spdx/tools/OnlineToolException.java +++ b/src/main/java/org/spdx/tools/OnlineToolException.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2017 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java b/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java index ebc4f97..299099a 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToJsonContext.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java b/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java index 123fe98..595257b 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToJsonSchema.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/RdfSchemaToXsd.java b/src/main/java/org/spdx/tools/RdfSchemaToXsd.java index 864bfa6..5482966 100644 --- a/src/main/java/org/spdx/tools/RdfSchemaToXsd.java +++ b/src/main/java/org/spdx/tools/RdfSchemaToXsd.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxConverter.java b/src/main/java/org/spdx/tools/SpdxConverter.java index 2ebf311..d8c010c 100644 --- a/src/main/java/org/spdx/tools/SpdxConverter.java +++ b/src/main/java/org/spdx/tools/SpdxConverter.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxConverterException.java b/src/main/java/org/spdx/tools/SpdxConverterException.java index 5bfdafb..ad20b34 100644 --- a/src/main/java/org/spdx/tools/SpdxConverterException.java +++ b/src/main/java/org/spdx/tools/SpdxConverterException.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index 9505ffd..4c37030 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -1,12 +1,13 @@ /** * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE - * SPDX-License-Identifier: Apache-2.0 * + * SPDX-License-Identifier: Apache-2.0 + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * SPDX-License-Identifier: Apache-2.0 */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxVerificationException.java b/src/main/java/org/spdx/tools/SpdxVerificationException.java index 7c1cf41..5a75b45 100644 --- a/src/main/java/org/spdx/tools/SpdxVerificationException.java +++ b/src/main/java/org/spdx/tools/SpdxVerificationException.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxVersion.java b/src/main/java/org/spdx/tools/SpdxVersion.java index e0643f4..eec1812 100644 --- a/src/main/java/org/spdx/tools/SpdxVersion.java +++ b/src/main/java/org/spdx/tools/SpdxVersion.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/SpdxViewer.java b/src/main/java/org/spdx/tools/SpdxViewer.java index b9d7440..cd2c37a 100644 --- a/src/main/java/org/spdx/tools/SpdxViewer.java +++ b/src/main/java/org/spdx/tools/SpdxViewer.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2010 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index 33b3ad2..0942914 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java index 57ccd54..6d1c1dc 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractFileCompareSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/AbstractSheet.java b/src/main/java/org/spdx/tools/compare/AbstractSheet.java index 4a13b90..207d7b6 100644 --- a/src/main/java/org/spdx/tools/compare/AbstractSheet.java +++ b/src/main/java/org/spdx/tools/compare/AbstractSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; From 6c4c574fd89166f055f480cf56cd6bab95f5c77a Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 26 Feb 2025 10:43:05 +0800 Subject: [PATCH 08/94] Add back copyright notice text Signed-off-by: Arthit Suriyawongkul --- .../java/org/spdx/tools/compare/CompareHelper.java | 13 +++++++++++++ .../java/org/spdx/tools/compare/CreatorSheet.java | 13 +++++++++++++ .../spdx/tools/compare/DocumentAnnotationSheet.java | 13 +++++++++++++ .../tools/compare/DocumentRelationshipSheet.java | 13 +++++++++++++ .../java/org/spdx/tools/compare/DocumentSheet.java | 13 +++++++++++++ .../spdx/tools/compare/ExternalReferencesSheet.java | 13 +++++++++++++ .../spdx/tools/compare/ExtractedLicenseSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/FileAnnotationSheet.java | 13 +++++++++++++ .../spdx/tools/compare/FileAttributionSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/FileChecksumSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/FileCommentSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/FileConcludedSheet.java | 13 +++++++++++++ .../spdx/tools/compare/FileContributorsSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/FileCopyrightSheet.java | 13 +++++++++++++ .../tools/compare/FileLicenseCommentsSheet.java | 13 +++++++++++++ .../spdx/tools/compare/FileLicenseInfoSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/FileNoticeSheet.java | 13 +++++++++++++ .../spdx/tools/compare/FileRelationshipSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/FileSpdxIdSheet.java | 13 +++++++++++++ .../java/org/spdx/tools/compare/FileTypeSheet.java | 13 +++++++++++++ .../tools/compare/MultiDocumentSpreadsheet.java | 13 +++++++++++++ .../tools/compare/NormalizedFileNameComparator.java | 13 +++++++++++++ .../java/org/spdx/tools/compare/PackageSheet.java | 13 +++++++++++++ .../java/org/spdx/tools/compare/SnippetSheet.java | 13 +++++++++++++ .../org/spdx/tools/compare/VerificationSheet.java | 13 +++++++++++++ .../java/org/spdx/tools/CompareSpdxDocsTest.java | 13 +++++++++++++ .../java/org/spdx/tools/SpdxConverterTestV2.java | 13 +++++++++++++ 27 files changed, 351 insertions(+) diff --git a/src/main/java/org/spdx/tools/compare/CompareHelper.java b/src/main/java/org/spdx/tools/compare/CompareHelper.java index 73b5a2d..381af00 100644 --- a/src/main/java/org/spdx/tools/compare/CompareHelper.java +++ b/src/main/java/org/spdx/tools/compare/CompareHelper.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/CreatorSheet.java b/src/main/java/org/spdx/tools/compare/CreatorSheet.java index bf75398..1e0477b 100644 --- a/src/main/java/org/spdx/tools/compare/CreatorSheet.java +++ b/src/main/java/org/spdx/tools/compare/CreatorSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java index c69f924..a8ec948 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentAnnotationSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java index ef03a05..b7f1dae 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentRelationshipSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/DocumentSheet.java b/src/main/java/org/spdx/tools/compare/DocumentSheet.java index 7ce6709..efd8650 100644 --- a/src/main/java/org/spdx/tools/compare/DocumentSheet.java +++ b/src/main/java/org/spdx/tools/compare/DocumentSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java index 100cad2..4cac713 100644 --- a/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExternalReferencesSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java index add8986..5971296 100644 --- a/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java +++ b/src/main/java/org/spdx/tools/compare/ExtractedLicenseSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java index 0a54402..4a6e79a 100644 --- a/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAnnotationSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java index 8fd68fd..737f886 100644 --- a/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileAttributionSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java index dd23d9b..d2d11bd 100644 --- a/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileChecksumSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java index 7676a2a..021558f 100644 --- a/src/main/java/org/spdx/tools/compare/FileCommentSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCommentSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java index ad36be3..d616012 100644 --- a/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileConcludedSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java index 61ebb43..871ff33 100644 --- a/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileContributorsSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java index 2ccae4d..eb52526 100644 --- a/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileCopyrightSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java index 8f020b6..7475a48 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseCommentsSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java index 8a5abd1..78313be 100644 --- a/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileLicenseInfoSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java index 784b67b..56b526d 100644 --- a/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileNoticeSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java index edc2896..9bd2db3 100644 --- a/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileRelationshipSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java index ab8cf80..9a56d5f 100644 --- a/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileSpdxIdSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java index 31f934a..55bb071 100644 --- a/src/main/java/org/spdx/tools/compare/FileTypeSheet.java +++ b/src/main/java/org/spdx/tools/compare/FileTypeSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java index 9328cf0..2ad3478 100644 --- a/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java +++ b/src/main/java/org/spdx/tools/compare/MultiDocumentSpreadsheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java index a03d082..170e50a 100644 --- a/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java +++ b/src/main/java/org/spdx/tools/compare/NormalizedFileNameComparator.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/PackageSheet.java b/src/main/java/org/spdx/tools/compare/PackageSheet.java index 406ac91..67a6159 100644 --- a/src/main/java/org/spdx/tools/compare/PackageSheet.java +++ b/src/main/java/org/spdx/tools/compare/PackageSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/SnippetSheet.java b/src/main/java/org/spdx/tools/compare/SnippetSheet.java index f172bbd..6f50d6c 100644 --- a/src/main/java/org/spdx/tools/compare/SnippetSheet.java +++ b/src/main/java/org/spdx/tools/compare/SnippetSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2016 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/main/java/org/spdx/tools/compare/VerificationSheet.java b/src/main/java/org/spdx/tools/compare/VerificationSheet.java index 86e3da3..945d487 100644 --- a/src/main/java/org/spdx/tools/compare/VerificationSheet.java +++ b/src/main/java/org/spdx/tools/compare/VerificationSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java b/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java index 6792a9b..d72556c 100644 --- a/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java +++ b/src/test/java/org/spdx/tools/CompareSpdxDocsTest.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; diff --git a/src/test/java/org/spdx/tools/SpdxConverterTestV2.java b/src/test/java/org/spdx/tools/SpdxConverterTestV2.java index e91d479..ce8402c 100644 --- a/src/test/java/org/spdx/tools/SpdxConverterTestV2.java +++ b/src/test/java/org/spdx/tools/SpdxConverterTestV2.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools; From dacfdb6b8c74a26ba812927e50187f4fc2220234 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 26 Feb 2025 10:48:40 +0800 Subject: [PATCH 09/94] Add back copyright notice text Signed-off-by: Arthit Suriyawongkul --- .../sourcefiles/AbstractFileCompareSheet.java | 13 +++++++++++++ testResources/sourcefiles/AbstractSheet.java | 13 +++++++++++++ testResources/sourcefiles/CompareHelper.java | 13 +++++++++++++ testResources/sourcefiles/CreatorSheet.java | 13 +++++++++++++ .../sourcefiles/DocumentAnnotationSheet.java | 13 +++++++++++++ .../sourcefiles/DocumentRelationshipSheet.java | 13 +++++++++++++ testResources/sourcefiles/DocumentSheet.java | 13 +++++++++++++ .../sourcefiles/ExternalReferencesSheet.java | 13 +++++++++++++ .../sourcefiles/ExtractedLicenseSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileAnnotationSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileAttributionSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileChecksumSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileCommentSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileConcludedSheet.java | 13 +++++++++++++ .../sourcefiles/FileContributorsSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileCopyrightSheet.java | 13 +++++++++++++ .../sourcefiles/FileLicenseCommentsSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileLicenseInfoSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileNoticeSheet.java | 13 +++++++++++++ .../sourcefiles/FileRelationshipSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileSpdxIdSheet.java | 13 +++++++++++++ testResources/sourcefiles/FileTypeSheet.java | 13 +++++++++++++ .../sourcefiles/MultiDocumentSpreadsheet.java | 13 +++++++++++++ .../sourcefiles/NormalizedFileNameComparator.java | 13 +++++++++++++ testResources/sourcefiles/PackageSheet.java | 13 +++++++++++++ testResources/sourcefiles/SnippetSheet.java | 13 +++++++++++++ testResources/sourcefiles/VerificationSheet.java | 13 +++++++++++++ testResources/sourcefiles/package-info.java | 13 +++++++++++++ 28 files changed, 364 insertions(+) diff --git a/testResources/sourcefiles/AbstractFileCompareSheet.java b/testResources/sourcefiles/AbstractFileCompareSheet.java index 6be9eca..f908977 100644 --- a/testResources/sourcefiles/AbstractFileCompareSheet.java +++ b/testResources/sourcefiles/AbstractFileCompareSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/AbstractSheet.java b/testResources/sourcefiles/AbstractSheet.java index 2a95922..c302bbe 100644 --- a/testResources/sourcefiles/AbstractSheet.java +++ b/testResources/sourcefiles/AbstractSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2011 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/CompareHelper.java b/testResources/sourcefiles/CompareHelper.java index 1b116e3..ed3631e 100644 --- a/testResources/sourcefiles/CompareHelper.java +++ b/testResources/sourcefiles/CompareHelper.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/CreatorSheet.java b/testResources/sourcefiles/CreatorSheet.java index cda89c0..a9edca4 100644 --- a/testResources/sourcefiles/CreatorSheet.java +++ b/testResources/sourcefiles/CreatorSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/DocumentAnnotationSheet.java b/testResources/sourcefiles/DocumentAnnotationSheet.java index 4bd98bf..4eb1087 100644 --- a/testResources/sourcefiles/DocumentAnnotationSheet.java +++ b/testResources/sourcefiles/DocumentAnnotationSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/DocumentRelationshipSheet.java b/testResources/sourcefiles/DocumentRelationshipSheet.java index 8dfd639..36116eb 100644 --- a/testResources/sourcefiles/DocumentRelationshipSheet.java +++ b/testResources/sourcefiles/DocumentRelationshipSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/DocumentSheet.java b/testResources/sourcefiles/DocumentSheet.java index 0f37155..ebe5b07 100644 --- a/testResources/sourcefiles/DocumentSheet.java +++ b/testResources/sourcefiles/DocumentSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/ExternalReferencesSheet.java b/testResources/sourcefiles/ExternalReferencesSheet.java index 3094b6f..d9d8753 100644 --- a/testResources/sourcefiles/ExternalReferencesSheet.java +++ b/testResources/sourcefiles/ExternalReferencesSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/ExtractedLicenseSheet.java b/testResources/sourcefiles/ExtractedLicenseSheet.java index 2ca153f..2437aac 100644 --- a/testResources/sourcefiles/ExtractedLicenseSheet.java +++ b/testResources/sourcefiles/ExtractedLicenseSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileAnnotationSheet.java b/testResources/sourcefiles/FileAnnotationSheet.java index 3a11b12..86d3dab 100644 --- a/testResources/sourcefiles/FileAnnotationSheet.java +++ b/testResources/sourcefiles/FileAnnotationSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileAttributionSheet.java b/testResources/sourcefiles/FileAttributionSheet.java index 3bbf3e6..31be291 100644 --- a/testResources/sourcefiles/FileAttributionSheet.java +++ b/testResources/sourcefiles/FileAttributionSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileChecksumSheet.java b/testResources/sourcefiles/FileChecksumSheet.java index a2a39cb..e046f72 100644 --- a/testResources/sourcefiles/FileChecksumSheet.java +++ b/testResources/sourcefiles/FileChecksumSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileCommentSheet.java b/testResources/sourcefiles/FileCommentSheet.java index 805518e..45b98c6 100644 --- a/testResources/sourcefiles/FileCommentSheet.java +++ b/testResources/sourcefiles/FileCommentSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileConcludedSheet.java b/testResources/sourcefiles/FileConcludedSheet.java index caef38f..e6d5884 100644 --- a/testResources/sourcefiles/FileConcludedSheet.java +++ b/testResources/sourcefiles/FileConcludedSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileContributorsSheet.java b/testResources/sourcefiles/FileContributorsSheet.java index 08b86b4..00e8dba 100644 --- a/testResources/sourcefiles/FileContributorsSheet.java +++ b/testResources/sourcefiles/FileContributorsSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileCopyrightSheet.java b/testResources/sourcefiles/FileCopyrightSheet.java index f45b236..0448492 100644 --- a/testResources/sourcefiles/FileCopyrightSheet.java +++ b/testResources/sourcefiles/FileCopyrightSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileLicenseCommentsSheet.java b/testResources/sourcefiles/FileLicenseCommentsSheet.java index b4f7889..e75d38f 100644 --- a/testResources/sourcefiles/FileLicenseCommentsSheet.java +++ b/testResources/sourcefiles/FileLicenseCommentsSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileLicenseInfoSheet.java b/testResources/sourcefiles/FileLicenseInfoSheet.java index d847efe..d98e8ea 100644 --- a/testResources/sourcefiles/FileLicenseInfoSheet.java +++ b/testResources/sourcefiles/FileLicenseInfoSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileNoticeSheet.java b/testResources/sourcefiles/FileNoticeSheet.java index 6e27aa3..20903b0 100644 --- a/testResources/sourcefiles/FileNoticeSheet.java +++ b/testResources/sourcefiles/FileNoticeSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileRelationshipSheet.java b/testResources/sourcefiles/FileRelationshipSheet.java index d3c3ac8..0ac675e 100644 --- a/testResources/sourcefiles/FileRelationshipSheet.java +++ b/testResources/sourcefiles/FileRelationshipSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileSpdxIdSheet.java b/testResources/sourcefiles/FileSpdxIdSheet.java index 2866ba6..2e1602d 100644 --- a/testResources/sourcefiles/FileSpdxIdSheet.java +++ b/testResources/sourcefiles/FileSpdxIdSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/FileTypeSheet.java b/testResources/sourcefiles/FileTypeSheet.java index 56fa640..c12abb2 100644 --- a/testResources/sourcefiles/FileTypeSheet.java +++ b/testResources/sourcefiles/FileTypeSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/MultiDocumentSpreadsheet.java b/testResources/sourcefiles/MultiDocumentSpreadsheet.java index b786f06..ba33332 100644 --- a/testResources/sourcefiles/MultiDocumentSpreadsheet.java +++ b/testResources/sourcefiles/MultiDocumentSpreadsheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/NormalizedFileNameComparator.java b/testResources/sourcefiles/NormalizedFileNameComparator.java index 351f77a..9a65cb3 100644 --- a/testResources/sourcefiles/NormalizedFileNameComparator.java +++ b/testResources/sourcefiles/NormalizedFileNameComparator.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/PackageSheet.java b/testResources/sourcefiles/PackageSheet.java index 9ec328d..c99e9f8 100644 --- a/testResources/sourcefiles/PackageSheet.java +++ b/testResources/sourcefiles/PackageSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/SnippetSheet.java b/testResources/sourcefiles/SnippetSheet.java index 1bbfa2f..e9a0c45 100644 --- a/testResources/sourcefiles/SnippetSheet.java +++ b/testResources/sourcefiles/SnippetSheet.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2016 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/VerificationSheet.java b/testResources/sourcefiles/VerificationSheet.java index d1e46f3..d00cdbe 100644 --- a/testResources/sourcefiles/VerificationSheet.java +++ b/testResources/sourcefiles/VerificationSheet.java @@ -3,6 +3,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2013 Black Duck Software Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.compare; diff --git a/testResources/sourcefiles/package-info.java b/testResources/sourcefiles/package-info.java index 3f7dc30..f5ad148 100644 --- a/testResources/sourcefiles/package-info.java +++ b/testResources/sourcefiles/package-info.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ /** From 4d39d77cb32c982d2dfc3486dcb0508e8ef8860c Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 26 Feb 2025 11:00:55 +0800 Subject: [PATCH 10/94] Add back copyright notice text Signed-off-by: Arthit Suriyawongkul --- .../org/spdx/tools/compare/package-info.java | 13 +++++++ .../tools/schema/AbstractOwlRdfConverter.java | 13 +++++++ .../spdx/tools/schema/OwlToJsonContext.java | 13 +++++++ .../spdx/tools/schema/OwlToJsonSchema.java | 13 +++++++ .../java/org/spdx/tools/schema/OwlToXsd.java | 13 +++++++ .../spdx/tools/schema/SchemaException.java | 39 +++++++++++++++---- .../org/spdx/tools/schema/package-info.java | 13 +++++++ 7 files changed, 109 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/spdx/tools/compare/package-info.java b/src/main/java/org/spdx/tools/compare/package-info.java index 3f7dc30..f5ad148 100644 --- a/src/main/java/org/spdx/tools/compare/package-info.java +++ b/src/main/java/org/spdx/tools/compare/package-info.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ /** diff --git a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java index 284e6e3..f945e8e 100644 --- a/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java +++ b/src/main/java/org/spdx/tools/schema/AbstractOwlRdfConverter.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.schema; diff --git a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java index d31b406..b205af2 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java +++ b/src/main/java/org/spdx/tools/schema/OwlToJsonContext.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.schema; diff --git a/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java b/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java index d1a5c4d..beb7b84 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java +++ b/src/main/java/org/spdx/tools/schema/OwlToJsonSchema.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.schema; diff --git a/src/main/java/org/spdx/tools/schema/OwlToXsd.java b/src/main/java/org/spdx/tools/schema/OwlToXsd.java index 3947814..60c0a15 100644 --- a/src/main/java/org/spdx/tools/schema/OwlToXsd.java +++ b/src/main/java/org/spdx/tools/schema/OwlToXsd.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.schema; diff --git a/src/main/java/org/spdx/tools/schema/SchemaException.java b/src/main/java/org/spdx/tools/schema/SchemaException.java index d57e263..77d88e6 100644 --- a/src/main/java/org/spdx/tools/schema/SchemaException.java +++ b/src/main/java/org/spdx/tools/schema/SchemaException.java @@ -2,39 +2,62 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ package org.spdx.tools.schema; /** + * Exception thrown for schema-related errors + * * @author Gary O'Neall */ public class SchemaException extends Exception { /** - * + * Serial version UID for serialization */ private static final long serialVersionUID = 1L; /** - * @param message + * Constructs a new SchemaException with the specified detail message + * + * @param message the detail message */ public SchemaException(String message) { super(message); } /** - * @param message - * @param cause + * Constructs a new SchemaException with the specified detail message and + * cause + * + * @param message the detail message + * @param cause the cause */ public SchemaException(String message, Throwable cause) { super(message, cause); } /** - * @param message - * @param cause - * @param enableSuppression - * @param writableStackTrace + * Constructs a new SchemaException with the specified detail message, + * cause, and configurations + * + * @param message the detail message + * @param cause the cause + * @param enableSuppression whether or not suppression is enabled + * @param writableStackTrace whether or not the stack trace is writable */ public SchemaException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { super(message, cause, enableSuppression, writableStackTrace); diff --git a/src/main/java/org/spdx/tools/schema/package-info.java b/src/main/java/org/spdx/tools/schema/package-info.java index ddb494f..8610df2 100644 --- a/src/main/java/org/spdx/tools/schema/package-info.java +++ b/src/main/java/org/spdx/tools/schema/package-info.java @@ -2,6 +2,19 @@ * SPDX-FileCopyrightText: Copyright (c) 2020 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * */ /** From bdfee20bdf55737c65e80dcf2c85383e17d5d52b Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 26 Feb 2025 13:56:07 +0800 Subject: [PATCH 11/94] Add Javadoc comments Signed-off-by: Arthit Suriyawongkul --- src/main/java/org/spdx/tools/CONTRIBUTING.md | 6 +++++- src/main/java/org/spdx/tools/CompareSpdxDocs.java | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/spdx/tools/CONTRIBUTING.md b/src/main/java/org/spdx/tools/CONTRIBUTING.md index 755f112..a41d4ff 100644 --- a/src/main/java/org/spdx/tools/CONTRIBUTING.md +++ b/src/main/java/org/spdx/tools/CONTRIBUTING.md @@ -1,15 +1,18 @@ Contributing ============ + Thank you for your interest in `Spdx-Java-Library`. The project is open-source software, and bug reports, suggestions, and most especially patches are welcome. Issues ------ + `Spdx-Java-Library` has a [project page on GitHub](https://github.com/spdx/Spdx-Java-Library) where you can [create an issue](https://github.com/spdx/Spdx-Java-Library/issues/new/choose) to report a bug, make a suggestion, or propose a substantial change or improvement that you might like to make. You may also wish to contact the SPDX working group technical team through its mailing list, [spdx-tech@lists.spdx.org](mailto:spdx-tech@lists.spdx.org). If you would like to work on a fix for any issue, please assign the issue to yourself prior to creating a Pull Request. Pull Requests ------- + The source code for `Spdx-Java-Library` is hosted on [github.com/spdx/Spdx-Java-Library](https://github.com/spdx/Spdx-Java-Library). Please review [open pull requests](https://github.com/spdx/Spdx-Java-Library/pulls) and [active branches](https://github.com/spdx/Spdx-Java-Library/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. To submit a pull request via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. @@ -20,4 +23,5 @@ Once implemented, submit a pull request with `spec/X.X` branch as the parent bra Licensing --------- -However you choose to contribute, please sign-off in each of your commits that you license your contributions under the terms of [the Developer Certificate of Origin](https://developercertificate.org/). Git has utilities for signing off on commits: `git commit -s` signs a current commit, and `git rebase --signoff ` retroactively signs a range of past commits. \ No newline at end of file + +However you choose to contribute, please sign-off in each of your commits that you license your contributions under the terms of [the Developer Certificate of Origin](https://developercertificate.org/). Git has utilities for signing off on commits: `git commit -s` signs a current commit, and `git rebase --signoff ` retroactively signs a range of past commits. diff --git a/src/main/java/org/spdx/tools/CompareSpdxDocs.java b/src/main/java/org/spdx/tools/CompareSpdxDocs.java index 5d02b77..fdc9629 100644 --- a/src/main/java/org/spdx/tools/CompareSpdxDocs.java +++ b/src/main/java/org/spdx/tools/CompareSpdxDocs.java @@ -78,6 +78,7 @@ public static void main(String[] args) { } /** + * Invoke SPDX document processing functions from the online tool * * @param args args[0] is the output Excel file name, all other args are SPDX document file names * @throws OnlineToolException Exception caught by JPype and displayed to the user From c341e9e1d015e40808fcca430c3a6d66a999636c Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 16 Apr 2025 11:41:13 +0100 Subject: [PATCH 12/94] Update GitHub Actions Signed-off-by: Arthit Suriyawongkul --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7cc0284..657d139 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,22 +15,22 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: 17 - name: Cache SonarCloud packages - uses: actions/cache@v1 + uses: actions/cache@v4 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Maven packages - uses: actions/cache@v1 + uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} From 46081d642785851cb1e9c490c051b60e24b4a799 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 16 Apr 2025 11:19:31 +0100 Subject: [PATCH 13/94] Fix 'build.plugins.plugin.version' is missing warning Signed-off-by: Arthit Suriyawongkul --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index d245812..09217e6 100644 --- a/pom.xml +++ b/pom.xml @@ -285,6 +285,7 @@ org.apache.maven.plugins maven-shade-plugin + 3.4.1 true jar-with-dependencies From 204b52f644f475760aa61ee140b713a315dc44e9 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 16 Apr 2025 10:59:52 +0100 Subject: [PATCH 14/94] Add JSON schema latest version check Check content of local schema file with the remote location. Signed-off-by: Arthit Suriyawongkul --- .../org/spdx/tools/SchemaVersionTest.java | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 src/test/java/org/spdx/tools/SchemaVersionTest.java diff --git a/src/test/java/org/spdx/tools/SchemaVersionTest.java b/src/test/java/org/spdx/tools/SchemaVersionTest.java new file mode 100644 index 0000000..e81e317 --- /dev/null +++ b/src/test/java/org/spdx/tools/SchemaVersionTest.java @@ -0,0 +1,69 @@ +package org.spdx.tools; + +import java.io.IOException; +import java.net.URL; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Comparator; +import java.util.Optional; + +import org.apache.commons.io.IOUtils; + +import junit.framework.TestCase; + +public class SchemaVersionTest extends TestCase { + + private String VERSION_REGEX = "spdx-schema-v(\\d+\\.\\d+(\\.\\d+)?)\\.json"; + + public void testLatestSpdxSchemaVersionIsUpToDate() throws IOException { + // Step 1: Find the latest JSON schema file in the resources directory + Path resourcesDir = Paths.get("resources"); + + + Optional latestSchemaFile = Files.list(resourcesDir) + .filter(path -> path.getFileName().toString().matches(VERSION_REGEX)) + .max(Comparator.comparing(path -> parseVersion(path.getFileName().toString()), + versionComparator)); + + assertTrue("No SPDX schema file found in resources directory.", + latestSchemaFile.isPresent()); + + Path schemaFilePath = latestSchemaFile.get(); + String fileName = schemaFilePath.getFileName().toString(); + String version = extractVersionNumber(fileName); + + // Step 2: Compare the content of the file with the content from the URL + String localSchemaContent = Files.readString(schemaFilePath); + String remoteSchemaUrl = "https://spdx.org/schema/" + version + "/spdx-json-schema.json"; + String remoteSchemaContent = IOUtils.toString(new URL(remoteSchemaUrl), "UTF-8"); + + // Step 3: Assert if the contents match + assertEquals("The local SPDX schema file does not match the remote schema content.", + localSchemaContent.trim(), remoteSchemaContent.trim()); + } + + private String extractVersionNumber(String fileName) { + return fileName.replaceAll(VERSION_REGEX, "$1"); + } + + private int[] parseVersion(String fileName) { + String version = extractVersionNumber(fileName); + String[] parts = version.split("\\."); + int[] versionNumbers = new int[3]; // [major, minor, patch] + for (int i = 0; i < parts.length; i++) { + versionNumbers[i] = Integer.parseInt(parts[i]); + } + return versionNumbers; + } + + private Comparator versionComparator = (v1, v2) -> { + for (int i = 0; i < 3; i++) { + int comparison = Integer.compare(v1[i], v2[i]); + if (comparison != 0) { + return comparison; + } + } + return 0; + }; +} From abdae876bd89fb7d8586bf53d71cc85564076674 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Wed, 16 Apr 2025 11:33:07 +0100 Subject: [PATCH 15/94] Update spdx-schema-v3.0.1.json Signed-off-by: Arthit Suriyawongkul --- resources/spdx-schema-v3.0.1.json | 1426 ++++++++--------- ...Test.java => LatestSchemaVersionTest.java} | 5 +- 2 files changed, 714 insertions(+), 717 deletions(-) rename src/test/java/org/spdx/tools/{SchemaVersionTest.java => LatestSchemaVersionTest.java} (97%) diff --git a/resources/spdx-schema-v3.0.1.json b/resources/spdx-schema-v3.0.1.json index ccb1933..5a030b4 100644 --- a/resources/spdx-schema-v3.0.1.json +++ b/resources/spdx-schema-v3.0.1.json @@ -100,13 +100,13 @@ ] }, "prop_ai_EnergyConsumption_ai_finetuningEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_inferenceEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_trainingEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "ai_EnergyConsumptionDescription": { "allOf": [ @@ -157,22 +157,22 @@ ] }, "prop_ai_EnergyConsumptionDescription_ai_energyQuantity": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_ai_EnergyConsumptionDescription_ai_energyUnit": { - "enum": [ - "kilowattHour", - "megajoule", - "other" - ] + "enum": [ + "kilowattHour", + "megajoule", + "other" + ] }, "ai_EnergyUnitType": { "allOf": [ @@ -371,28 +371,28 @@ ] }, "prop_CreationInfo_comment": { - "type": "string" + "type": "string" }, "prop_CreationInfo_created": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_CreationInfo_createdBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_CreationInfo_createdUsing": { - "$ref": "#/$defs/Tool_derived" + "$ref": "#/$defs/Tool_derived" }, "prop_CreationInfo_specVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "DictionaryEntry": { "allOf": [ @@ -442,10 +442,10 @@ ] }, "prop_DictionaryEntry_key": { - "type": "string" + "type": "string" }, "prop_DictionaryEntry_value": { - "type": "string" + "type": "string" }, "Element_derived": { "anyOf": [ @@ -573,31 +573,31 @@ ] }, "prop_Element_comment": { - "type": "string" + "type": "string" }, "prop_Element_creationInfo": { - "$ref": "#/$defs/CreationInfo_derived" + "$ref": "#/$defs/CreationInfo_derived" }, "prop_Element_description": { - "type": "string" + "type": "string" }, "prop_Element_extension": { - "$ref": "#/$defs/extension_Extension_derived" + "$ref": "#/$defs/extension_Extension_derived" }, "prop_Element_externalIdentifier": { - "$ref": "#/$defs/ExternalIdentifier_derived" + "$ref": "#/$defs/ExternalIdentifier_derived" }, "prop_Element_externalRef": { - "$ref": "#/$defs/ExternalRef_derived" + "$ref": "#/$defs/ExternalRef_derived" }, "prop_Element_name": { - "type": "string" + "type": "string" }, "prop_Element_summary": { - "type": "string" + "type": "string" }, "prop_Element_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ElementCollection_derived": { "anyOf": [ @@ -655,24 +655,24 @@ ] }, "prop_ElementCollection_element": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_ElementCollection_profileConformance": { - "enum": [ - "ai", - "build", - "core", - "dataset", - "expandedLicensing", - "extension", - "lite", - "security", - "simpleLicensing", - "software" - ] + "enum": [ + "ai", + "build", + "core", + "dataset", + "expandedLicensing", + "extension", + "lite", + "security", + "simpleLicensing", + "software" + ] }, "prop_ElementCollection_rootElement": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "ExternalIdentifier": { "allOf": [ @@ -739,31 +739,31 @@ ] }, "prop_ExternalIdentifier_comment": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_externalIdentifierType": { - "enum": [ - "cpe22", - "cpe23", - "cve", - "email", - "gitoid", - "other", - "packageUrl", - "securityOther", - "swhid", - "swid", - "urlScheme" - ] + "enum": [ + "cpe22", + "cpe23", + "cve", + "email", + "gitoid", + "other", + "packageUrl", + "securityOther", + "swhid", + "swid", + "urlScheme" + ] }, "prop_ExternalIdentifier_identifier": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_identifierLocator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalIdentifier_issuingAuthority": { - "type": "string" + "type": "string" }, "ExternalIdentifierType": { "allOf": [ @@ -875,16 +875,16 @@ ] }, "prop_ExternalMap_definingArtifact": { - "$ref": "#/$defs/Artifact_derived" + "$ref": "#/$defs/Artifact_derived" }, "prop_ExternalMap_externalSpdxId": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_locationHint": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ExternalRef": { "allOf": [ @@ -944,64 +944,64 @@ ] }, "prop_ExternalRef_comment": { - "type": "string" + "type": "string" }, "prop_ExternalRef_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_ExternalRef_externalRefType": { - "enum": [ - "altDownloadLocation", - "altWebPage", - "binaryArtifact", - "bower", - "buildMeta", - "buildSystem", - "certificationReport", - "chat", - "componentAnalysisReport", - "cwe", - "documentation", - "dynamicAnalysisReport", - "eolNotice", - "exportControlAssessment", - "funding", - "issueTracker", - "license", - "mailingList", - "mavenCentral", - "metrics", - "npm", - "nuget", - "other", - "privacyAssessment", - "productMetadata", - "purchaseOrder", - "qualityAssessmentReport", - "releaseHistory", - "releaseNotes", - "riskAssessment", - "runtimeAnalysisReport", - "secureSoftwareAttestation", - "securityAdversaryModel", - "securityAdvisory", - "securityFix", - "securityOther", - "securityPenTestReport", - "securityPolicy", - "securityThreatModel", - "socialMedia", - "sourceArtifact", - "staticAnalysisReport", - "support", - "vcs", - "vulnerabilityDisclosureReport", - "vulnerabilityExploitabilityAssessment" - ] + "enum": [ + "altDownloadLocation", + "altWebPage", + "binaryArtifact", + "bower", + "buildMeta", + "buildSystem", + "certificationReport", + "chat", + "componentAnalysisReport", + "cwe", + "documentation", + "dynamicAnalysisReport", + "eolNotice", + "exportControlAssessment", + "funding", + "issueTracker", + "license", + "mailingList", + "mavenCentral", + "metrics", + "npm", + "nuget", + "other", + "privacyAssessment", + "productMetadata", + "purchaseOrder", + "qualityAssessmentReport", + "releaseHistory", + "releaseNotes", + "riskAssessment", + "runtimeAnalysisReport", + "secureSoftwareAttestation", + "securityAdversaryModel", + "securityAdvisory", + "securityFix", + "securityOther", + "securityPenTestReport", + "securityPolicy", + "securityThreatModel", + "socialMedia", + "sourceArtifact", + "staticAnalysisReport", + "support", + "vcs", + "vulnerabilityDisclosureReport", + "vulnerabilityExploitabilityAssessment" + ] }, "prop_ExternalRef_locator": { - "type": "string" + "type": "string" }, "ExternalRefType": { "allOf": [ @@ -1216,7 +1216,7 @@ ] }, "prop_IntegrityMethod_comment": { - "type": "string" + "type": "string" }, "LifecycleScopeType": { "allOf": [ @@ -1311,10 +1311,10 @@ ] }, "prop_NamespaceMap_namespace": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_NamespaceMap_prefix": { - "type": "string" + "type": "string" }, "PackageVerificationCode": { "allOf": [ @@ -1375,36 +1375,36 @@ ] }, "prop_PackageVerificationCode_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_PackageVerificationCode_hashValue": { - "type": "string" + "type": "string" }, "prop_PackageVerificationCode_packageVerificationCodeExcludedFile": { - "type": "string" + "type": "string" }, "PositiveIntegerRange": { "allOf": [ @@ -1455,12 +1455,12 @@ ] }, "prop_PositiveIntegerRange_beginIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "prop_PositiveIntegerRange_endIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "PresenceType": { "allOf": [ @@ -1633,102 +1633,102 @@ ] }, "prop_Relationship_completeness": { - "enum": [ - "complete", - "incomplete", - "noAssertion" - ] + "enum": [ + "complete", + "incomplete", + "noAssertion" + ] }, "prop_Relationship_endTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_from_": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_Relationship_relationshipType": { - "enum": [ - "affects", - "amendedBy", - "ancestorOf", - "availableFrom", - "configures", - "contains", - "coordinatedBy", - "copiedTo", - "delegatedTo", - "dependsOn", - "descendantOf", - "describes", - "doesNotAffect", - "expandsTo", - "exploitCreatedBy", - "fixedBy", - "fixedIn", - "foundBy", - "generates", - "hasAddedFile", - "hasAssessmentFor", - "hasAssociatedVulnerability", - "hasConcludedLicense", - "hasDataFile", - "hasDeclaredLicense", - "hasDeletedFile", - "hasDependencyManifest", - "hasDistributionArtifact", - "hasDocumentation", - "hasDynamicLink", - "hasEvidence", - "hasExample", - "hasHost", - "hasInput", - "hasMetadata", - "hasOptionalComponent", - "hasOptionalDependency", - "hasOutput", - "hasPrerequisite", - "hasProvidedDependency", - "hasRequirement", - "hasSpecification", - "hasStaticLink", - "hasTest", - "hasTestCase", - "hasVariant", - "invokedBy", - "modifiedBy", - "other", - "packagedBy", - "patchedBy", - "publishedBy", - "reportedBy", - "republishedBy", - "serializedInArtifact", - "testedOn", - "trainedOn", - "underInvestigationFor", - "usesTool" - ] + "enum": [ + "affects", + "amendedBy", + "ancestorOf", + "availableFrom", + "configures", + "contains", + "coordinatedBy", + "copiedTo", + "delegatedTo", + "dependsOn", + "descendantOf", + "describes", + "doesNotAffect", + "expandsTo", + "exploitCreatedBy", + "fixedBy", + "fixedIn", + "foundBy", + "generates", + "hasAddedFile", + "hasAssessmentFor", + "hasAssociatedVulnerability", + "hasConcludedLicense", + "hasDataFile", + "hasDeclaredLicense", + "hasDeletedFile", + "hasDependencyManifest", + "hasDistributionArtifact", + "hasDocumentation", + "hasDynamicLink", + "hasEvidence", + "hasExample", + "hasHost", + "hasInput", + "hasMetadata", + "hasOptionalComponent", + "hasOptionalDependency", + "hasOutput", + "hasPrerequisite", + "hasProvidedDependency", + "hasRequirement", + "hasSpecification", + "hasStaticLink", + "hasTest", + "hasTestCase", + "hasVariant", + "invokedBy", + "modifiedBy", + "other", + "packagedBy", + "patchedBy", + "publishedBy", + "reportedBy", + "republishedBy", + "serializedInArtifact", + "testedOn", + "trainedOn", + "underInvestigationFor", + "usesTool" + ] }, "prop_Relationship_startTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_to": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "RelationshipCompleteness": { "allOf": [ @@ -1931,13 +1931,13 @@ ] }, "prop_SpdxDocument_dataLicense": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "prop_SpdxDocument_import_": { - "$ref": "#/$defs/ExternalMap_derived" + "$ref": "#/$defs/ExternalMap_derived" }, "prop_SpdxDocument_namespaceMap": { - "$ref": "#/$defs/NamespaceMap_derived" + "$ref": "#/$defs/NamespaceMap_derived" }, "SupportType": { "allOf": [ @@ -2212,22 +2212,22 @@ ] }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_additionText": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_isDeprecatedAdditionId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_standardAdditionTemplate": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicenseException": { "allOf": [ @@ -2275,10 +2275,10 @@ ] }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "extension_CdxPropertyEntry": { "allOf": [ @@ -2328,10 +2328,10 @@ ] }, "prop_extension_CdxPropertyEntry_extension_cdxPropName": { - "type": "string" + "type": "string" }, "prop_extension_CdxPropertyEntry_extension_cdxPropValue": { - "type": "string" + "type": "string" }, "extension_Extension": { "allOf": [ @@ -2588,43 +2588,43 @@ ] }, "prop_security_VulnAssessmentRelationship_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_security_VulnAssessmentRelationship_security_assessedElement": { - "$ref": "#/$defs/software_SoftwareArtifact_derived" + "$ref": "#/$defs/software_SoftwareArtifact_derived" }, "prop_security_VulnAssessmentRelationship_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "simplelicensing_AnyLicenseInfo_derived": { "anyOf": [ @@ -2716,14 +2716,14 @@ ] }, "prop_simplelicensing_LicenseExpression_simplelicensing_customIdToUri": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseExpression": { - "type": "string" + "type": "string" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseListVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "simplelicensing_SimpleLicensingText": { "allOf": [ @@ -2771,7 +2771,7 @@ ] }, "prop_simplelicensing_SimpleLicensingText_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "software_ContentIdentifier": { "allOf": [ @@ -2822,13 +2822,13 @@ ] }, "prop_software_ContentIdentifier_software_contentIdentifierType": { - "enum": [ - "gitoid", - "swhid" - ] + "enum": [ + "gitoid", + "swhid" + ] }, "prop_software_ContentIdentifier_software_contentIdentifierValue": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "software_ContentIdentifierType": { "allOf": [ @@ -3126,47 +3126,47 @@ ] }, "prop_build_Build_build_buildEndTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_build_Build_build_buildId": { - "type": "string" + "type": "string" }, "prop_build_Build_build_buildStartTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_build_Build_build_buildType": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_build_Build_build_configSourceDigest": { - "$ref": "#/$defs/Hash_derived" + "$ref": "#/$defs/Hash_derived" }, "prop_build_Build_build_configSourceEntrypoint": { - "type": "string" + "type": "string" }, "prop_build_Build_build_configSourceUri": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_build_Build_build_environment": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_build_Build_build_parameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "Agent": { "allOf": [ @@ -3267,20 +3267,20 @@ ] }, "prop_Annotation_annotationType": { - "enum": [ - "other", - "review" - ] + "enum": [ + "other", + "review" + ] }, "prop_Annotation_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_Annotation_statement": { - "type": "string" + "type": "string" }, "prop_Annotation_subject": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "Artifact_derived": { "anyOf": [ @@ -3352,57 +3352,57 @@ ] }, "prop_Artifact_builtTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_originatedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_releaseTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_standardName": { - "type": "string" + "type": "string" }, "prop_Artifact_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_supportLevel": { - "enum": [ - "deployed", - "development", - "endOfSupport", - "limitedSupport", - "noAssertion", - "noSupport", - "support" - ] + "enum": [ + "deployed", + "development", + "endOfSupport", + "limitedSupport", + "noAssertion", + "noSupport", + "support" + ] }, "prop_Artifact_validUntilTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "Bundle": { "allOf": [ @@ -3449,7 +3449,7 @@ ] }, "prop_Bundle_context": { - "type": "string" + "type": "string" }, "Hash": { "allOf": [ @@ -3500,33 +3500,33 @@ ] }, "prop_Hash_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_Hash_hashValue": { - "type": "string" + "type": "string" }, "LifecycleScopedRelationship": { "allOf": [ @@ -3571,14 +3571,14 @@ ] }, "prop_LifecycleScopedRelationship_scope": { - "enum": [ - "build", - "design", - "development", - "other", - "runtime", - "test" - ] + "enum": [ + "build", + "design", + "development", + "other", + "runtime", + "test" + ] }, "Organization": { "allOf": [ @@ -3752,7 +3752,7 @@ ] }, "prop_expandedlicensing_ConjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_CustomLicenseAddition": { "allOf": [ @@ -3847,7 +3847,7 @@ ] }, "prop_expandedlicensing_DisjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_ExtendableLicense_derived": { "anyOf": [ @@ -3975,31 +3975,31 @@ ] }, "prop_expandedlicensing_License_expandedlicensing_isDeprecatedLicenseId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isFsfLibre": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isOsiApproved": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseHeader": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseTemplate": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicense": { "allOf": [ @@ -4047,10 +4047,10 @@ ] }, "prop_expandedlicensing_ListedLicense_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicense_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "expandedlicensing_OrLaterOperator": { "allOf": [ @@ -4098,7 +4098,7 @@ ] }, "prop_expandedlicensing_OrLaterOperator_expandedlicensing_subjectLicense": { - "$ref": "#/$defs/expandedlicensing_License_derived" + "$ref": "#/$defs/expandedlicensing_License_derived" }, "expandedlicensing_WithAdditionOperator": { "allOf": [ @@ -4150,10 +4150,10 @@ ] }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectAddition": { - "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" + "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectExtendableLicense": { - "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" + "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" }, "extension_CdxPropertiesExtension": { "allOf": [ @@ -4208,7 +4208,7 @@ ] }, "prop_extension_CdxPropertiesExtension_extension_cdxProperty": { - "$ref": "#/$defs/extension_CdxPropertyEntry_derived" + "$ref": "#/$defs/extension_CdxPropertyEntry_derived" }, "security_CvssV2VulnAssessmentRelationship": { "allOf": [ @@ -4260,18 +4260,18 @@ ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV3VulnAssessmentRelationship": { "allOf": [ @@ -4327,27 +4327,27 @@ ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV4VulnAssessmentRelationship": { "allOf": [ @@ -4403,27 +4403,27 @@ ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_EpssVulnAssessmentRelationship": { "allOf": [ @@ -4475,26 +4475,26 @@ ] }, "prop_security_EpssVulnAssessmentRelationship_security_percentile": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_EpssVulnAssessmentRelationship_security_probability": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "security_ExploitCatalogVulnAssessmentRelationship": { "allOf": [ @@ -4550,16 +4550,16 @@ ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_catalogType": { - "enum": [ - "kev", - "other" - ] + "enum": [ + "kev", + "other" + ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_exploited": { - "type": "boolean" + "type": "boolean" }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_locator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "security_SsvcVulnAssessmentRelationship": { "allOf": [ @@ -4607,12 +4607,12 @@ ] }, "prop_security_SsvcVulnAssessmentRelationship_security_decisionType": { - "enum": [ - "act", - "attend", - "track", - "trackStar" - ] + "enum": [ + "act", + "attend", + "track", + "trackStar" + ] }, "security_VexVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4646,10 +4646,10 @@ ] }, "prop_security_VexVulnAssessmentRelationship_security_statusNotes": { - "type": "string" + "type": "string" }, "prop_security_VexVulnAssessmentRelationship_security_vexVersion": { - "type": "string" + "type": "string" }, "security_Vulnerability": { "allOf": [ @@ -4700,37 +4700,37 @@ ] }, "prop_security_Vulnerability_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "software_SoftwareArtifact_derived": { "anyOf": [ @@ -4795,79 +4795,79 @@ ] }, "prop_software_SoftwareArtifact_software_additionalPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "prop_software_SoftwareArtifact_software_attributionText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_contentIdentifier": { - "$ref": "#/$defs/software_ContentIdentifier_derived" + "$ref": "#/$defs/software_ContentIdentifier_derived" }, "prop_software_SoftwareArtifact_software_copyrightText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_primaryPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "Bom": { "allOf": [ @@ -4997,18 +4997,18 @@ ] }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatement": { - "type": "string" + "type": "string" }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "security_VexFixedVulnAssessmentRelationship": { "allOf": [ @@ -5098,27 +5098,27 @@ ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatement": { - "type": "string" + "type": "string" }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_justificationType": { - "enum": [ - "componentNotPresent", - "inlineMitigationsAlreadyExist", - "vulnerableCodeCannotBeControlledByAdversary", - "vulnerableCodeNotInExecutePath", - "vulnerableCodeNotPresent" - ] + "enum": [ + "componentNotPresent", + "inlineMitigationsAlreadyExist", + "vulnerableCodeCannotBeControlledByAdversary", + "vulnerableCodeNotInExecutePath", + "vulnerableCodeNotPresent" + ] }, "security_VexUnderInvestigationVulnAssessmentRelationship": { "allOf": [ @@ -5205,14 +5205,14 @@ ] }, "prop_software_File_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_software_File_software_fileKind": { - "enum": [ - "directory", - "file" - ] + "enum": [ + "directory", + "file" + ] }, "software_Package": { "allOf": [ @@ -5271,19 +5271,19 @@ ] }, "prop_software_Package_software_downloadLocation": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_homePage": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageUrl": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageVersion": { - "type": "string" + "type": "string" }, "prop_software_Package_software_sourceInfo": { - "type": "string" + "type": "string" }, "software_Sbom": { "allOf": [ @@ -5335,14 +5335,14 @@ ] }, "prop_software_Sbom_software_sbomType": { - "enum": [ - "analyzed", - "build", - "deployed", - "design", - "runtime", - "source" - ] + "enum": [ + "analyzed", + "build", + "deployed", + "design", + "runtime", + "source" + ] }, "software_Snippet": { "allOf": [ @@ -5396,13 +5396,13 @@ ] }, "prop_software_Snippet_software_byteRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_lineRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_snippetFromFile": { - "$ref": "#/$defs/software_File_derived" + "$ref": "#/$defs/software_File_derived" }, "ai_AIPackage": { "allOf": [ @@ -5545,62 +5545,62 @@ ] }, "prop_ai_AIPackage_ai_autonomyType": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_ai_AIPackage_ai_domain": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_energyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumption_derived" + "$ref": "#/$defs/ai_EnergyConsumption_derived" }, "prop_ai_AIPackage_ai_hyperparameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_informationAboutApplication": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_informationAboutTraining": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_limitation": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_metric": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_metricDecisionThreshold": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_modelDataPreprocessing": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_modelExplainability": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_safetyRiskAssessment": { - "enum": [ - "high", - "low", - "medium", - "serious" - ] + "enum": [ + "high", + "low", + "medium", + "serious" + ] }, "prop_ai_AIPackage_ai_standardCompliance": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_typeOfModel": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_useSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "dataset_DatasetPackage": { "allOf": [ @@ -5720,74 +5720,74 @@ ] }, "prop_dataset_DatasetPackage_dataset_anonymizationMethodUsed": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_confidentialityLevel": { - "enum": [ - "amber", - "clear", - "green", - "red" - ] + "enum": [ + "amber", + "clear", + "green", + "red" + ] }, "prop_dataset_DatasetPackage_dataset_dataCollectionProcess": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_dataPreprocessing": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetAvailability": { - "enum": [ - "clickthrough", - "directDownload", - "query", - "registration", - "scrapingScript" - ] + "enum": [ + "clickthrough", + "directDownload", + "query", + "registration", + "scrapingScript" + ] }, "prop_dataset_DatasetPackage_dataset_datasetNoise": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetSize": { - "type": "integer", - "minimum": 0 + "type": "integer", + "minimum": 0 }, "prop_dataset_DatasetPackage_dataset_datasetType": { - "enum": [ - "audio", - "categorical", - "graph", - "image", - "noAssertion", - "numeric", - "other", - "sensor", - "structured", - "syntactic", - "text", - "timeseries", - "timestamp", - "video" - ] + "enum": [ + "audio", + "categorical", + "graph", + "image", + "noAssertion", + "numeric", + "other", + "sensor", + "structured", + "syntactic", + "text", + "timeseries", + "timestamp", + "video" + ] }, "prop_dataset_DatasetPackage_dataset_datasetUpdateMechanism": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_hasSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_dataset_DatasetPackage_dataset_intendedUse": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_knownBias": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_sensor": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "IRI": { "type": "string", @@ -5982,4 +5982,4 @@ ] } } -} \ No newline at end of file +} diff --git a/src/test/java/org/spdx/tools/SchemaVersionTest.java b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java similarity index 97% rename from src/test/java/org/spdx/tools/SchemaVersionTest.java rename to src/test/java/org/spdx/tools/LatestSchemaVersionTest.java index e81e317..38cdef5 100644 --- a/src/test/java/org/spdx/tools/SchemaVersionTest.java +++ b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java @@ -12,20 +12,17 @@ import junit.framework.TestCase; -public class SchemaVersionTest extends TestCase { +public class LatestSchemaVersionTest extends TestCase { private String VERSION_REGEX = "spdx-schema-v(\\d+\\.\\d+(\\.\\d+)?)\\.json"; public void testLatestSpdxSchemaVersionIsUpToDate() throws IOException { // Step 1: Find the latest JSON schema file in the resources directory Path resourcesDir = Paths.get("resources"); - - Optional latestSchemaFile = Files.list(resourcesDir) .filter(path -> path.getFileName().toString().matches(VERSION_REGEX)) .max(Comparator.comparing(path -> parseVersion(path.getFileName().toString()), versionComparator)); - assertTrue("No SPDX schema file found in resources directory.", latestSchemaFile.isPresent()); From ea9cd8c5c266caec6260377612a403cfa0dfc15f Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Thu, 17 Apr 2025 20:01:01 +0100 Subject: [PATCH 16/94] Use URI.created().toURL() instead of new URL() - URI.created().toURL() is available since Java 1.4 - new URL() (constructor) is deprecated in Java 20 Signed-off-by: Arthit Suriyawongkul --- .../java/org/spdx/tools/LatestSchemaVersionTest.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java index 38cdef5..b18a8f2 100644 --- a/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java +++ b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java @@ -1,7 +1,13 @@ +/** + * SPDX-FileContributor: Arthit Suriyawongkul + * SPDX-FileCopyrightText: 2025 SPDX contributors + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + */ package org.spdx.tools; import java.io.IOException; -import java.net.URL; +import java.net.URI; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -33,9 +39,7 @@ public void testLatestSpdxSchemaVersionIsUpToDate() throws IOException { // Step 2: Compare the content of the file with the content from the URL String localSchemaContent = Files.readString(schemaFilePath); String remoteSchemaUrl = "https://spdx.org/schema/" + version + "/spdx-json-schema.json"; - String remoteSchemaContent = IOUtils.toString(new URL(remoteSchemaUrl), "UTF-8"); - - // Step 3: Assert if the contents match + String remoteSchemaContent = IOUtils.toString(URI.create(remoteSchemaUrl).toURL(), "UTF-8"); assertEquals("The local SPDX schema file does not match the remote schema content.", localSchemaContent.trim(), remoteSchemaContent.trim()); } From 72f640da82da0732b72b4b7d2d293f59eb624ced Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 19 Apr 2025 08:47:14 +0100 Subject: [PATCH 17/94] Update SPDX libraries version in POM - java-spdx-library to 2.0.0 - spdx-rdf-store to 2.0.0 - spdx-jackson-store to 2.0.0 - spdx-spreadsheet-store to 2.0.0 - spdx-tagvalue-store to 2.0.0 - spdx-v3jsonld-store to 1.0.0 Signed-off-by: Arthit Suriyawongkul --- pom.xml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/pom.xml b/pom.xml index 09217e6..9e36469 100644 --- a/pom.xml +++ b/pom.xml @@ -111,6 +111,11 @@ commons-compress 1.27.1 + + org.apache.ws.xmlschema + xmlschema-core + 2.3.0 + junit junit @@ -120,32 +125,32 @@ org.spdx java-spdx-library - 2.0.0-RC2 + 2.0.0 org.spdx spdx-rdf-store - 2.0.0-RC2 + 2.0.0 org.spdx spdx-jackson-store - 2.0.0-RC2 - - - org.apache.ws.xmlschema - xmlschema-core - 2.3.0 + 2.0.0 org.spdx spdx-spreadsheet-store - 2.0.0-RC2 + 2.0.0 org.spdx spdx-tagvalue-store - 2.0.0-RC2 + 2.0.0 + + + org.spdx + spdx-v3jsonld-store + 1.0.0 com.networknt @@ -157,11 +162,6 @@ slf4j-simple 2.0.13 true - - - org.spdx - spdx-v3jsonld-store - 1.0.0-RC3 org.apache.poi From c3ccecddca50ea1d54a2a4eed5d47b023b19382d Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 19 Apr 2025 09:16:12 +0100 Subject: [PATCH 18/94] Update com.networknt:json-schema-validator Signed-off-by: Arthit Suriyawongkul --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 9e36469..4b1b3a0 100644 --- a/pom.xml +++ b/pom.xml @@ -155,18 +155,18 @@ com.networknt json-schema-validator - 1.5.1 + 1.5.6 org.slf4j slf4j-simple - 2.0.13 + 2.0.17 true org.apache.poi poi - 5.3.0 + 5.4.1 compile From eb643597389b696269a42187d58d2069e45c32be Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 19 Apr 2025 13:49:19 +0100 Subject: [PATCH 19/94] Only update dep to latest patch version Signed-off-by: Arthit Suriyawongkul --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 4b1b3a0..bb7fd2c 100644 --- a/pom.xml +++ b/pom.xml @@ -114,12 +114,12 @@ org.apache.ws.xmlschema xmlschema-core - 2.3.0 + 2.3.1 junit junit - 4.13.1 + 4.13.2 test @@ -166,7 +166,7 @@ org.apache.poi poi - 5.4.1 + 5.3.0 compile From e40d75e9245857b9ed4a49206f8550f8cfcadfff Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 19 Apr 2025 13:57:18 +0100 Subject: [PATCH 20/94] Update org.apache.poi/poi to 5.4.1 Signed-off-by: Arthit Suriyawongkul --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bb7fd2c..3c8076b 100644 --- a/pom.xml +++ b/pom.xml @@ -166,7 +166,7 @@ org.apache.poi poi - 5.3.0 + 5.4.1 compile From da2c3b98a6b8bbad25e6d1a5d7ce80372b19bf68 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Sat, 19 Apr 2025 11:42:20 -0700 Subject: [PATCH 21/94] Normalize whitespace in schema compare unit test Fixes an issue where the compare fails if run on a windows environment where CRLF is used instead of LF --- src/test/java/org/spdx/tools/LatestSchemaVersionTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java index b18a8f2..90e517e 100644 --- a/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java +++ b/src/test/java/org/spdx/tools/LatestSchemaVersionTest.java @@ -37,9 +37,9 @@ public void testLatestSpdxSchemaVersionIsUpToDate() throws IOException { String version = extractVersionNumber(fileName); // Step 2: Compare the content of the file with the content from the URL - String localSchemaContent = Files.readString(schemaFilePath); + String localSchemaContent = Files.readString(schemaFilePath).replaceAll("\\s+", " "); String remoteSchemaUrl = "https://spdx.org/schema/" + version + "/spdx-json-schema.json"; - String remoteSchemaContent = IOUtils.toString(URI.create(remoteSchemaUrl).toURL(), "UTF-8"); + String remoteSchemaContent = IOUtils.toString(URI.create(remoteSchemaUrl).toURL(), "UTF-8").replaceAll("\\s+", " "); assertEquals("The local SPDX schema file does not match the remote schema content.", localSchemaContent.trim(), remoteSchemaContent.trim()); } From 334392ff5009783e67da64fed375010e2353fc54 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Sat, 19 Apr 2025 15:40:40 -0700 Subject: [PATCH 22/94] [maven-release-plugin] prepare release v2.0.0 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 3c8076b..3992454 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.0-RC3-SNAPSHOT + 2.0.0 jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - master + v2.0.0 Github From 870a1158d0c70536d40243fe9516b17143d435fd Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Sat, 19 Apr 2025 15:40:45 -0700 Subject: [PATCH 23/94] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 3992454..eb077e4 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.0 + 2.0.1-SNAPSHOT jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - v2.0.0 + master Github From 2bc50e88f701299a253e1eb551460d93f6239baf Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 20 Apr 2025 02:39:38 +0100 Subject: [PATCH 24/94] spdx-maven-plugin == 1.0.0 Signed-off-by: Arthit Suriyawongkul --- pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index eb077e4..8406243 100644 --- a/pom.xml +++ b/pom.xml @@ -129,12 +129,12 @@ org.spdx - spdx-rdf-store + spdx-jackson-store 2.0.0 org.spdx - spdx-jackson-store + spdx-rdf-store 2.0.0 @@ -263,7 +263,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 2.9 + 2.9.1 true 8 @@ -327,7 +327,7 @@ org.spdx spdx-maven-plugin - 0.7.3 + 1.0.0 build-spdx From 2910e355f356ed226f2c8546c63c97a24e2aa623 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 23 Apr 2025 11:17:39 -0700 Subject: [PATCH 25/94] Fix Shade plugin version to 3.2.4 Fixes #201 Later versions of the shade plugin strip out the dependencies in the POM file. --- pom.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8406243..597e6b8 100644 --- a/pom.xml +++ b/pom.xml @@ -285,7 +285,8 @@ org.apache.maven.plugins maven-shade-plugin - 3.4.1 + 3.2.4 + true jar-with-dependencies From 742af94d919964eb327c132b29893df83e19dc84 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 28 Apr 2025 14:28:23 +0100 Subject: [PATCH 26/94] Update JAR name in command line examples to 2.0.0 - Update JAR name in command line examples to version 2.0.0 - Fix few Markdown issues - Add Javadoc link --- README.md | 121 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 71 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index 2453b1a..01e4add 100644 --- a/README.md +++ b/README.md @@ -1,122 +1,143 @@ -# Overview +# SPDX Tools + +[![javadoc](https://javadoc.io/badge2/org.spdx/tools-java/javadoc.svg)](https://javadoc.io/doc/org.spdx/tools-java) + +A command-line utility for creating, converting, comparing, +and validating SPDX documents across multiple formats. + The Software Package Data Exchange (SPDX) specification is a standard format for communicating the components, licenses and copyrights associated with a software package. - * [SPDX License List](http://spdx.org/licenses/) - * [SPDX Vocabulary Specification](http://spdx.org/rdf/terms) +* [SPDX License List](https://spdx.org/licenses/) +* [SPDX Vocabulary Specification](https://spdx.org/specifications) -These tools are published by the SPDX Workgroup -see [http://spdx.org/](http://spdx.org/) +These tools are published by the SPDX Workgroup, +see ## Versions Supported + This utility supports versions 2.0, 2.1, 2.2, 2.3 and 3.0.1 of the SPDX specification. -# Code quality badges +## Code quality badges -| [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=bugs)](https://sonarcloud.io/dashboard?id=tools-java) | [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=security_rating)](https://sonarcloud.io/dashboard?id=tools-java) | [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=tools-java) | [![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_index)](https://sonarcloud.io/dashboard?id=tools-java) | +[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=bugs)](https://sonarcloud.io/dashboard?id=tools-java) +[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=security_rating)](https://sonarcloud.io/dashboard?id=tools-java) +[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=tools-java) +[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=tools-java&metric=sqale_index)](https://sonarcloud.io/dashboard?id=tools-java) ## Getting Starting -The SPDX Tool binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://search.maven.org/artifact/org.spdx/tools-java) (organization org.spdx, artifact tools-java). +The SPDX Tools binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://search.maven.org/artifact/org.spdx/tools-java) (organization org.spdx, artifact tools-java). See the Syntax section below for the commands available. If you are a developer, there are examples in the [examples folder](examples/org/spdx/examples). -## Contributing -See the file CONTRIBUTING.md for information on making contributions to the SPDX tools. - -## Issues -Report any security related issues by sending an email to [spdx-tools-security@lists.spdx.org](mailto:spdx-tools-security@lists.spdx.org) - -Non-security related issues should be added to the [SPDX tools issues list](https://github.com/spdx/tools-java/issues) - ## Syntax -The command line interface of the spdx tools can be used like this: - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar +The command line interface of the SPDX Tools can be used like this: + + java -jar tools-java-2.0.0-jar-with-dependencies.jar ## SPDX format converters -The following converter tools support spdx format: - * Tag - * RDF/XML - * XLSX Spreadsheet - * XLS Spreadsheet - * JSON - * XML - * YAML - * JSON-LD (SPDX spec version 3.0.1) +The following converter tools support SPDX format: -Example to convert a SPDX file from tag to rdf format: +* Tag +* RDF/XML +* XLSX Spreadsheet +* XLS Spreadsheet +* JSON +* XML +* YAML +* JSON-LD (SPDX spec version 3.0.1) - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf +Example to convert a SPDX file from Tag to RDF format: + + java -jar tools-java-2.0.0-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.0-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: + * use the file extension `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: -``` -java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD -``` + + java -jar tools-java-2.0.0-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities -The following tools can be used to compare one or more SPDX documents: - * CompareMultipleSpdxDocs with files +The following tools can be used to compare one or more SPDX documents: - Example to compare multiple SPDX files provided in rdf format and provide a spreadsheet with the results: +* CompareMultipleSpdxDocs with files - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - * CompareMultipleSpdxDocs with directory + java -jar tools-java-2.0.0-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + +* CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.0-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer + The following tool can be used to "Pretty Print" an SPDX document. - * SPDXViewer +* SPDXViewer Sample usage: - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.0-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier + The following tool can be used to verify an SPDX document: - * Verify +* Verify Sample usage: - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.0-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators + The following tool can be used to generate an SPDX verification code from a directory of source files: - * GenerateVerificationCode sourceDirectory +* GenerateVerificationCode sourceDirectory Sample usage: - java -jar tools-java-2.0.0-RC2-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.0-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool + The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. The [SPDX Validation Tool](https://tools.spdx.org/app/validate/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. -# License +## License + A complete SPDX file is available including dependencies is available in the bintray and Maven repos. - SPDX-License-Identifier: Apache-2.0 - PackageLicenseDeclared: Apache-2.0 + SPDX-License-Identifier: Apache-2.0 + PackageLicenseDeclared: Apache-2.0 + +## Development -# Development +### Build -## Build You need [Apache Maven](http://maven.apache.org/) to build the project: mvn clean install +## Contributing + +See the file [CONTRIBUTING.md](./CONTRIBUTING.md) for information on +making contributions to the SPDX tools. + +## Issues + +Report any security related issues by sending an email to [spdx-tools-security@lists.spdx.org](mailto:spdx-tools-security@lists.spdx.org) + +Non-security related issues should be added to the [SPDX Tools issues list](https://github.com/spdx/tools-java/issues) From bf0c79d6df6da836ec2d9efcba699e34a11daf99 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 28 Apr 2025 11:04:55 -0700 Subject: [PATCH 27/94] Bump version of SPDX Jackson Store --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 597e6b8..bb2af32 100644 --- a/pom.xml +++ b/pom.xml @@ -130,7 +130,7 @@ org.spdx spdx-jackson-store - 2.0.0 + 2.0.1 org.spdx From cccac767593012795e1d879f30ebd60e87e1fde6 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 28 Apr 2025 11:52:26 -0700 Subject: [PATCH 28/94] [maven-release-plugin] prepare release v2.0.1 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index bb2af32..d19810f 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.1-SNAPSHOT + 2.0.1 jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - master + v2.0.1 Github From 4cc1d5370940e9e887613056a80d3cb0428b5b89 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 28 Apr 2025 11:52:31 -0700 Subject: [PATCH 29/94] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index d19810f..be095c6 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.1 + 2.0.2-SNAPSHOT jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - v2.0.1 + master Github From c3529341b5e0c5f36886025dc281c46a6d8950f2 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 28 Apr 2025 12:11:12 -0700 Subject: [PATCH 30/94] Update README examples with new release versions --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 01e4add..0c9b5e6 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ If you are a developer, there are examples in the [examples folder](examples/org The command line interface of the SPDX Tools can be used like this: - java -jar tools-java-2.0.0-jar-with-dependencies.jar + java -jar tools-java-2.0.1-jar-with-dependencies.jar ## SPDX format converters @@ -53,18 +53,18 @@ The following converter tools support SPDX format: Example to convert a SPDX file from Tag to RDF format: - java -jar tools-java-2.0.0-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.0-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: * use the file extension `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: - java -jar tools-java-2.0.0-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD + java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities @@ -74,13 +74,13 @@ The following tools can be used to compare one or more SPDX documents: Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - java -jar tools-java-2.0.0-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.1-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN * CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.0-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.1-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer @@ -90,7 +90,7 @@ The following tool can be used to "Pretty Print" an SPDX document. Sample usage: - java -jar tools-java-2.0.0-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.1-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier @@ -100,7 +100,7 @@ The following tool can be used to verify an SPDX document: Sample usage: - java -jar tools-java-2.0.0-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.1-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators @@ -110,7 +110,7 @@ The following tool can be used to generate an SPDX verification code from a dire Sample usage: - java -jar tools-java-2.0.0-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.1-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool From 3117fa430cd53df10416bf3c9764a0129e53a92e Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Thu, 1 May 2025 22:21:30 +0100 Subject: [PATCH 31/94] Update spdx-maven-plugin and spdx-jackson-store Signed-off-by: Arthit Suriyawongkul --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index be095c6..262e74c 100644 --- a/pom.xml +++ b/pom.xml @@ -130,7 +130,7 @@ org.spdx spdx-jackson-store - 2.0.1 + 2.0.2 org.spdx @@ -328,7 +328,7 @@ org.spdx spdx-maven-plugin - 1.0.0 + 1.0.2 build-spdx From 3b3d58718fb24ce8220ddc7ddb15357c5c4e50d3 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Wed, 28 May 2025 18:30:37 +0100 Subject: [PATCH 32/94] spdx-schema-v2.3.json: fix OPERATING-SYSTEM package intent For Wolfi container at cgr.dev/chainguard/wolfi-base, trivy for spdx json SBOM generates ```json { "name": "wolfi", "SPDXID": "SPDXRef-OperatingSystem-2bccf727fe0bc7f8", "versionInfo": "20230201", "downloadLocation": "NONE", "filesAnalyzed": false, "primaryPackagePurpose": "OPERATING-SYSTEM", "annotations": [ { "annotator": "Tool: trivy-0.62.1", "annotationDate": "2025-05-28T17:07:25Z", "annotationType": "OTHER", "comment": "Class: os-pkgs" }, { "annotator": "Tool: trivy-0.62.1", "annotationDate": "2025-05-28T17:07:25Z", "annotationType": "OTHER", "comment": "Type: wolfi" } ] } ``` Which fails validating with tools-java because "OPERATING-SYSTEM" value is with a dash, which matches the spec at https://spdx.github.io/spdx-spec/v2.3/package-information/#724-primary-package-purpose-field Given tools in wild follow the spec, imho it is relatively safe to update the schema here. Note we have PACKAGE_MANAGER PACKAGE-MANAGER saga before, so do help me validating any other tools that might be impacted, so far I see this schema file being the only one out of line. --- resources/spdx-schema-v2.3.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/spdx-schema-v2.3.json b/resources/spdx-schema-v2.3.json index 403d202..36c955a 100644 --- a/resources/spdx-schema-v2.3.json +++ b/resources/spdx-schema-v2.3.json @@ -413,7 +413,7 @@ "primaryPackagePurpose" : { "description" : "This field provides information about the primary purpose of the identified package. Package Purpose is intrinsic to how the package is being used rather than the content of the package.", "type" : "string", - "enum" : [ "OTHER", "INSTALL", "ARCHIVE", "FIRMWARE", "APPLICATION", "FRAMEWORK", "LIBRARY", "CONTAINER", "SOURCE", "DEVICE", "OPERATING_SYSTEM", "FILE" ] + "enum" : [ "OTHER", "INSTALL", "ARCHIVE", "FIRMWARE", "APPLICATION", "FRAMEWORK", "LIBRARY", "CONTAINER", "SOURCE", "DEVICE", "OPERATING-SYSTEM", "FILE" ] }, "releaseDate" : { "description" : "This field provides a place for recording the date the package was released.", From 751ec83dfe2e6d7f84bc9883d23945fdda010519 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Fri, 19 Sep 2025 10:29:02 +0100 Subject: [PATCH 33/94] Add dependabot Signed-off-by: Arthit Suriyawongkul --- .github/dependabot.yml | 8 ++++++++ pom.xml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3cddd8c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "weekly" + labels: + - "dependencies" diff --git a/pom.xml b/pom.xml index 262e74c..92dd8c1 100644 --- a/pom.xml +++ b/pom.xml @@ -55,7 +55,7 @@ https://sonarcloud.io spdx tools-java - 8.4.3 + 12.1.3 11 -Xdoclint:none From 4c30dff5da2d841fc8a3418969f4cbe2f0b08e6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 17:32:58 +0000 Subject: [PATCH 34/94] Bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.1 Bumps [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.2.1 to 3.3.1. - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](https://github.com/apache/maven-source-plugin/compare/maven-source-plugin-3.2.1...maven-source-plugin-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 92dd8c1..ee6bb64 100644 --- a/pom.xml +++ b/pom.xml @@ -67,7 +67,7 @@ org.apache.maven.plugins maven-source-plugin - 3.2.1 + 3.3.1 attach-sources From 370c1a28e9118a3ce0893ea1757a15754ad22890 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 16:02:11 +0000 Subject: [PATCH 35/94] Bump org.apache.maven.plugins:maven-compiler-plugin Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.11.0 to 3.14.1. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.11.0...maven-compiler-plugin-3.14.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-version: 3.14.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 92dd8c1..eae6f0a 100644 --- a/pom.xml +++ b/pom.xml @@ -252,7 +252,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.11.0 + 3.14.1 ${project.build.sourceEncoding} true From 84697949da749265bcf345590996c6dc7a28b4d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:58:33 +0000 Subject: [PATCH 36/94] Bump org.spdx:spdx-tagvalue-store from 2.0.0 to 2.0.1 Bumps [org.spdx:spdx-tagvalue-store](https://github.com/spdx/spdx-java-tagvalue-store) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/spdx/spdx-java-tagvalue-store/releases) - [Changelog](https://github.com/spdx/spdx-java-tagvalue-store/blob/master/RELEASE-CHECKLIST.md) - [Commits](https://github.com/spdx/spdx-java-tagvalue-store/compare/v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: org.spdx:spdx-tagvalue-store dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 61b6675..2d02f43 100644 --- a/pom.xml +++ b/pom.xml @@ -145,7 +145,7 @@ org.spdx spdx-tagvalue-store - 2.0.0 + 2.0.1 org.spdx From ce921e2677edca5bbf209ec667212aa52f27dfe8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Sep 2025 01:14:40 +0000 Subject: [PATCH 37/94] Bump org.spdx:spdx-maven-plugin from 1.0.2 to 1.0.3 Bumps [org.spdx:spdx-maven-plugin](https://github.com/spdx/spdx-maven-plugin) from 1.0.2 to 1.0.3. - [Release notes](https://github.com/spdx/spdx-maven-plugin/releases) - [Commits](https://github.com/spdx/spdx-maven-plugin/compare/v1.0.2...v1.0.3) --- updated-dependencies: - dependency-name: org.spdx:spdx-maven-plugin dependency-version: 1.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 61b6675..48e4de7 100644 --- a/pom.xml +++ b/pom.xml @@ -328,7 +328,7 @@ org.spdx spdx-maven-plugin - 1.0.2 + 1.0.3 build-spdx From 9699fee201f6b304e3ffc6af19a0a13daea3a47c Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sat, 27 Sep 2025 22:03:35 +0100 Subject: [PATCH 38/94] Update dependencies Signed-off-by: Arthit Suriyawongkul --- README.md | 2 ++ pom.xml | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 0c9b5e6..4c35262 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # SPDX Tools + +[![Maven Central Version](https://img.shields.io/maven-central/v/org.spdx/tools-java)](https://central.sonatype.com/artifact/org.spdx/tools-java) [![javadoc](https://javadoc.io/badge2/org.spdx/tools-java/javadoc.svg)](https://javadoc.io/doc/org.spdx/tools-java) A command-line utility for creating, converting, comparing, diff --git a/pom.xml b/pom.xml index 4a75eb7..d5cba73 100644 --- a/pom.xml +++ b/pom.xml @@ -55,7 +55,7 @@ https://sonarcloud.io spdx tools-java - 12.1.3 + 12.1.6 11 -Xdoclint:none @@ -104,12 +104,12 @@ commons-io commons-io - 2.16.1 + 2.20.0 org.apache.commons commons-compress - 1.27.1 + 1.28.0 org.apache.ws.xmlschema @@ -125,22 +125,22 @@ org.spdx java-spdx-library - 2.0.0 + 2.0.1 org.spdx spdx-jackson-store - 2.0.2 + 2.0.3 org.spdx spdx-rdf-store - 2.0.0 + 2.0.1 org.spdx spdx-spreadsheet-store - 2.0.0 + 2.0.1 org.spdx @@ -150,12 +150,12 @@ org.spdx spdx-v3jsonld-store - 1.0.0 + 1.0.1 com.networknt json-schema-validator - 1.5.6 + 1.5.9 org.slf4j @@ -172,7 +172,7 @@ org.apache.jena jena-core - 5.2.0 + 5.5.0 compile @@ -232,7 +232,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.2.1 + 3.6.1 enforce-java @@ -263,7 +263,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 2.9.1 + 2.10.4 true 8 From dcddeb4018c4b877385df35cb2c190f070b0ac5b Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 28 Sep 2025 03:36:28 +0100 Subject: [PATCH 39/94] Update Maven Central link Signed-off-by: Arthit Suriyawongkul --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 4c35262..79dcb8e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # SPDX Tools - [![Maven Central Version](https://img.shields.io/maven-central/v/org.spdx/tools-java)](https://central.sonatype.com/artifact/org.spdx/tools-java) [![javadoc](https://javadoc.io/badge2/org.spdx/tools-java/javadoc.svg)](https://javadoc.io/doc/org.spdx/tools-java) @@ -28,7 +27,7 @@ This utility supports versions 2.0, 2.1, 2.2, 2.3 and 3.0.1 of the SPDX specific ## Getting Starting -The SPDX Tools binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://search.maven.org/artifact/org.spdx/tools-java) (organization org.spdx, artifact tools-java). +The SPDX Tools binaries can be downloaded from the [releases page](https://github.com/spdx/tools-java/releases) under the respective release. The package is also available in [Maven Central](https://central.sonatype.com/artifact/org.spdx/tools-java) (organization `org.spdx`, artifact `tools-java`). See the Syntax section below for the commands available. From a5a2d5c75f09f6b1f06b1927998a86a9b63105d6 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 28 Sep 2025 03:47:33 +0100 Subject: [PATCH 40/94] Move jena-core back to 5.2.0 Signed-off-by: Arthit Suriyawongkul --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d5cba73..b642863 100644 --- a/pom.xml +++ b/pom.xml @@ -172,7 +172,7 @@ org.apache.jena jena-core - 5.5.0 + 5.4.0 compile From 43d6d4347ea96852aeea010a4f3df0968495c3f2 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Sat, 4 Oct 2025 13:50:17 -0700 Subject: [PATCH 41/94] Remove redundant dependencies These dependencies are included as transitive dependencies through other SPDX library modules. Removing these from the POM file to avoid possible version conflicts. This commit also includes a fix to a minor typo. --- pom.xml | 12 ------------ src/main/java/org/spdx/tools/SpdxToolsHelper.java | 2 +- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/pom.xml b/pom.xml index b642863..24483bf 100644 --- a/pom.xml +++ b/pom.xml @@ -163,18 +163,6 @@ 2.0.17 true - - org.apache.poi - poi - 5.4.1 - compile - - - org.apache.jena - jena-core - 5.4.0 - compile - diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index 4c37030..b7127d3 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -389,7 +389,7 @@ public static org.spdx.library.model.v3_0_1.core.SpdxDocument getDocFromStore(IS throw new InvalidSPDXAnalysisException("No SPDX version 3 documents in model store"); } if (docs.size() > 1) { - throw new InvalidSPDXAnalysisException("Multiple SPDX version 3 documents in modelSTore. There can only be one SPDX document."); + throw new InvalidSPDXAnalysisException("Multiple SPDX version 3 documents in modelStore. There can only be one SPDX document."); } return docs.get(0); } From e7071e18b5dfb43c817b4fd18bc338e0e0f97087 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 28 Sep 2025 21:24:22 +0100 Subject: [PATCH 42/94] Delete CONTRIBUTING.md from Spdx-Java-Library repo Remove CONTRIBUTING.md in src/ subdir, it is from `Spdx-Java-Library` repo. Update CONTRIBUTING.md in root to use `tools-java` name instead of `spdx-tools`. Signed-off-by: Arthit Suriyawongkul --- CONTRIBUTING.md | 4 +-- src/main/java/org/spdx/tools/CONTRIBUTING.md | 27 -------------------- 2 files changed, 2 insertions(+), 29 deletions(-) delete mode 100644 src/main/java/org/spdx/tools/CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c4a6f5f..096ae67 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -22,11 +22,11 @@ If you would like to work on a fix for any issue, please assign the issue to you Patches ------- -The source code for `spdx-tools` is hosted on [github.com/spdx/tools-java](https://github.com/spdx/tools-java). Please review [open pull requests](https://github.com/spdx/tools-java/pulls) and [active branches](https://github.com/spdx/tools-java/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. +The source code for `tools-java` is hosted on [github.com/spdx/tools-java](https://github.com/spdx/tools-java). Please review [open pull requests](https://github.com/spdx/tools-java/pulls) and [active branches](https://github.com/spdx/tools-java/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. To submit a patch via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. -To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.0"). +To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.1"). Once implemented, submit a pull request with `spec/X.X` branch as the parent branch. diff --git a/src/main/java/org/spdx/tools/CONTRIBUTING.md b/src/main/java/org/spdx/tools/CONTRIBUTING.md deleted file mode 100644 index a41d4ff..0000000 --- a/src/main/java/org/spdx/tools/CONTRIBUTING.md +++ /dev/null @@ -1,27 +0,0 @@ -Contributing -============ - -Thank you for your interest in `Spdx-Java-Library`. The project is open-source software, and bug reports, suggestions, and most especially patches are welcome. - -Issues ------- - -`Spdx-Java-Library` has a [project page on GitHub](https://github.com/spdx/Spdx-Java-Library) where you can [create an issue](https://github.com/spdx/Spdx-Java-Library/issues/new/choose) to report a bug, make a suggestion, or propose a substantial change or improvement that you might like to make. You may also wish to contact the SPDX working group technical team through its mailing list, [spdx-tech@lists.spdx.org](mailto:spdx-tech@lists.spdx.org). - -If you would like to work on a fix for any issue, please assign the issue to yourself prior to creating a Pull Request. - -Pull Requests -------- - -The source code for `Spdx-Java-Library` is hosted on [github.com/spdx/Spdx-Java-Library](https://github.com/spdx/Spdx-Java-Library). Please review [open pull requests](https://github.com/spdx/Spdx-Java-Library/pulls) and [active branches](https://github.com/spdx/Spdx-Java-Library/branches) before committing time to a substantial revision. Work along similar lines may already be in progress. - -To submit a pull request via GitHub, fork the repository, create a topic branch from `master` for your work, and send a pull request when ready. If you would prefer to send a patch or grant access to pull from your own Git repository, please contact the project's contributors by e-mail. - -To contribute an implementation of a feature defined by a version of the SPDX specification later than the one supported by the current SPDX Tools release, clone the branch `spec/X.X`, where X.X is the major.minor version of the targeted specification (e.g. "3.0"). - -Once implemented, submit a pull request with `spec/X.X` branch as the parent branch. - -Licensing ---------- - -However you choose to contribute, please sign-off in each of your commits that you license your contributions under the terms of [the Developer Certificate of Origin](https://developercertificate.org/). Git has utilities for signing off on commits: `git commit -s` signs a current commit, and `git rebase --signoff ` retroactively signs a range of past commits. From 9d127a9c94b6880b85603ccaf59b1ff27e37ab8f Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 28 Sep 2025 20:57:09 +0100 Subject: [PATCH 43/94] Add Javadoc build workflow Signed-off-by: Arthit Suriyawongkul --- .github/workflows/docs.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/docs.yml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..ff52f75 --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,36 @@ +name: Generate and publish API JavaDocs + +on: + push: + branches: [ master ] + +jobs: + docs: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + + - name: Set up JDK + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + with: + distribution: 'temurin' + java-version: 17 + + - name: Cache Maven packages + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + + - name: Generate docs + run: mvn javadoc:javadoc + + - name: Deploy docs + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./target/reports/apidocs From f0c497ddadac14e8f45af0caf91a7066c2e5228c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 Sep 2025 02:56:31 +0000 Subject: [PATCH 44/94] Bump org.apache.maven.plugins:maven-gpg-plugin from 1.6 to 3.2.8 Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 1.6 to 3.2.8. - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](https://github.com/apache/maven-gpg-plugin/compare/maven-gpg-plugin-1.6...maven-gpg-plugin-3.2.8) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-version: 3.2.8 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 24483bf..b457d8a 100644 --- a/pom.xml +++ b/pom.xml @@ -81,7 +81,7 @@ org.apache.maven.plugins maven-gpg-plugin - 1.6 + 3.2.8 sign-artifacts From ab405e8ad2d5966f4527129308551f441852bdfb Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 6 Oct 2025 11:06:42 -0700 Subject: [PATCH 45/94] Switch publishing from Sonatype to Central --- pom.xml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index b457d8a..ddbfbbc 100644 --- a/pom.xml +++ b/pom.xml @@ -43,13 +43,6 @@ Github Actions https://github.com/spdx/tools-java/actions - - - ossrh - spdx-spdx-tools - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - UTF-8 https://sonarcloud.io @@ -209,6 +202,15 @@ + + org.sonatype.central + central-publishing-maven-plugin + 0.7.0 + true + + central + + org.owasp dependency-check-maven From de71b804784e4671b9b47fa712ee8a4449ed2d9e Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 6 Oct 2025 11:27:50 -0700 Subject: [PATCH 46/94] Update JavaDocs config Fixes #229 Also updates the Verify.java file to remove JavaDoc warnings and a few other minor cleanups --- pom.xml | 10 +++------- src/main/java/org/spdx/tools/Verify.java | 11 ++++------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/pom.xml b/pom.xml index ddbfbbc..79fede0 100644 --- a/pom.xml +++ b/pom.xml @@ -253,19 +253,15 @@ org.apache.maven.plugins maven-javadoc-plugin - 2.10.4 + 3.11.3 true - 8 - ${env.JAVA_HOME}/bin/javadoc - -Xdoclint:none + true + all,-missing attach-javadocs - - ${javadoc.opts} - jar diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index 0942914..d4d050d 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -70,7 +70,7 @@ public static void main(String[] args) { System.exit(ERROR_STATUS); } if (args.length > MAX_ARGS) { - System.out.printf("Warning: Extra arguments will be ignored"); + System.out.println("Warning: Extra arguments will be ignored"); } SpdxToolsHelper.initialize(); List verify = null; @@ -104,20 +104,20 @@ public static void main(String[] args) { errors.add(verifyMsg); } } - if (errors.size() > 0) { + if (!errors.isEmpty()) { System.out.println("This SPDX Document is not valid due to:"); for (String errorMsg:errors) { System.out.print("\t" + errorMsg+"\n"); } } - if (warnings.size() > 0) { + if (!warnings.isEmpty()) { System.out.println("Warning: Deprecated license identifiers were found that should no longer be used.\n" + "References to the following deprecated license ID's should be updated:"); for (String warningMsg:warnings) { System.out.print("\t" + warningMsg+"\n"); } } - if (errors.size() == 0) { + if (errors.isEmpty()) { System.out.println("This SPDX Document is valid."); } else { System.exit(ERROR_STATUS); @@ -127,10 +127,7 @@ public static void main(String[] args) { /** * Verify a an SPDX file * @param filePath File path to the SPDX file to be verified - * @param fileType * @return A list of verification errors - if empty, the SPDX file is valid - * @throws InvalidFileNameException on invalid file name or file not found - * @throws IOException on IO error * @throws SpdxVerificationException where the SPDX file can not be parsed or the filename is invalid */ public static List verify(String filePath, SerFileType fileType) throws SpdxVerificationException { From 83fc970b9ad30865515255efb64b9081fae83084 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 16:16:15 +0000 Subject: [PATCH 47/94] Bump org.owasp:dependency-check-maven from 12.1.6 to 12.1.8 Bumps [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) from 12.1.6 to 12.1.8. - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/dependency-check/DependencyCheck/compare/v12.1.6...v12.1.8) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.1.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 79fede0..863dacf 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ https://sonarcloud.io spdx tools-java - 12.1.6 + 12.1.8 11 -Xdoclint:none From 1b5ec335eea26482b5f78cbd0589ac800281752b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 16:21:20 +0000 Subject: [PATCH 48/94] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.11.3 to 3.12.0. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.11.3...maven-javadoc-plugin-3.12.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 79fede0..a31cafc 100644 --- a/pom.xml +++ b/pom.xml @@ -253,7 +253,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.11.3 + 3.12.0 true true From 6fb32b711bbd2ac6a2950044b45e28a2b3651ff3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 16:21:13 +0000 Subject: [PATCH 49/94] Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.1 to 3.6.2 Bumps [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.6.1 to 3.6.2. - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.6.1...enforcer-3.6.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e2ec9e6..ba34074 100644 --- a/pom.xml +++ b/pom.xml @@ -222,7 +222,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.6.1 + 3.6.2 enforce-java From b51b10dc5f1e9f46c3f78a43cc56fe6c0d2e5778 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 16:13:23 +0000 Subject: [PATCH 50/94] Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 Bumps [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) from 3.0.1 to 3.1.1. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.0.1...maven-release-3.1.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ba34074..021f73c 100644 --- a/pom.xml +++ b/pom.xml @@ -354,7 +354,7 @@ org.apache.maven.plugins maven-release-plugin - 3.0.1 + 3.1.1 v@{project.version} release From 979c34cac6f45eace562e301ca0a901d5be0d012 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 16:15:28 +0000 Subject: [PATCH 51/94] Bump org.sonatype.central:central-publishing-maven-plugin Bumps [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin) from 0.7.0 to 0.9.0. - [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits) --- updated-dependencies: - dependency-name: org.sonatype.central:central-publishing-maven-plugin dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 021f73c..1c72fba 100644 --- a/pom.xml +++ b/pom.xml @@ -205,7 +205,7 @@ org.sonatype.central central-publishing-maven-plugin - 0.7.0 + 0.9.0 true central From cd8332cab3ac40d47ee92603939c7544ec36e179 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 15 Oct 2025 10:38:18 -0700 Subject: [PATCH 52/94] Suppress false positives in dependency track report --- dependency-check-supress.xml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/dependency-check-supress.xml b/dependency-check-supress.xml index 442d77a..0eb63bd 100644 --- a/dependency-check-supress.xml +++ b/dependency-check-supress.xml @@ -1,4 +1,19 @@ - + + + ^pkg:maven/com\.ibm\.icu/icu4j@.*$ + CVE-2025-5222 + + + + ^pkg:maven/org\.spdx/spdx-java-model-2_X@.*$ + cpe:/a:x.org:x.org + \ No newline at end of file From cece6e2de1a4cbaf7259998107bff04f5243a3d8 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 15 Oct 2025 10:49:31 -0700 Subject: [PATCH 53/94] [maven-release-plugin] prepare release v2.0.2 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 1c72fba..59639da 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.2-SNAPSHOT + 2.0.2 jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - master + v2.0.2 Github From c34ce2254bd39e35255ff956d0891669225b627b Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 15 Oct 2025 10:49:36 -0700 Subject: [PATCH 54/94] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 59639da..a47a2b1 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.2 + 2.0.3-SNAPSHOT jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - v2.0.2 + master Github From 23bd470259f55641eb72b0c5d733edac014a4554 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 27 Oct 2025 11:50:14 -0700 Subject: [PATCH 55/94] Update README with current tools version --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 79dcb8e..2037d3b 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ If you are a developer, there are examples in the [examples folder](examples/org The command line interface of the SPDX Tools can be used like this: - java -jar tools-java-2.0.1-jar-with-dependencies.jar + java -jar tools-java-2.0.2-jar-with-dependencies.jar ## SPDX format converters From d6fc9a505f90b7ed4ab23e5e21453ccf40f2b39b Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Thu, 30 Oct 2025 15:26:00 -0700 Subject: [PATCH 56/94] Draft example Java file to generate a full SPDX V3 JSONLD file --- .../ExistingSpdxDocumentV2Compat.java | 4 +- .../org/spdx/examples/FullSpdxV3Example.java | 308 ++++++++++++++++++ tools-java.iml | 8 + 3 files changed, 318 insertions(+), 2 deletions(-) create mode 100644 examples/org/spdx/examples/FullSpdxV3Example.java create mode 100644 tools-java.iml diff --git a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java index 584fdce..093dd7b 100644 --- a/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java +++ b/examples/org/spdx/examples/ExistingSpdxDocumentV2Compat.java @@ -30,9 +30,9 @@ * for this example is assumed to be JSON (e.g. the output of the SimpleSpdxDocumentV2Compat example). * Different format can be used by using the associated store rather than the spdx-jackson store * (e.g. spdx-spreadsheet-store, spdx-tagvalue-store, or the spdx-rdf-store). - * + *

* This example depends on the Spdx-Java-Library and the spdx-java-jackson store libraries - * + *

* @author Gary O'Neall */ public class ExistingSpdxDocumentV2Compat { diff --git a/examples/org/spdx/examples/FullSpdxV3Example.java b/examples/org/spdx/examples/FullSpdxV3Example.java new file mode 100644 index 0000000..b2fd183 --- /dev/null +++ b/examples/org/spdx/examples/FullSpdxV3Example.java @@ -0,0 +1,308 @@ +package org.spdx.examples; + + +import org.spdx.core.DefaultModelStore; +import org.spdx.core.IModelCopyManager; +import org.spdx.core.InvalidSPDXAnalysisException; +import org.spdx.library.LicenseInfoFactory; +import org.spdx.library.ModelCopyManager; +import org.spdx.library.SpdxModelFactory; +import org.spdx.library.model.v2.SpdxConstantsCompatV2; +import org.spdx.library.model.v3_0_1.SpdxConstantsV3; +import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; +import org.spdx.library.model.v3_0_1.core.*; +import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; +import org.spdx.library.model.v3_0_1.software.*; +import org.spdx.storage.IModelStore; +import org.spdx.storage.ISerializableModelStore; +import org.spdx.storage.simple.InMemSpdxStore; +import org.spdx.v3jsonldstore.JsonLDStore; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.OutputStream; +import java.time.LocalDateTime; +import java.time.format.DateTimeFormatter; +import java.util.ArrayList; + +/** + * This class attempts to implement all the SPDX specification classes and most of the properties. + *

+ * It will generate a resulting serialization that can be used as a full serialization example. + *

+ *

+ * This example is current as of the version 3.0.1 of the SPDX Specification + *

+ */ +public class FullSpdxV3Example { + + static final DateTimeFormatter SPDX_DATE_FORMATTER = DateTimeFormatter.ofPattern(SpdxConstantsCompatV2.SPDX_DATE_FORMAT); + /** + * @param args args[0] is the file path for the output serialized file + */ + public static void main(String[] args) throws Exception { + if (args.length != 1) { + usage(); + System.exit(1); + } + File outFile = new File(args[0]); + if (outFile.exists()) { + System.out.printf("%s already exists.\n", args[0]); + System.exit(1); + } + if (!outFile.createNewFile()) { + System.out.printf("Unable to create file %s\n", args[0]); + System.exit(1); + } + if (!outFile.canWrite()) { + System.out.printf("Can not write to file %s\n", args[0]); + System.exit(1); + } + SpdxModelFactory.init(); + IModelCopyManager copyManager = new ModelCopyManager(); + try (ISerializableModelStore modelStore = new JsonLDStore(new InMemSpdxStore())) { + String prefix = "https://spdx.github.io/spdx-spec/v3.0.1/examples/full-example-eaa46bdcfa20#"; + DefaultModelStore.initialize(modelStore, prefix, copyManager); + CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( + modelStore, prefix + "garyagent", "Gary O'Neall", + copyManager); + SpdxDocument doc = creationInfo.createSpdxDocument(prefix + "document") + .setDataLicense(LicenseInfoFactory.getListedLicenseById("CC0")) + .addNamespaceMap(creationInfo.createNamespaceMap(modelStore.getNextId(IModelStore.IdType.Anonymous)) + .setNamespace(prefix) + .setPrefix("example") + .build()) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.BUILD) + .addProfileConformance(ProfileIdentifierType.AI) + .addProfileConformance(ProfileIdentifierType.DATASET) + .addProfileConformance(ProfileIdentifierType.SECURITY) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + addCoreClasses(prefix, doc); + Sbom sbom = addSoftwareClasses(prefix, doc); + try (OutputStream outStream = new FileOutputStream(outFile)) { + modelStore.serialize(outStream); + } + } + } + + private static void addCoreClasses(String prefix, SpdxDocument doc) throws InvalidSPDXAnalysisException { + // Agent - Abstract, already in creation info + // Annotation + doc.getElements().add(doc.createAnnotation(prefix + "docannotation") + .setStatement("This document is for example purposes only") + .setAnnotationType(AnnotationType.OTHER) + .setSubject(doc) + .build()); + // Artifact - Abstract - used in software package and several others + // Bom - will be used as an AI BOM and software BOM + // Bundle + doc.getElements().add(doc.createBundle(prefix + "bundle") + .setComment("This is just an example of a concrete Bundle class - the elements are not used elsewhere in the SPDX document") + .setContext("Custom Licenses") + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense1") + .setLicenseText("This is a custom license text number one.") + .build()) + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense2") + .setLicenseText("This is a custom license text number two.") + .build()) + .build()); + // CreationInfo - Already created + // DictionaryEntry - TODO: Change to make sure it has been created + // Element - Abstract + // ElementCollection - Abstract + // ExternalIdentifier - TODO: Change to make sure it has been created + // Organization + doc.getCreationInfo().getCreatedBys().add(doc.createOrganization(prefix + "spdxorg") + .setName("System Package Data Exchange (SPDX)") + .build()); + // ExternalMap + String orgLocation = "https://external/organization/spdxdata"; + String orgPrefix = orgLocation + "#"; + String orgUri = orgPrefix + "org"; + ExternalOrganization externalOrg = new ExternalOrganization(doc.getModelStore(), + orgUri, doc.getCopyManager(), + true, orgLocation); + doc.getCreationInfo().getCreatedBys().add(externalOrg); + doc.getSpdxImports().add(doc.createExternalMap(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setExternalSpdxId(orgUri) + .setLocationHint(orgLocation) + .build()); + // Hash - Used in file + // IndividualElement - Used in software package originated by + // IntegrityMethod - Used in file and package + // LifecycleScopedRelationship - TODO: Change to make sure it has been created + // NamespaceMap - Used in doc already + // PackageVerificationCode - Going to ignore - deprecated + // Person - Used in creation info + // PositiveIntegerRange - TODO: Change to make sure it has been created + // Relationship - Used in software + // SoftwareAgent + doc.getCreationInfo().getCreatedBys().add(doc.createSoftwareAgent(prefix + "softwareagent") + .setName("SPDX Spec Github CI") + .build()); + // SpdxDocument - already used + // ExternalRef + // Tool + doc.getCreationInfo().getCreatedUsings().add(doc.createTool(prefix + "creationtool") + .setName("tools-java") + .setComment("Created by the FullSpdxV3Example.java utility in tools-java") + .addExternalRef(doc.createExternalRef(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java") + .build()) + .build()); + + } + + private static Sbom addSoftwareClasses(String prefix, SpdxDocument doc) throws InvalidSPDXAnalysisException { + // Sbom + Sbom sbom = doc.createSbom(prefix + "aibom") + .setName("AI SBOM") + .addSbomType(SbomType.ANALYZED) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.BUILD) + .addProfileConformance(ProfileIdentifierType.SECURITY) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.getElements().add(sbom); + doc.getRootElements().add(sbom); + // Package + SpdxPackage pkg = doc.createSpdxPackage(prefix + "tools-java") + .setName("tools-java") + .setPrimaryPurpose(SoftwarePurpose.APPLICATION) + .addAdditionalPurpose(SoftwarePurpose.LIBRARY) + .addAttributionText("Maintained by the SPDX Community") + .setBuiltTime(LocalDateTime.of(2025, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + // ContentIdentifier + .addContentIdentifier(doc.createContentIdentifier(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setContentIdentifierType(ContentIdentifierType.GITOID) + .setContentIdentifierValue("23bd470259f55641eb72b0c5d733edac014a4554") + .build()) + .setCopyrightText("Copyright (c) Source Auditor Inc.") + .setDescription("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .setDownloadLocation("https://github.com/spdx/tools-java/releases/download/v2.0.2/tools-java-2.0.2.zip") + .addExternalIdentifier(doc.createExternalIdentifier(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setExternalIdentifierType(ExternalIdentifierType.URL_SCHEME) + .setIdentifier("https://github.com/spdx/tools-java") + .setIssuingAuthority("GitHub") + .build()) + .addExternalRef(doc.createExternalRef(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java:jar:2.0.2") + .build()) + .setPackageUrl("pkg:maven/org.spdx/tools-java@2.0.2") + .setPackageVersion("2.0.2") + .setReleaseTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .setSourceInfo("This package came from the original source - the official SPDX GitHub repo and build process") + .addStandardName("SPDX Version 2.X and SPDX Version 3.0") + .setHomePage("https://github.com/spdx/tools-java") + .addOriginatedBy(new SpdxOrganization()) + .setSuppliedBy(new SpdxOrganization()) + .setSummary("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .addSupportLevel(SupportType.LIMITED_SUPPORT) + .setValidUntilTime(LocalDateTime.of(2027, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + .addVerifiedUsing(doc.createHash(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("c37ce759c3867780d55791a1804101d288fa921e77ed791e6c053fd5d7513d0d") + .build()) + .build(); + doc.getElements().add(pkg); + sbom.getElements().add(pkg); + sbom.getRootElements().add(pkg); + // File + SpdxFile sourceFile = doc.createSpdxFile(prefix + "example-source") + .setPrimaryPurpose(SoftwarePurpose.SOURCE) + .setContentType("text/plain") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setFileKind(FileKindType.FILE) + .setName("./examples/org/spdx/examples/FullSpdxV3Example.java") + .build(); + sbom.getElements().add(sourceFile); + doc.getElements().add(sourceFile); + // Relationships - declared license, concluded license, generated from + doc.getElements().add(doc.createRelationship(prefix + "example-source-to-pkg") + .setRelationshipType(RelationshipType.GENERATES) + .setFrom(sourceFile) + .addTo(pkg) + .build()); + AnyLicenseInfo declared = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + AnyLicenseInfo concluded = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + doc.getElements().add(doc.createRelationship(prefix + "source-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(sourceFile) + .addTo(declared) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "source-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(sourceFile) + .addTo(concluded) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(pkg) + .addTo(declared) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(pkg) + .addTo(concluded) + .build()); + // Snippet + Snippet snippet = doc.createSnippet(prefix + "snippet") + .addAttributionText("Example code created by Gary O'Neall") + .setDescription("Main method for the FullSpdxV3Example.java") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setByteRange(doc.createPositiveIntegerRange(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setBeginIntegerRange(43) + .setEndIntegerRange(89) + .build()) + .setLineRange(doc.createPositiveIntegerRange(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) + .setBeginIntegerRange(1548) + .setEndIntegerRange(3955) + .build()) + .setName("main(String[] args)") + .setSnippetFromFile(sourceFile) + .build(); + doc.getElements().add(snippet); + sbom.getElements().add(snippet); + doc.getElements().add(doc.createRelationship(prefix + "snippet-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(snippet) + .addTo(declared) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "snippet-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(snippet) + .addTo(concluded) + .build()); + // SoftwareArtifact - Abstract + return sbom; + } + + + private static void addAIandDataClasses(String prefix, SpdxDocument doc) throws InvalidSPDXAnalysisException { + Bom aiBom = doc.createBom(prefix + "aibom") + .setName("AI SBOM") + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.AI) + .addProfileConformance(ProfileIdentifierType.DATASET) + .build(); + doc.getElements().add(aiBom); + doc.getRootElements().add(aiBom); + } + + private static void usage() { + System.out.println("Generates an SPDX JSON-LD file containing all of the supported classes."); + System.out.println("Usage: FullSpdxV3Example outputfile"); + } +} diff --git a/tools-java.iml b/tools-java.iml new file mode 100644 index 0000000..ae72666 --- /dev/null +++ b/tools-java.iml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file From 6919563e8bf5f7c3090209d619febe688905cc53 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Sun, 2 Nov 2025 13:56:32 -0800 Subject: [PATCH 57/94] Complete SPDX V3 example generation The following classes are not included: Extension - due to validation issue ExploitCatalogVulnAssessmentRelationship - due to an inconsistency with the locator property between the Java generated code and the current JSON schema Signed-off-by: Gary O'Neall --- .../org/spdx/examples/FullSpdxV3Example.java | 982 ++++++++++++++---- .../spdx/examples/SpdxExtensionExample.java | 28 + src/main/java/org/spdx/tools/Verify.java | 6 +- 3 files changed, 790 insertions(+), 226 deletions(-) create mode 100644 examples/org/spdx/examples/SpdxExtensionExample.java diff --git a/examples/org/spdx/examples/FullSpdxV3Example.java b/examples/org/spdx/examples/FullSpdxV3Example.java index b2fd183..2a42eb6 100644 --- a/examples/org/spdx/examples/FullSpdxV3Example.java +++ b/examples/org/spdx/examples/FullSpdxV3Example.java @@ -1,6 +1,13 @@ package org.spdx.examples; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion; +import com.networknt.schema.ValidationMessage; import org.spdx.core.DefaultModelStore; import org.spdx.core.IModelCopyManager; import org.spdx.core.InvalidSPDXAnalysisException; @@ -8,22 +15,36 @@ import org.spdx.library.ModelCopyManager; import org.spdx.library.SpdxModelFactory; import org.spdx.library.model.v2.SpdxConstantsCompatV2; -import org.spdx.library.model.v3_0_1.SpdxConstantsV3; import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; +import org.spdx.library.model.v3_0_1.ai.AIPackage; +import org.spdx.library.model.v3_0_1.ai.EnergyUnitType; +import org.spdx.library.model.v3_0_1.ai.SafetyRiskAssessmentType; +import org.spdx.library.model.v3_0_1.build.Build; import org.spdx.library.model.v3_0_1.core.*; +import org.spdx.library.model.v3_0_1.dataset.ConfidentialityLevelType; +import org.spdx.library.model.v3_0_1.dataset.DatasetAvailabilityType; +import org.spdx.library.model.v3_0_1.dataset.DatasetPackage; +import org.spdx.library.model.v3_0_1.dataset.DatasetType; +import org.spdx.library.model.v3_0_1.expandedlicensing.ExtendableLicense; +import org.spdx.library.model.v3_0_1.extension.Extension; +import org.spdx.library.model.v3_0_1.security.*; import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; +import org.spdx.library.model.v3_0_1.simplelicensing.SimpleLicensingText; import org.spdx.library.model.v3_0_1.software.*; import org.spdx.storage.IModelStore; -import org.spdx.storage.ISerializableModelStore; import org.spdx.storage.simple.InMemSpdxStore; +import org.spdx.tools.Verify; import org.spdx.v3jsonldstore.JsonLDStore; -import java.io.File; -import java.io.FileOutputStream; -import java.io.OutputStream; +import java.io.*; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; + /** * This class attempts to implement all the SPDX specification classes and most of the properties. @@ -37,6 +58,709 @@ public class FullSpdxV3Example { static final DateTimeFormatter SPDX_DATE_FORMATTER = DateTimeFormatter.ofPattern(SpdxConstantsCompatV2.SPDX_DATE_FORMAT); + static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); + + static class ExampleBuilder { + private String prefix = null; + private SpdxDocument doc = null; + private Sbom sBom = null; + private Bom aiBom = null; + private SpdxPackage pkg = null; + + public ExampleBuilder(String prefix, SpdxDocument doc) { + this.prefix = prefix; + this.doc = doc; + } + + void build() throws InvalidSPDXAnalysisException { + addCoreClasses(); + addSoftwareClasses(); + addAIandDataClasses(); + addSecurityClasses(); + addSimpleLicensingClasses(); + addExpandedLicensingClasses(); + addBuildClasses(); + addExtensionClasses(); + } + + private String getNextAnonId() throws InvalidSPDXAnalysisException { + return doc.getModelStore().getNextId(IModelStore.IdType.Anonymous); + } + + private void addExtensionClasses() throws InvalidSPDXAnalysisException { + // SpdxExtensionExample extension = new SpdxExtensionExample(doc.getModelStore(), prefix + "extension", doc.getCopyManager(), true, prefix); + // This currently causes a schema validation issue and depends on a fix in the v3JsonLD store + // extension.setExtensionProperty("Extension property value"); + // TODO: Add this back in after validation issues are addressed + Extension extension = doc.createCdxPropertiesExtension(prefix + "extension") + .addCdxProperty(doc.createCdxPropertyEntry(getNextAnonId()) + .setCdxPropName("cdxProperty") + .setCdxPropValue("value") + .build()) + .build(); + doc.getExtensions().add(extension); + } + + private void addBuildClasses() throws InvalidSPDXAnalysisException { + Build build = doc.createBuild(prefix + "build") + .setBuildType("https://github.com/spdx/tools-java/blob/master/pom.xml") + .setComment("Builds use the maven-release-plugin") + .setBuildStartTime(LocalDateTime.of(2025, 10, 15, 11, 42) + .format(SPDX_DATE_FORMATTER)) + .setBuildEndTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .addConfigSourceDigest(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("cc75cc9bfad1fb047f15fd60fe48806a9614c17bfee073e79e5ac3bd3e5d5271 ") + .build()) + .addConfigSourceEntrypoint("release") + .addConfigSourceUri("https://repo1.maven.org/maven2/org/spdx/tools-java/2.0.2/tools-java-2.0.2.pom") + .addEnvironment(doc.createDictionaryEntry(getNextAnonId()) + .setKey("OS") + .setValue("Windows11") + .build()) + .addParameter(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Next Snapshot Version") + .setValue("2.0.3-SNAPSHOT") + .build()) + .build(); + + // hasInput relationship + SpdxFile pomFile = doc.createSpdxFile(prefix + "pomfile") + .setName("pom.xml") + .setFileKind(FileKindType.FILE) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("cc75cc9bfad1fb047f15fd60fe48806a9614c17bfee073e79e5ac3bd3e5d5271") + .build()) + .build(); + doc.getElements().add(pomFile); + sBom.getElements().add(pomFile); + SpdxFile srcDir = doc.createSpdxFile(prefix + "src") + .setName("src") + .setFileKind(FileKindType.DIRECTORY) + .build(); + doc.getElements().add(srcDir); + sBom.getElements().add(srcDir); + Relationship hasInput = doc.createLifecycleScopedRelationship(prefix + "hasinput") + .setRelationshipType(RelationshipType.HAS_INPUT) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setScope(LifecycleScopeType.BUILD) + .setFrom(build) + .addTo(srcDir) + .addTo(pomFile) + .build(); + doc.getElements().add(hasInput); + SpdxFile jarWithDependencies = doc.createSpdxFile(prefix + "jarwdeps") + .setName("tools-java-2.0.2-jar-with-dependencies.jar") + .setFileKind(FileKindType.FILE) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("3b326e4ea0e901d71a58627ca14c7d7ec36fc7bdb01308a78de99de2171c7904") + .build()) + .build(); + doc.getElements().add(jarWithDependencies); + Relationship hasOutput = doc.createRelationship(prefix + "hasoutput") + .setRelationshipType(RelationshipType.HAS_OUTPUT) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(build) + .addTo(jarWithDependencies) + .build(); + doc.getElements().add(hasOutput); + } + + private void addExpandedLicensingClasses() throws InvalidSPDXAnalysisException { + // ConjunctiveLicenseSet + AnyLicenseInfo complexLicense = doc.createConjunctiveLicenseSet(prefix + "complexlicense") + // CustomLicense + .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense1") + .setLicenseText("This is the license text for my custom license") + .setName("Gary's Custom License") + .addSeeAlso("https://example.com") + .build()) + // OrLaterOperator + .addMember(doc.createOrLaterOperator(prefix + "complexorlater") + // ListedLicense + .setSubjectLicense(doc.createListedLicense("https://spdx.org/licenses/EPL-1.0") + .setName("Eclipse Public License 1.0") + .setLicenseText("Eclipse Public License - v 1.0\n\nTHE ACCOMPANYING PROGRAM IS PROVIDED" + + " UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION " + + "OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENTS ACCEPTANCE OF THIS AGREEMENT.\n\n1. " + + "DEFINITIONS\n\n\"Contribution\" means:\n a) in the case of the initial Contributor...") + .setIsFsfLibre(true) + .setComment("EPL replaced the CPL on 28 June 2005.") + .addSeeAlso("https://opensource.org/licenses/EPL-1.0") + .build()) + .build()) + // DisjunctiveLicenseSet + .addMember(doc.createDisjunctiveLicenseSet(prefix + "complexdisjunctive") + // WithAdditionOperator + .addMember(doc.createWithAdditionOperator(prefix + "complexwith") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("GPL-2.0-or-later")) + // ListedLicenseException + .setSubjectAddition(doc.createListedLicenseException("http://spdx.org/licenses/Autoconf-exception-2.0") + .setName("Autoconf exception 2.0") + .setComment("Typically used with GPL-2.0-only or GPL-2.0-or-later") + .setAdditionText("As a special exception, the Free Software Foundation gives unlimited " + + "permission to copy, distribute and modify the ...") + .addSeeAlso("http://ftp.gnu.org/gnu/autoconf/autoconf-2.59.tar.gz") + .build()) + .build()) + .addMember(doc.createWithAdditionOperator(prefix + "complexwithcustomaddition") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0")) + // CustomLicenseAddition + .setSubjectAddition(doc.createCustomLicenseAddition(prefix + "complexcustomaddition") + .setName("My License Addition") + .setAdditionText("Custom addition text - just for me") + .addSeeAlso("https://example.com") + .build()) + .build()) + // ExtendableLicense - Abstract + // IndividualLicensingInfo - used by listed license + // License - Abstract + .addMember(LicenseInfoFactory.parseSPDXLicenseString("MIT")) + .build()) + .build(); + doc.getElements().add(complexLicense); + } + + private void addSimpleLicensingClasses() throws InvalidSPDXAnalysisException { + // SimpleLicensingText + String simpleLicenseId = "LicenseRef-simpletext"; + String simpleAdditionId = "LicenseRef-simpleaddition"; + SimpleLicensingText slt = doc.createSimpleLicensingText(prefix + simpleLicenseId) + .setLicenseText("This is the license text to go with my license expression") + .build(); + doc.getElements().add(slt); + SimpleLicensingText simpleaddition = doc.createSimpleLicensingText(prefix + simpleAdditionId) + .setLicenseText("This is the custom addition text") + .build(); + doc.getElements().add(simpleaddition); + // LicenseExpression + doc.getElements().add(doc.createLicenseExpression(prefix + "licenseexpression") + .setLicenseExpression("Apache-2.0 AND " + simpleLicenseId + " WITH " + simpleAdditionId) + .addCustomIdToUri(doc.createDictionaryEntry(getNextAnonId()) + .setKey(simpleLicenseId) + .setValue(prefix + simpleLicenseId) + .build()) + .addCustomIdToUri(doc.createDictionaryEntry(getNextAnonId()) + .setKey(simpleAdditionId) + .setValue(prefix + simpleAdditionId) + .build()) + .build()); + // AnyLicenseInfo - Abstract + } + + private void addSecurityClasses() throws InvalidSPDXAnalysisException { + // First - let's add a dependeny with a known vulnerability + SpdxPackage log4j = doc.createSpdxPackage(prefix + "log4j") + .setName("Apache Log4j 2") + .setPackageVersion("2.14.1") + .setPackageUrl("pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1") + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.CPE23) + .setIssuingAuthority("NVD") + .setIdentifier("cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*") + .build()) + .build(); + doc.getElements().add(log4j); + sBom.getElements().add(log4j); + Relationship depRelationship = doc.createRelationship(prefix + "log4jdep") + .setFrom(pkg) + .addTo(log4j) + .setRelationshipType(RelationshipType.HAS_DYNAMIC_LINK) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build(); + doc.getElements().add(depRelationship); + sBom.getElements().add(depRelationship); + // Since we don't want the vulnerabilities to be in the more static SBOMs, let's create a different collection + Bundle securityBundle = doc.createBundle(prefix + "securitybundle") + .setContext("Security information related to "+sBom.getObjectUri()) + .build(); + // Vulnerability + Vulnerability vuln = doc.createVulnerability(prefix + "log4jvuln") + .setSummary("Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups.") + .setDescription("Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not " + + "protect from uncontrolled recursion from self-referential lookups. This allows an attacker " + + "with control over ...") + .setPublishedTime(LocalDateTime.of(2021, 12, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.CVE) + .setIdentifier("CVE-2021-45105") + .addIdentifierLocator("https://www.cve.org/CVERecord?id=CVE-2021-45105") + .build()) + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.SECURITY_ADVISORY) + .addLocator("https://nvd.nist.gov/vuln/detail/CVE-2021-45105") + .build()) + .build(); + doc.getElements().add(vuln); + securityBundle.getElements().add(vuln); + Relationship log4jVulnRel = doc.createRelationship(prefix + "log4jvulnrelationship") + .setRelationshipType(RelationshipType.HAS_ASSOCIATED_VULNERABILITY) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(log4j) + .addTo(vuln) + .build(); + doc.getElements().add(log4jVulnRel); + securityBundle.getElements().add(log4jVulnRel); + Relationship pkgVulnRel = doc.createRelationship(prefix + "pkgvulnrelationship") + .setRelationshipType(RelationshipType.HAS_ASSOCIATED_VULNERABILITY) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .setFrom(pkg) + .addTo(vuln) + .build(); + doc.getElements().add(pkgVulnRel); + securityBundle.getElements().add(pkgVulnRel); + // CvssV2VulnAssessmentRelationship + Agent supplierAgent = doc.createAgent(prefix + "assessmentagent") + .setName("Supplier of Assessments") + .setComment("This would be the supplier of the vulnerability assessments") + .build(); + CvssV2VulnAssessmentRelationship cvssV2 = doc.createCvssV2VulnAssessmentRelationship(prefix + "cvssv2vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setVectorString("(AV:N/AC:M/Au:N/C:P/I:N/A:N)") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV2); + securityBundle.getElements().add(cvssV2); + // CvssV3VulnAssessmentRelationship + CvssV3VulnAssessmentRelationship cvssV3 = doc.createCvssV3VulnAssessmentRelationship(prefix + "cvssv3vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setSeverity(CvssSeverityType.CRITICAL) + .setVectorString("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV3); + securityBundle.getElements().add(cvssV3); + // CvssV4VulnAssessmentRelationship + CvssV4VulnAssessmentRelationship cvssV4 = doc.createCvssV4VulnAssessmentRelationship(prefix + "cvssv4vuln") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setScore(5.0) + .setSeverity(CvssSeverityType.CRITICAL) + .setVectorString("(AV:N/AC:M/Au:N/C:P/I:N/A:N)") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(cvssV4); + securityBundle.getElements().add(cvssV4); + // EpssVulnAssessmentRelationship + EpssVulnAssessmentRelationship epss = doc.createEpssVulnAssessmentRelationship(prefix + "epss") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setProbability(0.01) + .setPercentile(0.4) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(epss); + securityBundle.getElements().add(epss); + // ExploitCatalogVulnAssessmentRelationship + //TODO: The schema has "locator" for the field while the generated Java code has "securityLocator" + //Need to regenerate the library then uncomment the example below +// ExploitCatalogVulnAssessmentRelationship excat = doc.createExploitCatalogVulnAssessmentRelationship(prefix + "exploitcat") +// .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) +// .setFrom(vuln) +// .addTo(log4j) +// .setCatalogType(ExploitCatalogType.KEV) +// .setSecurityLocator("https://www.cisa.gov/known-exploited-vulnerabilities-catalog") +// .setExploited(true) +// .setAssessedElement(log4j) +// .setSuppliedBy(supplierAgent) +// .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) +// .format(SPDX_DATE_FORMATTER)) +// .build(); +// doc.getElements().add(excat); +// securityBundle.getElements().add(excat); + + // SsvcVulnAssessmentRelationship + SsvcVulnAssessmentRelationship ssvs = doc.createSsvcVulnAssessmentRelationship(prefix + "ssvs") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setDecisionType(SsvcDecisionType.ACT) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(ssvs); + securityBundle.getElements().add(ssvs); + // VexAffectedVulnAssessmentRelationship + VexAffectedVulnAssessmentRelationship vexAffected = doc.createVexAffectedVulnAssessmentRelationship(prefix + "vexaffected") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(log4j) + .setActionStatement("Upgrade to version 2.20 or later") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexAffected); + securityBundle.getElements().add(vexAffected); + // VexFixedVulnAssessmentRelationship + VexFixedVulnAssessmentRelationship vexFixed = doc.createVexFixedVulnAssessmentRelationship(prefix + "vexfixed") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexFixed); + securityBundle.getElements().add(vexFixed); + // VexNotAffectedVulnAssessmentRelationship + VexNotAffectedVulnAssessmentRelationship vexNotAffected = doc.createVexNotAffectedVulnAssessmentRelationship(prefix + "vexnotaffected") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setJustificationType(VexJustificationType.INLINE_MITIGATIONS_ALREADY_EXIST) + .setImpactStatement("No longer using this vulnerable part of this library.") + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexNotAffected); + securityBundle.getElements().add(vexNotAffected); + // VexUnderInvestigationVulnAssessmentRelationship + VexUnderInvestigationVulnAssessmentRelationship vexUnderInvestigation = doc.createVexUnderInvestigationVulnAssessmentRelationship(prefix + "vexunderinvestigation") + .setRelationshipType(RelationshipType.AFFECTS) + .setFrom(vuln) + .addTo(pkg) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(vexUnderInvestigation); + securityBundle.getElements().add(vexUnderInvestigation); + // VexVulnAssessmentRelationship - Abstract + // VulnAssessmentRelationship - Abstract + } + + private void addCoreClasses() throws InvalidSPDXAnalysisException { + // Agent - Abstract, already in creation info + // Annotation + doc.getElements().add(doc.createAnnotation(prefix + "docannotation") + .setStatement("This document is for example purposes only") + .setAnnotationType(AnnotationType.OTHER) + .setSubject(doc) + .build()); + // Artifact - Abstract - used in software package and several others + // Bom - will be used as an AI BOM and software BOM + // Bundle + doc.getElements().add(doc.createBundle(prefix + "bundle") + .setComment("This is just an example of a concrete Bundle class - the elements are not used elsewhere in the SPDX document") + .setContext("Custom Licenses") + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense1") + .setLicenseText("This is a custom license text number one.") + .build()) + .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense2") + .setLicenseText("This is a custom license text number two.") + .build()) + .build()); + // CreationInfo - Already created + // DictionaryEntry - Used in several places including SimpleLicensing + // Element - Abstract + // ElementCollection - Abstract + // ExternalIdentifier - Used in Security profile + // Organization + doc.getCreationInfo().getCreatedBys().add(doc.createOrganization(prefix + "spdxorg") + .setName("System Package Data Exchange (SPDX)") + .build()); + // ExternalMap + String orgLocation = "https://external/organization/spdxdata"; + String orgPrefix = orgLocation + "#"; + String orgUri = orgPrefix + "org"; + ExternalOrganization externalOrg = new ExternalOrganization(doc.getModelStore(), + orgUri, doc.getCopyManager(), + true, orgLocation); + doc.getCreationInfo().getCreatedBys().add(externalOrg); + doc.getSpdxImports().add(doc.createExternalMap(getNextAnonId()) + .setExternalSpdxId(orgUri) + .setLocationHint(orgLocation) + .build()); + // Hash - Used in file + // IndividualElement - Used in software package originated by + // IntegrityMethod - Used in file and package + // LifecycleScopedRelationship + // NamespaceMap - Used in doc already + // PackageVerificationCode - Going to ignore - deprecated + // Person - Used in creation info + // PositiveIntegerRange - Used in snippets + // Relationship - Used in software + // SoftwareAgent + doc.getCreationInfo().getCreatedBys().add(doc.createSoftwareAgent(prefix + "softwareagent") + .setName("SPDX Spec Github CI") + .build()); + // SpdxDocument - already used + // ExternalRef + // Tool + doc.getCreationInfo().getCreatedUsings().add(doc.createTool(prefix + "creationtool") + .setName("tools-java") + .setComment("Created by the FullSpdxV3Example.java utility in tools-java") + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java") + .build()) + .build()); + + } + + private void addSoftwareClasses() throws InvalidSPDXAnalysisException { + // Sbom + sBom = doc.createSbom(prefix + "sbom") + .setName("AI SBOM") + .addSbomType(SbomType.ANALYZED) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.BUILD) + .addProfileConformance(ProfileIdentifierType.SECURITY) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.getElements().add(sBom); + doc.getRootElements().add(sBom); + // Package + pkg = doc.createSpdxPackage(prefix + "tools-java") + .setName("tools-java") + .setPrimaryPurpose(SoftwarePurpose.APPLICATION) + .addAdditionalPurpose(SoftwarePurpose.LIBRARY) + .addAttributionText("Maintained by the SPDX Community") + .setBuiltTime(LocalDateTime.of(2025, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + // ContentIdentifier + .addContentIdentifier(doc.createContentIdentifier(getNextAnonId()) + .setContentIdentifierType(ContentIdentifierType.GITOID) + .setContentIdentifierValue("23bd470259f55641eb72b0c5d733edac014a4554") + .build()) + .setCopyrightText("Copyright (c) Source Auditor Inc.") + .setDescription("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .setDownloadLocation("https://github.com/spdx/tools-java/releases/download/v2.0.2/tools-java-2.0.2.zip") + .addExternalIdentifier(doc.createExternalIdentifier(getNextAnonId()) + .setExternalIdentifierType(ExternalIdentifierType.URL_SCHEME) + .setIdentifier("https://github.com/spdx/tools-java") + .setIssuingAuthority("GitHub") + .build()) + .addExternalRef(doc.createExternalRef(getNextAnonId()) + .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) + .addLocator("org.spdx:tools-java:jar:2.0.2") + .build()) + .setPackageUrl("pkg:maven/org.spdx/tools-java@2.0.2") + .setPackageVersion("2.0.2") + .setReleaseTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .setSourceInfo("This package came from the original source - the official SPDX GitHub repo and build process") + .addStandardName("SPDX Version 2.X and SPDX Version 3.0") + .setHomePage("https://github.com/spdx/tools-java") + .addOriginatedBy(new SpdxOrganization()) + .setSuppliedBy(new SpdxOrganization()) + .setSummary("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") + .addSupportLevel(SupportType.LIMITED_SUPPORT) + .setValidUntilTime(LocalDateTime.of(2027, 10, 15, 9, 10) + .format(SPDX_DATE_FORMATTER)) + .addVerifiedUsing(doc.createHash(getNextAnonId()) + .setAlgorithm(HashAlgorithm.SHA256) + .setHashValue("c37ce759c3867780d55791a1804101d288fa921e77ed791e6c053fd5d7513d0d") + .build()) + .build(); + doc.getElements().add(pkg); + sBom.getElements().add(pkg); + sBom.getRootElements().add(pkg); + // File + SpdxFile sourceFile = doc.createSpdxFile(prefix + "example-source") + .setPrimaryPurpose(SoftwarePurpose.SOURCE) + .setContentType("text/plain") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setFileKind(FileKindType.FILE) + .setName("./examples/org/spdx/examples/FullSpdxV3Example.java") + .build(); + sBom.getElements().add(sourceFile); + doc.getElements().add(sourceFile); + // Relationships - declared license, concluded license, generated from + doc.getElements().add(doc.createRelationship(prefix + "example-source-to-pkg") + .setRelationshipType(RelationshipType.GENERATES) + .setFrom(sourceFile) + .addTo(pkg) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build()); + AnyLicenseInfo declared = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + AnyLicenseInfo concluded = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", + doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); + doc.getElements().add(doc.createRelationship(prefix + "source-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(sourceFile) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.NO_ASSERTION) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "source-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(sourceFile) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(pkg) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.NO_ASSERTION) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "pkg-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(pkg) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + // Snippet + Snippet snippet = doc.createSnippet(prefix + "snippet") + .addAttributionText("Example code created by Gary O'Neall") + .setDescription("Main method for the FullSpdxV3Example.java") + .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") + .setByteRange(doc.createPositiveIntegerRange(getNextAnonId()) + .setBeginIntegerRange(43) + .setEndIntegerRange(89) + .build()) + .setLineRange(doc.createPositiveIntegerRange(getNextAnonId()) + .setBeginIntegerRange(1548) + .setEndIntegerRange(3955) + .build()) + .setName("main(String[] args)") + .setSnippetFromFile(sourceFile) + .build(); + doc.getElements().add(snippet); + sBom.getElements().add(snippet); + doc.getElements().add(doc.createRelationship(prefix + "snippet-declared") + .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) + .setFrom(snippet) + .addTo(declared) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + doc.getElements().add(doc.createRelationship(prefix + "snippet-concluded") + .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) + .setFrom(snippet) + .addTo(concluded) + .setCompleteness(RelationshipCompleteness.COMPLETE) + .build()); + // SoftwareArtifact - Abstract + } + + private void addAIandDataClasses() throws InvalidSPDXAnalysisException { + aiBom = doc.createBom(prefix + "aibom") + .setName("AI SBOM") + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.AI) + .addProfileConformance(ProfileIdentifierType.DATASET) + .build(); + doc.getElements().add(aiBom); + doc.getRootElements().add(aiBom); + // DatasetPackage + DatasetPackage dataset = doc.createDatasetPackage(prefix + "dataset") + .addAnonymizationMethodUsed("Perturbation") + .setConfidentialityLevel(ConfidentialityLevelType.GREEN) + .setDataCollectionProcess("WWW data under open licenses") + .setDataCollectionProcess("Crawler") + .addDataPreprocessing("Anonymization using perturbation of sensitive data") + .setDatasetAvailability(DatasetAvailabilityType.QUERY) + .setDatasetNoise("Includes data input by humans - subject to error") + .setDatasetSize(4000000) + .addDatasetType(DatasetType.TEXT) + .setDatasetUpdateMechanism("Automated crawler") + .setHasSensitivePersonalInformation(PresenceType.NO) + .setIntendedUse("LLM training") + .addKnownBias("Typical human bias representative from the global WWW") + .addSensor(doc.createDictionaryEntry(getNextAnonId()) + .setKey("crawler") + .setValue("webcrawler") + .build()) + .setBuiltTime(LocalDateTime.of(2025, 10, 15, 11, 50) + .format(SPDX_DATE_FORMATTER)) + .addOriginatedBy(doc.createOrganization(prefix + "dataorg") + .setName("Data Corp.") + .build()) + .setReleaseTime(LocalDateTime.of(2025, 10, 22, 8, 50) + .format(SPDX_DATE_FORMATTER)) + .setDownloadLocation("https://com.data-corp.data/mydata") + .setPrimaryPurpose(SoftwarePurpose.DATA) + .build(); + doc.getElements().add(dataset); + aiBom.getElements().add(dataset); + // AIPackage + AIPackage aiPackage = doc.createAIPackage(prefix + "aipackage") + .setAutonomyType(PresenceType.YES) + .addDomain("Automotive") + // EnergyConsumption + .setEnergyConsumption(doc.createEnergyConsumption(getNextAnonId()) + // EnergyConsumptionDescription + .addFinetuningEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(150.0) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .addInferenceEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(0.7) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .addTrainingEnergyConsumption(doc.createEnergyConsumptionDescription(getNextAnonId()) + .setEnergyQuantity(15000.3) + .setEnergyUnit(EnergyUnitType.KILOWATT_HOUR) + .build()) + .build()) + .addHyperparameter(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Hidden layers") + .setValue("14") + .build()) + .setInformationAboutApplication("Used in self driving cars") + .setInformationAboutTraining("Trained from data collected from auto cameras, sensors and WWW") + .setLimitation("Limited by amount of situations encountered from autos used for training") + .addMetric(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Operator Interventions") + .setValue("432") + .build()) + .addMetricDecisionThreshold(doc.createDictionaryEntry(getNextAnonId()) + .setKey("Operator Interventions") + .setValue("100") + .build()) + .addModelDataPreprocessing("1. data cleaning") + .addModelExplainability("Behaviors from the auto driving car when observed from a safety driver") + .setSafetyRiskAssessment(SafetyRiskAssessmentType.SERIOUS) + .addStandardCompliance("UL 4600") + .addTypeOfModel("LLM") + .setUseSensitivePersonalInformation(PresenceType.NO) + .build(); + doc.getElements().add(aiPackage); + aiBom.getElements().add(aiPackage); + Relationship usesData = doc.createRelationship(prefix + "usesdata") + .setRelationshipType(RelationshipType.TRAINED_ON) + .setFrom(dataset) + .addTo(aiPackage) + .setCompleteness(RelationshipCompleteness.INCOMPLETE) + .build(); + } + } + /** * @param args args[0] is the file path for the output serialized file */ @@ -60,9 +784,11 @@ public static void main(String[] args) throws Exception { } SpdxModelFactory.init(); IModelCopyManager copyManager = new ModelCopyManager(); - try (ISerializableModelStore modelStore = new JsonLDStore(new InMemSpdxStore())) { - String prefix = "https://spdx.github.io/spdx-spec/v3.0.1/examples/full-example-eaa46bdcfa20#"; - DefaultModelStore.initialize(modelStore, prefix, copyManager); + try (JsonLDStore modelStore = new JsonLDStore(new InMemSpdxStore())) { + modelStore.setUseExternalListedElements(true); + String defaultDocUri = "https://spdx.github.io/spdx-spec/v3.0.1/examples/full-example-eaa46bdcfa20"; + String prefix = defaultDocUri + "#"; + DefaultModelStore.initialize(modelStore, defaultDocUri, copyManager); CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( modelStore, prefix + "garyagent", "Gary O'Neall", copyManager); @@ -80,227 +806,37 @@ public static void main(String[] args) throws Exception { .addProfileConformance(ProfileIdentifierType.SECURITY) .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) .build(); - addCoreClasses(prefix, doc); - Sbom sbom = addSoftwareClasses(prefix, doc); + doc.setIdPrefix(prefix); + ExampleBuilder builder = new ExampleBuilder(prefix, doc); + builder.build(); + + List warnings = doc.verify(); try (OutputStream outStream = new FileOutputStream(outFile)) { modelStore.serialize(outStream); } + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V202012); + JsonSchema schema; + try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { + schema = jsonSchemaFactory.getSchema(is); + } + JsonNode root; + try (InputStream is = new FileInputStream(outFile)) { + root = JSON_MAPPER.readTree(is); + } + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { + warnings.add(msg.toString()); + } + if (!warnings.isEmpty()) { + System.out.println("Generated document contains the following warnings:"); + for (String warning:warnings) { + System.out.print("\t"); + System.out.println(warning); + } + } } } - private static void addCoreClasses(String prefix, SpdxDocument doc) throws InvalidSPDXAnalysisException { - // Agent - Abstract, already in creation info - // Annotation - doc.getElements().add(doc.createAnnotation(prefix + "docannotation") - .setStatement("This document is for example purposes only") - .setAnnotationType(AnnotationType.OTHER) - .setSubject(doc) - .build()); - // Artifact - Abstract - used in software package and several others - // Bom - will be used as an AI BOM and software BOM - // Bundle - doc.getElements().add(doc.createBundle(prefix + "bundle") - .setComment("This is just an example of a concrete Bundle class - the elements are not used elsewhere in the SPDX document") - .setContext("Custom Licenses") - .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense1") - .setLicenseText("This is a custom license text number one.") - .build()) - .addElement(doc.createCustomLicense(prefix + "LicenseRef-CustomLicense2") - .setLicenseText("This is a custom license text number two.") - .build()) - .build()); - // CreationInfo - Already created - // DictionaryEntry - TODO: Change to make sure it has been created - // Element - Abstract - // ElementCollection - Abstract - // ExternalIdentifier - TODO: Change to make sure it has been created - // Organization - doc.getCreationInfo().getCreatedBys().add(doc.createOrganization(prefix + "spdxorg") - .setName("System Package Data Exchange (SPDX)") - .build()); - // ExternalMap - String orgLocation = "https://external/organization/spdxdata"; - String orgPrefix = orgLocation + "#"; - String orgUri = orgPrefix + "org"; - ExternalOrganization externalOrg = new ExternalOrganization(doc.getModelStore(), - orgUri, doc.getCopyManager(), - true, orgLocation); - doc.getCreationInfo().getCreatedBys().add(externalOrg); - doc.getSpdxImports().add(doc.createExternalMap(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setExternalSpdxId(orgUri) - .setLocationHint(orgLocation) - .build()); - // Hash - Used in file - // IndividualElement - Used in software package originated by - // IntegrityMethod - Used in file and package - // LifecycleScopedRelationship - TODO: Change to make sure it has been created - // NamespaceMap - Used in doc already - // PackageVerificationCode - Going to ignore - deprecated - // Person - Used in creation info - // PositiveIntegerRange - TODO: Change to make sure it has been created - // Relationship - Used in software - // SoftwareAgent - doc.getCreationInfo().getCreatedBys().add(doc.createSoftwareAgent(prefix + "softwareagent") - .setName("SPDX Spec Github CI") - .build()); - // SpdxDocument - already used - // ExternalRef - // Tool - doc.getCreationInfo().getCreatedUsings().add(doc.createTool(prefix + "creationtool") - .setName("tools-java") - .setComment("Created by the FullSpdxV3Example.java utility in tools-java") - .addExternalRef(doc.createExternalRef(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) - .addLocator("org.spdx:tools-java") - .build()) - .build()); - - } - - private static Sbom addSoftwareClasses(String prefix, SpdxDocument doc) throws InvalidSPDXAnalysisException { - // Sbom - Sbom sbom = doc.createSbom(prefix + "aibom") - .setName("AI SBOM") - .addSbomType(SbomType.ANALYZED) - .addProfileConformance(ProfileIdentifierType.CORE) - .addProfileConformance(ProfileIdentifierType.SOFTWARE) - .addProfileConformance(ProfileIdentifierType.BUILD) - .addProfileConformance(ProfileIdentifierType.SECURITY) - .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) - .build(); - doc.getElements().add(sbom); - doc.getRootElements().add(sbom); - // Package - SpdxPackage pkg = doc.createSpdxPackage(prefix + "tools-java") - .setName("tools-java") - .setPrimaryPurpose(SoftwarePurpose.APPLICATION) - .addAdditionalPurpose(SoftwarePurpose.LIBRARY) - .addAttributionText("Maintained by the SPDX Community") - .setBuiltTime(LocalDateTime.of(2025, 10, 15, 9, 10) - .format(SPDX_DATE_FORMATTER)) - // ContentIdentifier - .addContentIdentifier(doc.createContentIdentifier(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setContentIdentifierType(ContentIdentifierType.GITOID) - .setContentIdentifierValue("23bd470259f55641eb72b0c5d733edac014a4554") - .build()) - .setCopyrightText("Copyright (c) Source Auditor Inc.") - .setDescription("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") - .setDownloadLocation("https://github.com/spdx/tools-java/releases/download/v2.0.2/tools-java-2.0.2.zip") - .addExternalIdentifier(doc.createExternalIdentifier(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setExternalIdentifierType(ExternalIdentifierType.URL_SCHEME) - .setIdentifier("https://github.com/spdx/tools-java") - .setIssuingAuthority("GitHub") - .build()) - .addExternalRef(doc.createExternalRef(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setExternalRefType(ExternalRefType.MAVEN_CENTRAL) - .addLocator("org.spdx:tools-java:jar:2.0.2") - .build()) - .setPackageUrl("pkg:maven/org.spdx/tools-java@2.0.2") - .setPackageVersion("2.0.2") - .setReleaseTime(LocalDateTime.of(2025, 10, 15, 11, 50) - .format(SPDX_DATE_FORMATTER)) - .setSourceInfo("This package came from the original source - the official SPDX GitHub repo and build process") - .addStandardName("SPDX Version 2.X and SPDX Version 3.0") - .setHomePage("https://github.com/spdx/tools-java") - .addOriginatedBy(new SpdxOrganization()) - .setSuppliedBy(new SpdxOrganization()) - .setSummary("A command-line utility for creating, converting, comparing, and validating SPDX documents across multiple formats.") - .addSupportLevel(SupportType.LIMITED_SUPPORT) - .setValidUntilTime(LocalDateTime.of(2027, 10, 15, 9, 10) - .format(SPDX_DATE_FORMATTER)) - .addVerifiedUsing(doc.createHash(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setAlgorithm(HashAlgorithm.SHA256) - .setHashValue("c37ce759c3867780d55791a1804101d288fa921e77ed791e6c053fd5d7513d0d") - .build()) - .build(); - doc.getElements().add(pkg); - sbom.getElements().add(pkg); - sbom.getRootElements().add(pkg); - // File - SpdxFile sourceFile = doc.createSpdxFile(prefix + "example-source") - .setPrimaryPurpose(SoftwarePurpose.SOURCE) - .setContentType("text/plain") - .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") - .setFileKind(FileKindType.FILE) - .setName("./examples/org/spdx/examples/FullSpdxV3Example.java") - .build(); - sbom.getElements().add(sourceFile); - doc.getElements().add(sourceFile); - // Relationships - declared license, concluded license, generated from - doc.getElements().add(doc.createRelationship(prefix + "example-source-to-pkg") - .setRelationshipType(RelationshipType.GENERATES) - .setFrom(sourceFile) - .addTo(pkg) - .build()); - AnyLicenseInfo declared = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", - doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); - AnyLicenseInfo concluded = LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0", - doc.getModelStore(), prefix, doc.getCopyManager(), new ArrayList<>()); - doc.getElements().add(doc.createRelationship(prefix + "source-declared") - .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) - .setFrom(sourceFile) - .addTo(declared) - .build()); - doc.getElements().add(doc.createRelationship(prefix + "source-concluded") - .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) - .setFrom(sourceFile) - .addTo(concluded) - .build()); - doc.getElements().add(doc.createRelationship(prefix + "pkg-declared") - .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) - .setFrom(pkg) - .addTo(declared) - .build()); - doc.getElements().add(doc.createRelationship(prefix + "pkg-concluded") - .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) - .setFrom(pkg) - .addTo(concluded) - .build()); - // Snippet - Snippet snippet = doc.createSnippet(prefix + "snippet") - .addAttributionText("Example code created by Gary O'Neall") - .setDescription("Main method for the FullSpdxV3Example.java") - .setCopyrightText("Copyright (c) 2025 Source Auditor Inc.") - .setByteRange(doc.createPositiveIntegerRange(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setBeginIntegerRange(43) - .setEndIntegerRange(89) - .build()) - .setLineRange(doc.createPositiveIntegerRange(doc.getModelStore().getNextId(IModelStore.IdType.Anonymous)) - .setBeginIntegerRange(1548) - .setEndIntegerRange(3955) - .build()) - .setName("main(String[] args)") - .setSnippetFromFile(sourceFile) - .build(); - doc.getElements().add(snippet); - sbom.getElements().add(snippet); - doc.getElements().add(doc.createRelationship(prefix + "snippet-declared") - .setRelationshipType(RelationshipType.HAS_DECLARED_LICENSE) - .setFrom(snippet) - .addTo(declared) - .build()); - doc.getElements().add(doc.createRelationship(prefix + "snippet-concluded") - .setRelationshipType(RelationshipType.HAS_CONCLUDED_LICENSE) - .setFrom(snippet) - .addTo(concluded) - .build()); - // SoftwareArtifact - Abstract - return sbom; - } - - - private static void addAIandDataClasses(String prefix, SpdxDocument doc) throws InvalidSPDXAnalysisException { - Bom aiBom = doc.createBom(prefix + "aibom") - .setName("AI SBOM") - .addProfileConformance(ProfileIdentifierType.CORE) - .addProfileConformance(ProfileIdentifierType.SOFTWARE) - .addProfileConformance(ProfileIdentifierType.AI) - .addProfileConformance(ProfileIdentifierType.DATASET) - .build(); - doc.getElements().add(aiBom); - doc.getRootElements().add(aiBom); - } - private static void usage() { System.out.println("Generates an SPDX JSON-LD file containing all of the supported classes."); System.out.println("Usage: FullSpdxV3Example outputfile"); diff --git a/examples/org/spdx/examples/SpdxExtensionExample.java b/examples/org/spdx/examples/SpdxExtensionExample.java new file mode 100644 index 0000000..135a80e --- /dev/null +++ b/examples/org/spdx/examples/SpdxExtensionExample.java @@ -0,0 +1,28 @@ +package org.spdx.examples; + +import org.spdx.core.IModelCopyManager; +import org.spdx.core.InvalidSPDXAnalysisException; +import org.spdx.library.model.v3_0_1.extension.Extension; +import org.spdx.storage.IModelStore; +import org.spdx.storage.PropertyDescriptor; + +import javax.annotation.Nullable; +import java.util.Optional; + +public class SpdxExtensionExample extends Extension { + + static final PropertyDescriptor EXTENSION_PROPERTY_DESCRIPTOR = new PropertyDescriptor("extensionProp", "https://my/extension/namespace/"); + + public SpdxExtensionExample(IModelStore modelStore, String objectUri, @Nullable IModelCopyManager copyManager, boolean create, String idPrefix) throws InvalidSPDXAnalysisException { + super(modelStore, objectUri, copyManager, create, idPrefix); + } + + public SpdxExtensionExample setExtensionProperty(String value) throws InvalidSPDXAnalysisException { + setPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR, value); + return this; + } + + public Optional getExtensionProperty() throws InvalidSPDXAnalysisException { + return getStringPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR); + } +} diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index d4d050d..10a91ca 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -54,9 +54,9 @@ public class Verify { static final int MIN_ARGS = 1; static final int MAX_ARGS = 2; static final int ERROR_STATUS = 1; - private static final String JSON_SCHEMA_RESOURCE_V2_3 = "resources/spdx-schema-v2.3.json"; - private static final String JSON_SCHEMA_RESOURCE_V2_2 = "resources/spdx-schema-v2.2.json"; - private static final String JSON_SCHEMA_RESOURCE_V3 = "resources/spdx-schema-v3.0.1.json"; + public static final String JSON_SCHEMA_RESOURCE_V2_3 = "resources/spdx-schema-v2.3.json"; + public static final String JSON_SCHEMA_RESOURCE_V2_2 = "resources/spdx-schema-v2.2.json"; + public static final String JSON_SCHEMA_RESOURCE_V3 = "resources/spdx-schema-v3.0.1.json"; static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); From 5d1ce1f12e5481bd4d28749cdfa14f102dae59f0 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Mon, 27 Oct 2025 12:13:13 -0700 Subject: [PATCH 58/94] Update com.networknt:json-schema-validator from 1.5.9 to 2.0.0 Includes updates for breaking changes to the API --- pom.xml | 2 +- src/main/java/org/spdx/tools/Verify.java | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/pom.xml b/pom.xml index a47a2b1..7c55138 100644 --- a/pom.xml +++ b/pom.xml @@ -148,7 +148,7 @@ com.networknt json-schema-validator - 1.5.9 + 2.0.0 org.slf4j diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index 10a91ca..b19d119 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -40,10 +40,10 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; -import com.networknt.schema.JsonSchema; -import com.networknt.schema.JsonSchemaFactory; -import com.networknt.schema.SpecVersion.VersionFlag; -import com.networknt.schema.ValidationMessage; +import com.networknt.schema.Schema; +import com.networknt.schema.SchemaRegistry; +import com.networknt.schema.SpecificationVersion; +import com.networknt.schema.Error; /** * Verifies an SPDX document and lists any verification errors @@ -172,17 +172,18 @@ public static List verify(String filePath, SerFileType fileType) throws } else { jsonSchemaResource = JSON_SCHEMA_RESOURCE_V3; } - JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); - JsonSchema schema; + SchemaRegistry schemaRegistry = + SchemaRegistry.withDefaultDialect(SpecificationVersion.DRAFT_2020_12); + Schema schema; try (InputStream is = Verify.class.getResourceAsStream("/" + jsonSchemaResource)) { - schema = jsonSchemaFactory.getSchema(is); + schema = schemaRegistry.getSchema(is); } JsonNode root; try (InputStream is = new FileInputStream(file)) { root = JSON_MAPPER.readTree(is); } - Set messages = schema.validate(root); - for (ValidationMessage msg:messages) { + List messages = schema.validate(root); + for (Error msg:messages) { retval.add(msg.toString()); } } catch (IOException e) { From 63ebf7d7e8e6d447de6c1defb6a4ef57aedf9f97 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Sun, 2 Nov 2025 23:34:26 +0000 Subject: [PATCH 59/94] README: Update link of SPDX Online Tools - Updated label of link to SPDX Online Tools - Updated SPDX Tools version references from 2.0.1 to 2.0.2 in examples Signed-off-by: Arthit Suriyawongkul --- README.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 2037d3b..e1258bf 100644 --- a/README.md +++ b/README.md @@ -54,18 +54,18 @@ The following converter tools support SPDX format: Example to convert a SPDX file from Tag to RDF format: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: * use the file extension `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD + java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities @@ -75,13 +75,13 @@ The following tools can be used to compare one or more SPDX documents: Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - java -jar tools-java-2.0.1-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.2-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN * CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.1-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.2-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer @@ -91,7 +91,7 @@ The following tool can be used to "Pretty Print" an SPDX document. Sample usage: - java -jar tools-java-2.0.1-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.2-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier @@ -101,7 +101,7 @@ The following tool can be used to verify an SPDX document: Sample usage: - java -jar tools-java-2.0.1-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.2-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators @@ -111,11 +111,13 @@ The following tool can be used to generate an SPDX verification code from a dire Sample usage: - java -jar tools-java-2.0.1-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.2-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool -The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. The [SPDX Validation Tool](https://tools.spdx.org/app/validate/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. +The SPDX Workgroup provides an online interface to validate, compare, and convert SPDX documents in addition to the command line options above. + +The [SPDX Online Tools](https://tools.spdx.org/) is an all-in-one portal to upload and parse SPDX documents for validation, comparison and conversion and search the SPDX license list. ## License From 5be9011b2245d0eae332129f5487e30e2ef53841 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Nov 2025 16:22:45 +0000 Subject: [PATCH 60/94] Bump org.apache.ws.xmlschema:xmlschema-core from 2.3.1 to 2.3.2 Bumps org.apache.ws.xmlschema:xmlschema-core from 2.3.1 to 2.3.2. --- updated-dependencies: - dependency-name: org.apache.ws.xmlschema:xmlschema-core dependency-version: 2.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7c55138..be74737 100644 --- a/pom.xml +++ b/pom.xml @@ -107,7 +107,7 @@ org.apache.ws.xmlschema xmlschema-core - 2.3.1 + 2.3.2 junit From 4633af2817fb088de7aba3b0393745b28e583dd3 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 3 Nov 2025 19:25:35 +0000 Subject: [PATCH 61/94] Fix deprecated isLicenseCommmentsEquals (3 m) -> isLicenseCommentsEquals (2 m) Signed-off-by: Arthit Suriyawongkul --- src/main/java/org/spdx/tools/Verify.java | 1 - src/main/java/org/spdx/tools/compare/PackageSheet.java | 2 +- src/main/java/org/spdx/tools/compare/SnippetSheet.java | 2 +- testResources/sourcefiles/PackageSheet.java | 2 +- testResources/sourcefiles/SnippetSheet.java | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index b19d119..80b4f75 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -26,7 +26,6 @@ import java.util.ArrayList; import java.util.List; import java.util.Objects; -import java.util.Set; import com.fasterxml.jackson.core.JsonParseException; diff --git a/src/main/java/org/spdx/tools/compare/PackageSheet.java b/src/main/java/org/spdx/tools/compare/PackageSheet.java index 67a6159..f0c5c5e 100644 --- a/src/main/java/org/spdx/tools/compare/PackageSheet.java +++ b/src/main/java/org/spdx/tools/compare/PackageSheet.java @@ -296,7 +296,7 @@ private void addPackageToSheet(SpdxPackageComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/src/main/java/org/spdx/tools/compare/SnippetSheet.java b/src/main/java/org/spdx/tools/compare/SnippetSheet.java index 6f50d6c..d7ea26d 100644 --- a/src/main/java/org/spdx/tools/compare/SnippetSheet.java +++ b/src/main/java/org/spdx/tools/compare/SnippetSheet.java @@ -196,7 +196,7 @@ private void addSnippetToSheet(SpdxSnippetComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/testResources/sourcefiles/PackageSheet.java b/testResources/sourcefiles/PackageSheet.java index c99e9f8..fddb1f0 100644 --- a/testResources/sourcefiles/PackageSheet.java +++ b/testResources/sourcefiles/PackageSheet.java @@ -294,7 +294,7 @@ private void addPackageToSheet(SpdxPackageComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); diff --git a/testResources/sourcefiles/SnippetSheet.java b/testResources/sourcefiles/SnippetSheet.java index e9a0c45..ebf81c6 100644 --- a/testResources/sourcefiles/SnippetSheet.java +++ b/testResources/sourcefiles/SnippetSheet.java @@ -196,7 +196,7 @@ private void addSnippetToSheet(SpdxSnippetComparer comparer, } Row licenseCommentRow = this.addRow(); licenseCommentRow.createCell(FIELD_COL).setCellValue(LICENSE_COMMENT_FIELD_TEXT); - if (comparer.isLicenseCommmentsEquals()) { + if (comparer.isLicenseCommentsEquals()) { setCellEqualValue(licenseCommentRow.createCell(EQUALS_COL), allDocsPresent); } else { setCellDifferentValue(licenseCommentRow.createCell(EQUALS_COL)); From e6ffecf0c97d0681cfbd1726e9fb083adc31d0b3 Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 3 Nov 2025 19:35:13 +0000 Subject: [PATCH 62/94] Add javadoc for SpdxToolsHelper Signed-off-by: Arthit Suriyawongkul --- .../java/org/spdx/tools/SpdxToolsHelper.java | 33 ++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index b7127d3..dfa9402 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -58,6 +58,9 @@ */ public class SpdxToolsHelper { + /** + * Supported serialization file types + */ public enum SerFileType { JSON, RDFXML, XML, XLS, XLSX, YAML, TAG, RDFTTL, JSONLD } @@ -84,6 +87,9 @@ public enum SerFileType { } /** + * Determine the appropriate in memory based model store which supports + * serialization for the fileType + * * @param fileType * file type for the store * @return the appropriate in memory based model store which supports @@ -129,6 +135,8 @@ public static ISerializableModelStore fileTypeToStore(SerFileType fileType) } /** + * Determine the file type based on the file name and extension + * * @param file * @return the file type based on the file name and file extension * @throws InvalidFileNameException @@ -188,6 +196,8 @@ public static SerFileType fileToFileType(File file) } /** + * Determine the file type based on the file extension or string + * * @param str * @return the file type based on the file extension or string */ @@ -197,6 +207,9 @@ public static SerFileType strToFileType(String str) { } /** + * Deserializes an SPDX document from a file, + * compatible with SPDX version 2 + * * @param file * file containing an SPDX document with the standard file * extension for the serialization formats @@ -215,6 +228,9 @@ public static SpdxDocument deserializeDocumentCompatV2(File file) return readDocumentFromFileCompatV2(store, file); } /** + * Deserializes an SPDX document from a file, + * compatible with SPDX version 2 + * * @param file * file containing an SPDX document in one of the supported * SerFileTypes @@ -235,6 +251,8 @@ public static SpdxDocument deserializeDocumentCompatV2(File file, } /** + * Deserializes an SPDX document from a file + * * @param file * file containing an SPDX document with the standard file * extension for the serialization formats @@ -253,6 +271,8 @@ public static org.spdx.library.model.v3_0_1.core.SpdxDocument deserializeDocumen return readDocumentFromFileV3(store, file); } /** + * Deserializes an SPDX document from a file + * * @param file * file containing an SPDX document in one of the supported * SerFileTypes @@ -308,6 +328,8 @@ public static void deserializeFile(ISerializableModelStore store, File file) thr } /** + * Is the store supporting SPDX version 3 + * * @param store model store * @return true of the model store support SPDX spec version 3 */ @@ -316,6 +338,8 @@ public static boolean supportsV3(ISerializableModelStore store) { } /** + * Is the store supporting SPDX version 2 + * * @param store model store * @return true of the model store support SPDX spec version 2 */ @@ -358,7 +382,9 @@ public static CoreModelObject readDocumentFromFile(ISerializableModelStore store } /** - * Reads an SPDX Document from a file + * Reads an SPDX Document from a file, + * compatible with SPDX version 2 + * * @param store Store where the document is to be stored * @param file File to read the store from * @return SPDX Document from the store @@ -375,6 +401,8 @@ public static SpdxDocument readDocumentFromFileCompatV2(ISerializableModelStore } /** + * Gets an SPDX document from the model store + * * @param store model store * @return returns a document if a single document is found in the model store * @throws InvalidSPDXAnalysisException @@ -395,6 +423,9 @@ public static org.spdx.library.model.v3_0_1.core.SpdxDocument getDocFromStore(IS } /** + * Gets an SPDX document from the model store, + * compatible with SPDX version 2 + * * @param store model store * @return returns a document if a single document is found in the model store * @throws InvalidSPDXAnalysisException From 9de3ae23b079a369da46a4c25ad542cf90a8c409 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Thu, 6 Nov 2025 17:26:26 -0800 Subject: [PATCH 63/94] Fix full SPDX example Various fixes including removing duplicate SPDX IDs Added ExpandedLicensingExample Signed-off-by: Gary O'Neall --- .../examples/ExpandedLicenseExampleV3.java | 180 ++++++++++++++++++ .../org/spdx/examples/FullSpdxV3Example.java | 108 ++++++----- .../spdx/examples/SpdxExtensionExample.java | 9 + 3 files changed, 251 insertions(+), 46 deletions(-) create mode 100644 examples/org/spdx/examples/ExpandedLicenseExampleV3.java diff --git a/examples/org/spdx/examples/ExpandedLicenseExampleV3.java b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java new file mode 100644 index 0000000..573bdde --- /dev/null +++ b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java @@ -0,0 +1,180 @@ +package org.spdx.examples; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.networknt.schema.Error; +import com.networknt.schema.Schema; +import com.networknt.schema.SchemaRegistry; +import com.networknt.schema.SpecificationVersion; +import org.spdx.core.DefaultModelStore; +import org.spdx.core.IModelCopyManager; +import org.spdx.library.LicenseInfoFactory; +import org.spdx.library.ModelCopyManager; +import org.spdx.library.SpdxModelFactory; +import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; +import org.spdx.library.model.v3_0_1.core.CreationInfo; +import org.spdx.library.model.v3_0_1.core.Element; +import org.spdx.library.model.v3_0_1.core.ProfileIdentifierType; +import org.spdx.library.model.v3_0_1.core.SpdxDocument; +import org.spdx.library.model.v3_0_1.expandedlicensing.ExtendableLicense; +import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; +import org.spdx.storage.IModelStore; +import org.spdx.storage.simple.InMemSpdxStore; +import org.spdx.tools.Verify; +import org.spdx.v3jsonldstore.JsonLDStore; + +import java.io.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; + +/** + * Simple example serializing a single expanded license + */ +public class ExpandedLicenseExampleV3 { + + static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); + + /** + * @param args args[0] is the file path for the output serialized file + */ + public static void main(String[] args) throws Exception { + if (args.length != 1) { + usage(); + System.exit(1); + } + File outFile = new File(args[0]); + if (outFile.exists()) { + System.out.printf("%s already exists.\n", args[0]); + System.exit(1); + } + if (!outFile.createNewFile()) { + System.out.printf("Unable to create file %s\n", args[0]); + System.exit(1); + } + if (!outFile.canWrite()) { + System.out.printf("Can not write to file %s\n", args[0]); + System.exit(1); + } + SpdxModelFactory.init(); + IModelCopyManager copyManager = new ModelCopyManager(); + try (JsonLDStore modelStore = new JsonLDStore(new InMemSpdxStore())) { + modelStore.setUseExternalListedElements(true); // setting this to false will include all the listed license details in the document + String defaultDocUri = "https://spdx.github.io/spdx-spec/v3.0.1/examples/complex-license-eaa46bdcfa20"; + String prefix = defaultDocUri + "#"; + DefaultModelStore.initialize(modelStore, defaultDocUri, copyManager); + CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( + modelStore, prefix + "garyagent", "Gary O'Neall", + copyManager); + SpdxDocument doc = creationInfo.createSpdxDocument(prefix + "document") + .setDataLicense(LicenseInfoFactory.getListedLicenseById("CC0")) + .addNamespaceMap(creationInfo.createNamespaceMap(modelStore.getNextId(IModelStore.IdType.Anonymous)) + .setNamespace(prefix) + .setPrefix("example") + .build()) + .addProfileConformance(ProfileIdentifierType.CORE) + .addProfileConformance(ProfileIdentifierType.SOFTWARE) + .addProfileConformance(ProfileIdentifierType.EXPANDED_LICENSING) + .build(); + doc.setIdPrefix(prefix); + AnyLicenseInfo complexLicense = doc.createConjunctiveLicenseSet(prefix + "complexlicense") + // CustomLicense + .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense1") + .setLicenseText("This is the license text for my custom license") + .setName("Gary's Custom License") + .addSeeAlso("https://example.com") + .build()) + // OrLaterOperator + .addMember(doc.createOrLaterOperator(prefix + "complexorlater") + // ListedLicense + .setSubjectLicense(doc.createListedLicense("http://spdx.org/licenses/EPL-1.0") + .setName("Eclipse Public License 1.0") + .setLicenseText("Eclipse Public License - v 1.0\n\nTHE ACCOMPANYING PROGRAM IS PROVIDED" + + " UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION " + + "OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENTS ACCEPTANCE OF THIS AGREEMENT.\n\n1. " + + "DEFINITIONS\n\n\"Contribution\" means:\n a) in the case of the initial Contributor...") + .setIsFsfLibre(true) + .setComment("EPL replaced the CPL on 28 June 2005.") + .addSeeAlso("https://opensource.org/licenses/EPL-1.0") + .build()) + .build()) + // DisjunctiveLicenseSet + .addMember(doc.createDisjunctiveLicenseSet(prefix + "complexdisjunctive") + // WithAdditionOperator + .addMember(doc.createWithAdditionOperator(prefix + "complexwith") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("GPL-2.0-or-later")) + // ListedLicenseException + .setSubjectAddition(doc.createListedLicenseException("http://spdx.org/licenses/Autoconf-exception-2.0") + .setName("Autoconf exception 2.0") + .setComment("Typically used with GPL-2.0-only or GPL-2.0-or-later") + .setAdditionText("As a special exception, the Free Software Foundation gives unlimited " + + "permission to copy, distribute and modify the ...") + .addSeeAlso("http://ftp.gnu.org/gnu/autoconf/autoconf-2.59.tar.gz") + .build()) + .build()) + .addMember(doc.createWithAdditionOperator(prefix + "complexwithcustomaddition") + .setSubjectExtendableLicense((ExtendableLicense) LicenseInfoFactory.parseSPDXLicenseString("Apache-2.0")) + // CustomLicenseAddition + .setSubjectAddition(doc.createCustomLicenseAddition(prefix + "complexcustomaddition") + .setName("My License Addition") + .setAdditionText("Custom addition text - just for me") + .addSeeAlso("https://example.com") + .build()) + .build()) + // ExtendableLicense - Abstract + // IndividualLicensingInfo - used by listed license + // License - Abstract + .addMember(LicenseInfoFactory.parseSPDXLicenseString("MIT")) + .build()) + .build(); + doc.getRootElements().add(complexLicense); + doc.getElements().add(complexLicense); + List warnings = new ArrayList<>(); + Collection docElements = doc.getElements(); + SpdxModelFactory.getSpdxObjects(modelStore, copyManager, null, null, prefix).forEach( + modelObject -> { + if (modelObject instanceof Element) { + Element element = (Element)modelObject; + if (!docElements.contains(element) && !element.equals(doc)) { + warnings.add("Element not in the document elements: " + element.getObjectUri()); + docElements.add(element); + } + } + } + ); + warnings.addAll(complexLicense.verify()); + try (OutputStream outStream = new FileOutputStream(outFile)) { + modelStore.serialize(outStream, doc); + } + SchemaRegistry schemaRegistry = + SchemaRegistry.withDefaultDialect(SpecificationVersion.DRAFT_2020_12); + Schema schema; + try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { + schema = schemaRegistry.getSchema(is); + } + JsonNode root; + try (InputStream is = new FileInputStream(outFile)) { + root = JSON_MAPPER.readTree(is); + } + List messages = schema.validate(root); + for (Error msg:messages) { + warnings.add(msg.toString()); + } + if (!warnings.isEmpty()) { + System.out.println("Generated document contains the following warnings:"); + for (String warning:warnings) { + System.out.print("\t"); + System.out.println(warning); + } + } + } + } + + private static void usage() { + System.out.println("Generates an SPDX JSON-LD file containing all of the supported classes."); + System.out.println("Usage: FullSpdxV3Example outputfile"); + } +} diff --git a/examples/org/spdx/examples/FullSpdxV3Example.java b/examples/org/spdx/examples/FullSpdxV3Example.java index 2a42eb6..25dee99 100644 --- a/examples/org/spdx/examples/FullSpdxV3Example.java +++ b/examples/org/spdx/examples/FullSpdxV3Example.java @@ -1,13 +1,12 @@ package org.spdx.examples; - import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; -import com.networknt.schema.JsonSchema; -import com.networknt.schema.JsonSchemaFactory; -import com.networknt.schema.SpecVersion; -import com.networknt.schema.ValidationMessage; +import com.networknt.schema.Error; +import com.networknt.schema.Schema; +import com.networknt.schema.SchemaRegistry; +import com.networknt.schema.SpecificationVersion; import org.spdx.core.DefaultModelStore; import org.spdx.core.IModelCopyManager; import org.spdx.core.InvalidSPDXAnalysisException; @@ -26,7 +25,6 @@ import org.spdx.library.model.v3_0_1.dataset.DatasetPackage; import org.spdx.library.model.v3_0_1.dataset.DatasetType; import org.spdx.library.model.v3_0_1.expandedlicensing.ExtendableLicense; -import org.spdx.library.model.v3_0_1.extension.Extension; import org.spdx.library.model.v3_0_1.security.*; import org.spdx.library.model.v3_0_1.simplelicensing.AnyLicenseInfo; import org.spdx.library.model.v3_0_1.simplelicensing.SimpleLicensingText; @@ -39,9 +37,7 @@ import java.io.*; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; -import java.util.ArrayList; -import java.util.List; -import java.util.Set; +import java.util.*; import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; @@ -61,10 +57,9 @@ public class FullSpdxV3Example { static final ObjectMapper JSON_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT); static class ExampleBuilder { - private String prefix = null; - private SpdxDocument doc = null; + private final String prefix; + private final SpdxDocument doc; private Sbom sBom = null; - private Bom aiBom = null; private SpdxPackage pkg = null; public ExampleBuilder(String prefix, SpdxDocument doc) { @@ -88,17 +83,19 @@ private String getNextAnonId() throws InvalidSPDXAnalysisException { } private void addExtensionClasses() throws InvalidSPDXAnalysisException { - // SpdxExtensionExample extension = new SpdxExtensionExample(doc.getModelStore(), prefix + "extension", doc.getCopyManager(), true, prefix); - // This currently causes a schema validation issue and depends on a fix in the v3JsonLD store - // extension.setExtensionProperty("Extension property value"); - // TODO: Add this back in after validation issues are addressed - Extension extension = doc.createCdxPropertiesExtension(prefix + "extension") + //TODO: The following is causing a schema validation error - uncomment when resolved +// ModelRegistry.getModelRegistry().registerExtensionType("Extension.example", +// SpdxExtensionExample.class); +// SpdxExtensionExample extension = new SpdxExtensionExample(doc.getModelStore(), +// prefix + "extension", doc.getCopyManager(), true, prefix); +// extension.setExtensionProperty("Extension property value"); +// doc.getExtensions().add(extension); + doc.getExtensions().add(doc.createCdxPropertiesExtension(getNextAnonId()) .addCdxProperty(doc.createCdxPropertyEntry(getNextAnonId()) - .setCdxPropName("cdxProperty") - .setCdxPropValue("value") + .setCdxPropName("CDXProperty") + .setCdxPropValue("Property Value") .build()) - .build(); - doc.getExtensions().add(extension); + .build()); } private void addBuildClasses() throws InvalidSPDXAnalysisException { @@ -173,7 +170,7 @@ private void addExpandedLicensingClasses() throws InvalidSPDXAnalysisException // ConjunctiveLicenseSet AnyLicenseInfo complexLicense = doc.createConjunctiveLicenseSet(prefix + "complexlicense") // CustomLicense - .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense1") + .addMember(doc.createCustomLicense(prefix + "LicenseRef-customlicense3") .setLicenseText("This is the license text for my custom license") .setName("Gary's Custom License") .addSeeAlso("https://example.com") @@ -181,7 +178,7 @@ private void addExpandedLicensingClasses() throws InvalidSPDXAnalysisException // OrLaterOperator .addMember(doc.createOrLaterOperator(prefix + "complexorlater") // ListedLicense - .setSubjectLicense(doc.createListedLicense("https://spdx.org/licenses/EPL-1.0") + .setSubjectLicense(doc.createListedLicense("http://spdx.org/licenses/EPL-1.0") .setName("Eclipse Public License 1.0") .setLicenseText("Eclipse Public License - v 1.0\n\nTHE ACCOMPANYING PROGRAM IS PROVIDED" + " UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION " + @@ -378,20 +375,20 @@ private void addSecurityClasses() throws InvalidSPDXAnalysisException { // ExploitCatalogVulnAssessmentRelationship //TODO: The schema has "locator" for the field while the generated Java code has "securityLocator" //Need to regenerate the library then uncomment the example below -// ExploitCatalogVulnAssessmentRelationship excat = doc.createExploitCatalogVulnAssessmentRelationship(prefix + "exploitcat") -// .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) -// .setFrom(vuln) -// .addTo(log4j) -// .setCatalogType(ExploitCatalogType.KEV) -// .setSecurityLocator("https://www.cisa.gov/known-exploited-vulnerabilities-catalog") -// .setExploited(true) -// .setAssessedElement(log4j) -// .setSuppliedBy(supplierAgent) -// .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) -// .format(SPDX_DATE_FORMATTER)) -// .build(); -// doc.getElements().add(excat); -// securityBundle.getElements().add(excat); + ExploitCatalogVulnAssessmentRelationship excat = doc.createExploitCatalogVulnAssessmentRelationship(prefix + "exploitcat") + .setRelationshipType(RelationshipType.HAS_ASSESSMENT_FOR) + .setFrom(vuln) + .addTo(log4j) + .setCatalogType(ExploitCatalogType.KEV) + .setSecurityLocator("https://www.cisa.gov/known-exploited-vulnerabilities-catalog") + .setExploited(true) + .setAssessedElement(log4j) + .setSuppliedBy(supplierAgent) + .setPublishedTime(LocalDateTime.of(2023, 9, 18, 0, 0) + .format(SPDX_DATE_FORMATTER)) + .build(); + doc.getElements().add(excat); + securityBundle.getElements().add(excat); // SsvcVulnAssessmentRelationship SsvcVulnAssessmentRelationship ssvs = doc.createSsvcVulnAssessmentRelationship(prefix + "ssvs") @@ -527,7 +524,6 @@ private void addCoreClasses() throws InvalidSPDXAnalysisException { .addLocator("org.spdx:tools-java") .build()) .build()); - } private void addSoftwareClasses() throws InvalidSPDXAnalysisException { @@ -668,7 +664,7 @@ private void addSoftwareClasses() throws InvalidSPDXAnalysisException { } private void addAIandDataClasses() throws InvalidSPDXAnalysisException { - aiBom = doc.createBom(prefix + "aibom") + Bom aiBom = doc.createBom(prefix + "aibom") .setName("AI SBOM") .addProfileConformance(ProfileIdentifierType.CORE) .addProfileConformance(ProfileIdentifierType.SOFTWARE) @@ -758,6 +754,8 @@ private void addAIandDataClasses() throws InvalidSPDXAnalysisException { .addTo(aiPackage) .setCompleteness(RelationshipCompleteness.INCOMPLETE) .build(); + doc.getElements().add(usesData); + aiBom.getElements().add(usesData); } } @@ -809,22 +807,40 @@ public static void main(String[] args) throws Exception { doc.setIdPrefix(prefix); ExampleBuilder builder = new ExampleBuilder(prefix, doc); builder.build(); + List warnings = new ArrayList<>(); + // Add all the elements to the doc to make sure everything gets serialized + Collection docElements = doc.getElements(); + SpdxModelFactory.getSpdxObjects(modelStore, copyManager, null, null, prefix).forEach( + modelObject -> { + if (modelObject instanceof Element) { + Element element = (Element)modelObject; + if (!docElements.contains(element) && !element.equals(doc)) { + warnings.add("Element not in the document elements: " + element.getObjectUri()); + docElements.add(element); + } + } + } + ); - List warnings = doc.verify(); + // Verify using the SPDX Java Library + warnings.addAll(doc.verify()); try (OutputStream outStream = new FileOutputStream(outFile)) { - modelStore.serialize(outStream); + modelStore.serialize(outStream, doc); } - JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V202012); - JsonSchema schema; + + // Validate using the schema + SchemaRegistry schemaRegistry = + SchemaRegistry.withDefaultDialect(SpecificationVersion.DRAFT_2020_12); + Schema schema; try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { - schema = jsonSchemaFactory.getSchema(is); + schema = schemaRegistry.getSchema(is); } JsonNode root; try (InputStream is = new FileInputStream(outFile)) { root = JSON_MAPPER.readTree(is); } - Set messages = schema.validate(root); - for (ValidationMessage msg:messages) { + List messages = schema.validate(root); + for (Error msg:messages) { warnings.add(msg.toString()); } if (!warnings.isEmpty()) { diff --git a/examples/org/spdx/examples/SpdxExtensionExample.java b/examples/org/spdx/examples/SpdxExtensionExample.java index 135a80e..f75d8c9 100644 --- a/examples/org/spdx/examples/SpdxExtensionExample.java +++ b/examples/org/spdx/examples/SpdxExtensionExample.java @@ -17,6 +17,10 @@ public SpdxExtensionExample(IModelStore modelStore, String objectUri, @Nullable super(modelStore, objectUri, copyManager, create, idPrefix); } + public SpdxExtensionExample(IModelStore modelStore, String objectUri, @Nullable IModelCopyManager copyManager, boolean create, String specVersion, String idPrefix) throws InvalidSPDXAnalysisException { + super(modelStore, objectUri, copyManager, create, idPrefix); + } + public SpdxExtensionExample setExtensionProperty(String value) throws InvalidSPDXAnalysisException { setPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR, value); return this; @@ -25,4 +29,9 @@ public SpdxExtensionExample setExtensionProperty(String value) throws InvalidSPD public Optional getExtensionProperty() throws InvalidSPDXAnalysisException { return getStringPropertyValue(EXTENSION_PROPERTY_DESCRIPTOR); } + + @Override + public String getType() { + return "Extension.example"; + } } From d5a923a0875a9092b45e8f63e083f1d42911e4c4 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Fri, 7 Nov 2025 11:59:34 -0800 Subject: [PATCH 64/94] Add missing file copyright notice Co-authored-by: Arthit Suriyawongkul --- examples/org/spdx/examples/ExpandedLicenseExampleV3.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/examples/org/spdx/examples/ExpandedLicenseExampleV3.java b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java index 573bdde..030b1b2 100644 --- a/examples/org/spdx/examples/ExpandedLicenseExampleV3.java +++ b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java @@ -1,3 +1,12 @@ +/** + * SPDX-FileContributor: Gary O'Neall + * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + * + * Example of serializing a single expanded license + */ + package org.spdx.examples; import com.fasterxml.jackson.databind.JsonNode; From f6cf5a9573a07ab1bcaf738391e1e077fc52ad12 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Fri, 7 Nov 2025 11:59:49 -0800 Subject: [PATCH 65/94] Add missing file copyright notice Co-authored-by: Arthit Suriyawongkul --- examples/org/spdx/examples/FullSpdxV3Example.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/examples/org/spdx/examples/FullSpdxV3Example.java b/examples/org/spdx/examples/FullSpdxV3Example.java index 25dee99..fd1b269 100644 --- a/examples/org/spdx/examples/FullSpdxV3Example.java +++ b/examples/org/spdx/examples/FullSpdxV3Example.java @@ -1,3 +1,12 @@ +/** + * SPDX-FileContributor: Gary O'Neall + * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. + * SPDX-FileType: SOURCE + * SPDX-License-Identifier: Apache-2.0 + * + * Full example of an SPDX document using all classes + */ + package org.spdx.examples; import com.fasterxml.jackson.databind.JsonNode; From c17e8333f8e7369a51fb01416689b17fd65569fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 17:40:53 +0000 Subject: [PATCH 66/94] Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 Bumps [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) from 3.1.1 to 3.2.0. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.1.1...maven-release-3.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index be74737..279090a 100644 --- a/pom.xml +++ b/pom.xml @@ -354,7 +354,7 @@ org.apache.maven.plugins maven-release-plugin - 3.1.1 + 3.2.0 v@{project.version} release From 0ebc386130c9a818cc7f8e75445720e5f9b8abd7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 17:40:59 +0000 Subject: [PATCH 67/94] Bump commons-io:commons-io from 2.20.0 to 2.21.0 Bumps [commons-io:commons-io](https://github.com/apache/commons-io) from 2.20.0 to 2.21.0. - [Changelog](https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt) - [Commits](https://github.com/apache/commons-io/compare/rel/commons-io-2.20.0...rel/commons-io-2.21.0) --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-version: 2.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 279090a..27ae85d 100644 --- a/pom.xml +++ b/pom.xml @@ -97,7 +97,7 @@ commons-io commons-io - 2.20.0 + 2.21.0 org.apache.commons From 7a2ea0fb8542a7e86d39a864253b29f1fbecc84e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Nov 2025 16:01:13 +0000 Subject: [PATCH 68/94] Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 Bumps [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) from 12.1.8 to 12.1.9. - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/dependency-check/DependencyCheck/compare/v12.1.8...v12.1.9) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.1.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 27ae85d..7335130 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ https://sonarcloud.io spdx tools-java - 12.1.8 + 12.1.9 11 -Xdoclint:none From 3bee0a45fea5223894f9d2d8cd52fe5c9c4a30cb Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Thu, 6 Nov 2025 17:31:05 -0800 Subject: [PATCH 69/94] Add faster schema Reference: https://github.com/JPEWdev/shacl2code/pull/56 Signed-off-by: Gary O'Neall --- resources/spdx-schema-v3.0.1.json | 4416 +++++++++++++++++------------ 1 file changed, 2606 insertions(+), 1810 deletions(-) diff --git a/resources/spdx-schema-v3.0.1.json b/resources/spdx-schema-v3.0.1.json index 5a030b4..13f4636 100644 --- a/resources/spdx-schema-v3.0.1.json +++ b/resources/spdx-schema-v3.0.1.json @@ -10,42 +10,56 @@ }, "required": ["@context"], - "oneOf": [ - { - "type": "object", - "properties": { - "@graph": { - "description": "Top level container for JSON-LD objects", - "type": "array", - "items": { - "type": "object", - "$ref": "#/$defs/AnyClass", - "unevaluatedProperties": false - } + "if": { + "type": "object", + "required": ["@graph"] + }, + "then": { + "type": "object", + "properties": { + "@graph": { + "description": "Top level container for JSON-LD objects", + "type": "array", + "items": { + "type": "object", + "$ref": "#/$defs/AnyClass", + "unevaluatedProperties": false } - }, - "required": ["@graph"] + } }, - { "$ref": "#/$defs/AnyClass" } - ], + "required": ["@graph"] + }, + "else": { + "$ref": "#/$defs/AnyClass" + }, "unevaluatedProperties": false, "$defs": { "ai_EnergyConsumption": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyConsumption" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyConsumption" } }, - { "$ref": "#/$defs/ai_EnergyConsumption_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyConsumption_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyConsumption" + } }, "ai_EnergyConsumption_derived": { "anyOf": [ @@ -66,7 +80,7 @@ "type": "object", "properties": { "ai_finetuningEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -76,7 +90,7 @@ ] }, "ai_inferenceEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -86,7 +100,7 @@ ] }, "ai_trainingEnergyConsumption": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -100,29 +114,39 @@ ] }, "prop_ai_EnergyConsumption_ai_finetuningEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_inferenceEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "prop_ai_EnergyConsumption_ai_trainingEnergyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" + "$ref": "#/$defs/ai_EnergyConsumptionDescription_derived" }, "ai_EnergyConsumptionDescription": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyConsumptionDescription" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyConsumptionDescription" } }, - { "$ref": "#/$defs/ai_EnergyConsumptionDescription_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyConsumptionDescription_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyConsumptionDescription" + } }, "ai_EnergyConsumptionDescription_derived": { "anyOf": [ @@ -157,38 +181,48 @@ ] }, "prop_ai_EnergyConsumptionDescription_ai_energyQuantity": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_ai_EnergyConsumptionDescription_ai_energyUnit": { - "enum": [ - "kilowattHour", - "megajoule", - "other" - ] + "enum": [ + "kilowattHour", + "megajoule", + "other" + ] }, "ai_EnergyUnitType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_EnergyUnitType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_EnergyUnitType" } }, - { "$ref": "#/$defs/ai_EnergyUnitType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_EnergyUnitType_props" } + ] + }, + "else": { + "const": "Not a ai_EnergyUnitType" + } }, "ai_EnergyUnitType_derived": { "anyOf": [ @@ -216,20 +250,30 @@ ] }, "ai_SafetyRiskAssessmentType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ai_SafetyRiskAssessmentType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_SafetyRiskAssessmentType" } }, - { "$ref": "#/$defs/ai_SafetyRiskAssessmentType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ai_SafetyRiskAssessmentType_props" } + ] + }, + "else": { + "const": "Not a ai_SafetyRiskAssessmentType" + } }, "ai_SafetyRiskAssessmentType_derived": { "anyOf": [ @@ -258,20 +302,30 @@ ] }, "AnnotationType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "AnnotationType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "AnnotationType" } }, - { "$ref": "#/$defs/AnnotationType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/AnnotationType_props" } + ] + }, + "else": { + "const": "Not a AnnotationType" + } }, "AnnotationType_derived": { "anyOf": [ @@ -298,20 +352,30 @@ ] }, "CreationInfo": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "CreationInfo" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "CreationInfo" } }, - { "$ref": "#/$defs/CreationInfo_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/CreationInfo_props" } + ] + }, + "else": { + "const": "Not a CreationInfo" + } }, "CreationInfo_derived": { "anyOf": [ @@ -338,7 +402,7 @@ "$ref": "#/$defs/prop_CreationInfo_created" }, "createdBy": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -349,7 +413,7 @@ ] }, "createdUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -371,44 +435,54 @@ ] }, "prop_CreationInfo_comment": { - "type": "string" + "type": "string" }, "prop_CreationInfo_created": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_CreationInfo_createdBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_CreationInfo_createdUsing": { - "$ref": "#/$defs/Tool_derived" + "$ref": "#/$defs/Tool_derived" }, "prop_CreationInfo_specVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "DictionaryEntry": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "DictionaryEntry" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "DictionaryEntry" } }, - { "$ref": "#/$defs/DictionaryEntry_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/DictionaryEntry_props" } + ] + }, + "else": { + "const": "Not a DictionaryEntry" + } }, "DictionaryEntry_derived": { "anyOf": [ @@ -442,10 +516,10 @@ ] }, "prop_DictionaryEntry_key": { - "type": "string" + "type": "string" }, "prop_DictionaryEntry_value": { - "type": "string" + "type": "string" }, "Element_derived": { "anyOf": [ @@ -520,7 +594,7 @@ "$ref": "#/$defs/prop_Element_description" }, "extension": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -530,7 +604,7 @@ ] }, "externalIdentifier": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -540,7 +614,7 @@ ] }, "externalRef": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -556,7 +630,7 @@ "$ref": "#/$defs/prop_Element_summary" }, "verifiedUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -573,31 +647,31 @@ ] }, "prop_Element_comment": { - "type": "string" + "type": "string" }, "prop_Element_creationInfo": { - "$ref": "#/$defs/CreationInfo_derived" + "$ref": "#/$defs/CreationInfo_derived" }, "prop_Element_description": { - "type": "string" + "type": "string" }, "prop_Element_extension": { - "$ref": "#/$defs/extension_Extension_derived" + "$ref": "#/$defs/extension_Extension_derived" }, "prop_Element_externalIdentifier": { - "$ref": "#/$defs/ExternalIdentifier_derived" + "$ref": "#/$defs/ExternalIdentifier_derived" }, "prop_Element_externalRef": { - "$ref": "#/$defs/ExternalRef_derived" + "$ref": "#/$defs/ExternalRef_derived" }, "prop_Element_name": { - "type": "string" + "type": "string" }, "prop_Element_summary": { - "type": "string" + "type": "string" }, "prop_Element_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ElementCollection_derived": { "anyOf": [ @@ -621,7 +695,7 @@ "type": "object", "properties": { "element": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -631,7 +705,7 @@ ] }, "profileConformance": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -641,7 +715,7 @@ ] }, "rootElement": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -655,40 +729,50 @@ ] }, "prop_ElementCollection_element": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_ElementCollection_profileConformance": { - "enum": [ - "ai", - "build", - "core", - "dataset", - "expandedLicensing", - "extension", - "lite", - "security", - "simpleLicensing", - "software" - ] + "enum": [ + "ai", + "build", + "core", + "dataset", + "expandedLicensing", + "extension", + "lite", + "security", + "simpleLicensing", + "software" + ] }, "prop_ElementCollection_rootElement": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "ExternalIdentifier": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalIdentifier" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalIdentifier" } }, - { "$ref": "#/$defs/ExternalIdentifier_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalIdentifier_props" } + ] + }, + "else": { + "const": "Not a ExternalIdentifier" + } }, "ExternalIdentifier_derived": { "anyOf": [ @@ -718,7 +802,7 @@ "$ref": "#/$defs/prop_ExternalIdentifier_identifier" }, "identifierLocator": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -739,47 +823,57 @@ ] }, "prop_ExternalIdentifier_comment": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_externalIdentifierType": { - "enum": [ - "cpe22", - "cpe23", - "cve", - "email", - "gitoid", - "other", - "packageUrl", - "securityOther", - "swhid", - "swid", - "urlScheme" - ] + "enum": [ + "cpe22", + "cpe23", + "cve", + "email", + "gitoid", + "other", + "packageUrl", + "securityOther", + "swhid", + "swid", + "urlScheme" + ] }, "prop_ExternalIdentifier_identifier": { - "type": "string" + "type": "string" }, "prop_ExternalIdentifier_identifierLocator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalIdentifier_issuingAuthority": { - "type": "string" + "type": "string" }, "ExternalIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalIdentifierType" } }, - { "$ref": "#/$defs/ExternalIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalIdentifierType_props" } + ] + }, + "else": { + "const": "Not a ExternalIdentifierType" + } }, "ExternalIdentifierType_derived": { "anyOf": [ @@ -815,20 +909,30 @@ ] }, "ExternalMap": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalMap" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalMap" } }, - { "$ref": "#/$defs/ExternalMap_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalMap_props" } + ] + }, + "else": { + "const": "Not a ExternalMap" + } }, "ExternalMap_derived": { "anyOf": [ @@ -858,7 +962,7 @@ "$ref": "#/$defs/prop_ExternalMap_locationHint" }, "verifiedUsing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -875,32 +979,42 @@ ] }, "prop_ExternalMap_definingArtifact": { - "$ref": "#/$defs/Artifact_derived" + "$ref": "#/$defs/Artifact_derived" }, "prop_ExternalMap_externalSpdxId": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_locationHint": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_ExternalMap_verifiedUsing": { - "$ref": "#/$defs/IntegrityMethod_derived" + "$ref": "#/$defs/IntegrityMethod_derived" }, "ExternalRef": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalRef" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalRef" } }, - { "$ref": "#/$defs/ExternalRef_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalRef_props" } + ] + }, + "else": { + "const": "Not a ExternalRef" + } }, "ExternalRef_derived": { "anyOf": [ @@ -930,7 +1044,7 @@ "$ref": "#/$defs/prop_ExternalRef_externalRefType" }, "locator": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -944,80 +1058,90 @@ ] }, "prop_ExternalRef_comment": { - "type": "string" + "type": "string" }, "prop_ExternalRef_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_ExternalRef_externalRefType": { - "enum": [ - "altDownloadLocation", - "altWebPage", - "binaryArtifact", - "bower", - "buildMeta", - "buildSystem", - "certificationReport", - "chat", - "componentAnalysisReport", - "cwe", - "documentation", - "dynamicAnalysisReport", - "eolNotice", - "exportControlAssessment", - "funding", - "issueTracker", - "license", - "mailingList", - "mavenCentral", - "metrics", - "npm", - "nuget", - "other", - "privacyAssessment", - "productMetadata", - "purchaseOrder", - "qualityAssessmentReport", - "releaseHistory", - "releaseNotes", - "riskAssessment", - "runtimeAnalysisReport", - "secureSoftwareAttestation", - "securityAdversaryModel", - "securityAdvisory", - "securityFix", - "securityOther", - "securityPenTestReport", - "securityPolicy", - "securityThreatModel", - "socialMedia", - "sourceArtifact", - "staticAnalysisReport", - "support", - "vcs", - "vulnerabilityDisclosureReport", - "vulnerabilityExploitabilityAssessment" - ] + "enum": [ + "altDownloadLocation", + "altWebPage", + "binaryArtifact", + "bower", + "buildMeta", + "buildSystem", + "certificationReport", + "chat", + "componentAnalysisReport", + "cwe", + "documentation", + "dynamicAnalysisReport", + "eolNotice", + "exportControlAssessment", + "funding", + "issueTracker", + "license", + "mailingList", + "mavenCentral", + "metrics", + "npm", + "nuget", + "other", + "privacyAssessment", + "productMetadata", + "purchaseOrder", + "qualityAssessmentReport", + "releaseHistory", + "releaseNotes", + "riskAssessment", + "runtimeAnalysisReport", + "secureSoftwareAttestation", + "securityAdversaryModel", + "securityAdvisory", + "securityFix", + "securityOther", + "securityPenTestReport", + "securityPolicy", + "securityThreatModel", + "socialMedia", + "sourceArtifact", + "staticAnalysisReport", + "support", + "vcs", + "vulnerabilityDisclosureReport", + "vulnerabilityExploitabilityAssessment" + ] }, "prop_ExternalRef_locator": { - "type": "string" + "type": "string" }, "ExternalRefType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ExternalRefType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ExternalRefType" } }, - { "$ref": "#/$defs/ExternalRefType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ExternalRefType_props" } + ] + }, + "else": { + "const": "Not a ExternalRefType" + } }, "ExternalRefType_derived": { "anyOf": [ @@ -1088,20 +1212,30 @@ ] }, "HashAlgorithm": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "HashAlgorithm" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "HashAlgorithm" } }, - { "$ref": "#/$defs/HashAlgorithm_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/HashAlgorithm_props" } + ] + }, + "else": { + "const": "Not a HashAlgorithm" + } }, "HashAlgorithm_derived": { "anyOf": [ @@ -1148,21 +1282,31 @@ ] }, "IndividualElement": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "IndividualElement" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "IndividualElement" + } }, - { "$ref": "#/$defs/IndividualElement_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/IndividualElement_props" } + ] + }, + "else": { + "const": "Not a IndividualElement" + } }, "IndividualElement_derived": { "anyOf": [ @@ -1216,23 +1360,33 @@ ] }, "prop_IntegrityMethod_comment": { - "type": "string" + "type": "string" }, "LifecycleScopeType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "LifecycleScopeType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "LifecycleScopeType" } }, - { "$ref": "#/$defs/LifecycleScopeType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/LifecycleScopeType_props" } + ] + }, + "else": { + "const": "Not a LifecycleScopeType" + } }, "LifecycleScopeType_derived": { "anyOf": [ @@ -1263,20 +1417,30 @@ ] }, "NamespaceMap": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "NamespaceMap" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "NamespaceMap" } }, - { "$ref": "#/$defs/NamespaceMap_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/NamespaceMap_props" } + ] + }, + "else": { + "const": "Not a NamespaceMap" + } }, "NamespaceMap_derived": { "anyOf": [ @@ -1311,26 +1475,36 @@ ] }, "prop_NamespaceMap_namespace": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_NamespaceMap_prefix": { - "type": "string" + "type": "string" }, "PackageVerificationCode": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PackageVerificationCode" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PackageVerificationCode" } }, - { "$ref": "#/$defs/PackageVerificationCode_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PackageVerificationCode_props" } + ] + }, + "else": { + "const": "Not a PackageVerificationCode" + } }, "PackageVerificationCode_derived": { "anyOf": [ @@ -1357,7 +1531,7 @@ "$ref": "#/$defs/prop_PackageVerificationCode_hashValue" }, "packageVerificationCodeExcludedFile": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1375,52 +1549,62 @@ ] }, "prop_PackageVerificationCode_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_PackageVerificationCode_hashValue": { - "type": "string" + "type": "string" }, "prop_PackageVerificationCode_packageVerificationCodeExcludedFile": { - "type": "string" + "type": "string" }, "PositiveIntegerRange": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PositiveIntegerRange" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PositiveIntegerRange" } }, - { "$ref": "#/$defs/PositiveIntegerRange_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PositiveIntegerRange_props" } + ] + }, + "else": { + "const": "Not a PositiveIntegerRange" + } }, "PositiveIntegerRange_derived": { "anyOf": [ @@ -1455,28 +1639,38 @@ ] }, "prop_PositiveIntegerRange_beginIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "prop_PositiveIntegerRange_endIntegerRange": { - "type": "integer", - "minimum": 1 + "type": "integer", + "minimum": 1 }, "PresenceType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "PresenceType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "PresenceType" } }, - { "$ref": "#/$defs/PresenceType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/PresenceType_props" } + ] + }, + "else": { + "const": "Not a PresenceType" + } }, "PresenceType_derived": { "anyOf": [ @@ -1504,20 +1698,30 @@ ] }, "ProfileIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "ProfileIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "ProfileIdentifierType" } }, - { "$ref": "#/$defs/ProfileIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/ProfileIdentifierType_props" } + ] + }, + "else": { + "const": "Not a ProfileIdentifierType" + } }, "ProfileIdentifierType_derived": { "anyOf": [ @@ -1552,21 +1756,31 @@ ] }, "Relationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Relationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Relationship" + } }, - { "$ref": "#/$defs/Relationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Relationship_props" } + ] + }, + "else": { + "const": "Not a Relationship" + } }, "Relationship_derived": { "anyOf": [ @@ -1613,7 +1827,7 @@ "$ref": "#/$defs/prop_Relationship_startTime" }, "to": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -1633,118 +1847,128 @@ ] }, "prop_Relationship_completeness": { - "enum": [ - "complete", - "incomplete", - "noAssertion" - ] + "enum": [ + "complete", + "incomplete", + "noAssertion" + ] }, "prop_Relationship_endTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_from_": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "prop_Relationship_relationshipType": { - "enum": [ - "affects", - "amendedBy", - "ancestorOf", - "availableFrom", - "configures", - "contains", - "coordinatedBy", - "copiedTo", - "delegatedTo", - "dependsOn", - "descendantOf", - "describes", - "doesNotAffect", - "expandsTo", - "exploitCreatedBy", - "fixedBy", - "fixedIn", - "foundBy", - "generates", - "hasAddedFile", - "hasAssessmentFor", - "hasAssociatedVulnerability", - "hasConcludedLicense", - "hasDataFile", - "hasDeclaredLicense", - "hasDeletedFile", - "hasDependencyManifest", - "hasDistributionArtifact", - "hasDocumentation", - "hasDynamicLink", - "hasEvidence", - "hasExample", - "hasHost", - "hasInput", - "hasMetadata", - "hasOptionalComponent", - "hasOptionalDependency", - "hasOutput", - "hasPrerequisite", - "hasProvidedDependency", - "hasRequirement", - "hasSpecification", - "hasStaticLink", - "hasTest", - "hasTestCase", - "hasVariant", - "invokedBy", - "modifiedBy", - "other", - "packagedBy", - "patchedBy", - "publishedBy", - "reportedBy", - "republishedBy", - "serializedInArtifact", - "testedOn", - "trainedOn", - "underInvestigationFor", - "usesTool" - ] + "enum": [ + "affects", + "amendedBy", + "ancestorOf", + "availableFrom", + "configures", + "contains", + "coordinatedBy", + "copiedTo", + "delegatedTo", + "dependsOn", + "descendantOf", + "describes", + "doesNotAffect", + "expandsTo", + "exploitCreatedBy", + "fixedBy", + "fixedIn", + "foundBy", + "generates", + "hasAddedFile", + "hasAssessmentFor", + "hasAssociatedVulnerability", + "hasConcludedLicense", + "hasDataFile", + "hasDeclaredLicense", + "hasDeletedFile", + "hasDependencyManifest", + "hasDistributionArtifact", + "hasDocumentation", + "hasDynamicLink", + "hasEvidence", + "hasExample", + "hasHost", + "hasInput", + "hasMetadata", + "hasOptionalComponent", + "hasOptionalDependency", + "hasOutput", + "hasPrerequisite", + "hasProvidedDependency", + "hasRequirement", + "hasSpecification", + "hasStaticLink", + "hasTest", + "hasTestCase", + "hasVariant", + "invokedBy", + "modifiedBy", + "other", + "packagedBy", + "patchedBy", + "publishedBy", + "reportedBy", + "republishedBy", + "serializedInArtifact", + "testedOn", + "trainedOn", + "underInvestigationFor", + "usesTool" + ] }, "prop_Relationship_startTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Relationship_to": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "RelationshipCompleteness": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "RelationshipCompleteness" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "RelationshipCompleteness" } }, - { "$ref": "#/$defs/RelationshipCompleteness_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/RelationshipCompleteness_props" } + ] + }, + "else": { + "const": "Not a RelationshipCompleteness" + } }, "RelationshipCompleteness_derived": { "anyOf": [ @@ -1772,20 +1996,30 @@ ] }, "RelationshipType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "RelationshipType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "RelationshipType" } }, - { "$ref": "#/$defs/RelationshipType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/RelationshipType_props" } + ] + }, + "else": { + "const": "Not a RelationshipType" + } }, "RelationshipType_derived": { "anyOf": [ @@ -1869,21 +2103,31 @@ ] }, "SpdxDocument": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "SpdxDocument" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "SpdxDocument" + } }, - { "$ref": "#/$defs/SpdxDocument_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/SpdxDocument_props" } + ] + }, + "else": { + "const": "Not a SpdxDocument" + } }, "SpdxDocument_derived": { "anyOf": [ @@ -1907,7 +2151,7 @@ "$ref": "#/$defs/prop_SpdxDocument_dataLicense" }, "import": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1917,7 +2161,7 @@ ] }, "namespaceMap": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -1931,29 +2175,39 @@ ] }, "prop_SpdxDocument_dataLicense": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "prop_SpdxDocument_import_": { - "$ref": "#/$defs/ExternalMap_derived" + "$ref": "#/$defs/ExternalMap_derived" }, "prop_SpdxDocument_namespaceMap": { - "$ref": "#/$defs/NamespaceMap_derived" + "$ref": "#/$defs/NamespaceMap_derived" }, "SupportType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "SupportType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "SupportType" } }, - { "$ref": "#/$defs/SupportType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/SupportType_props" } + ] + }, + "else": { + "const": "Not a SupportType" + } }, "SupportType_derived": { "anyOf": [ @@ -1985,21 +2239,31 @@ ] }, "Tool": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Tool" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Tool" + } }, - { "$ref": "#/$defs/Tool_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Tool_props" } + ] + }, + "else": { + "const": "Not a Tool" + } }, "Tool_derived": { "anyOf": [ @@ -2024,20 +2288,30 @@ ] }, "dataset_ConfidentialityLevelType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_ConfidentialityLevelType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_ConfidentialityLevelType" } }, - { "$ref": "#/$defs/dataset_ConfidentialityLevelType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_ConfidentialityLevelType_props" } + ] + }, + "else": { + "const": "Not a dataset_ConfidentialityLevelType" + } }, "dataset_ConfidentialityLevelType_derived": { "anyOf": [ @@ -2066,20 +2340,30 @@ ] }, "dataset_DatasetAvailabilityType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetAvailabilityType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetAvailabilityType" } }, - { "$ref": "#/$defs/dataset_DatasetAvailabilityType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_DatasetAvailabilityType_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetAvailabilityType" + } }, "dataset_DatasetAvailabilityType_derived": { "anyOf": [ @@ -2109,20 +2393,30 @@ ] }, "dataset_DatasetType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetType" } }, - { "$ref": "#/$defs/dataset_DatasetType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/dataset_DatasetType_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetType" + } }, "dataset_DatasetType_derived": { "anyOf": [ @@ -2192,7 +2486,7 @@ "$ref": "#/$defs/prop_expandedlicensing_LicenseAddition_expandedlicensing_obsoletedBy" }, "expandedlicensing_seeAlso": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -2212,39 +2506,49 @@ ] }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_additionText": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_isDeprecatedAdditionId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_LicenseAddition_expandedlicensing_standardAdditionTemplate": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicenseException": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ListedLicenseException" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ListedLicenseException" + } }, - { "$ref": "#/$defs/expandedlicensing_ListedLicenseException_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ListedLicenseException_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ListedLicenseException" + } }, "expandedlicensing_ListedLicenseException_derived": { "anyOf": [ @@ -2275,26 +2579,36 @@ ] }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicenseException_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "extension_CdxPropertyEntry": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "extension_CdxPropertyEntry" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "extension_CdxPropertyEntry" } }, - { "$ref": "#/$defs/extension_CdxPropertyEntry_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_CdxPropertyEntry_props" } + ] + }, + "else": { + "const": "Not a extension_CdxPropertyEntry" + } }, "extension_CdxPropertyEntry_derived": { "anyOf": [ @@ -2328,28 +2642,40 @@ ] }, "prop_extension_CdxPropertyEntry_extension_cdxPropName": { - "type": "string" + "type": "string" }, "prop_extension_CdxPropertyEntry_extension_cdxPropValue": { - "type": "string" + "type": "string" }, "extension_Extension": { - "allOf": [ - { - "type": "object", - "unevaluatedProperties": true, - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "allOf": [ - { "$ref": "#/$defs/IRI" }, - { "not": { "const": "extension_Extension" } } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "allOf": [ + { "$ref": "#/$defs/IRI" }, + { "not": { "const": "extension_Extension" } } + ] } }, - { "$ref": "#/$defs/extension_Extension_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "unevaluatedProperties": true, + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_Extension_props" } + ] + }, + "else": { + "const": "Not a extension_Extension" + } }, "extension_Extension_derived": { "anyOf": [ @@ -2374,20 +2700,30 @@ ] }, "security_CvssSeverityType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssSeverityType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssSeverityType" } }, - { "$ref": "#/$defs/security_CvssSeverityType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_CvssSeverityType_props" } + ] + }, + "else": { + "const": "Not a security_CvssSeverityType" + } }, "security_CvssSeverityType_derived": { "anyOf": [ @@ -2417,20 +2753,30 @@ ] }, "security_ExploitCatalogType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_ExploitCatalogType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_ExploitCatalogType" } }, - { "$ref": "#/$defs/security_ExploitCatalogType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_ExploitCatalogType_props" } + ] + }, + "else": { + "const": "Not a security_ExploitCatalogType" + } }, "security_ExploitCatalogType_derived": { "anyOf": [ @@ -2457,20 +2803,30 @@ ] }, "security_SsvcDecisionType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_SsvcDecisionType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_SsvcDecisionType" } }, - { "$ref": "#/$defs/security_SsvcDecisionType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_SsvcDecisionType_props" } + ] + }, + "else": { + "const": "Not a security_SsvcDecisionType" + } }, "security_SsvcDecisionType_derived": { "anyOf": [ @@ -2499,20 +2855,30 @@ ] }, "security_VexJustificationType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "security_VexJustificationType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexJustificationType" } }, - { "$ref": "#/$defs/security_VexJustificationType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/security_VexJustificationType_props" } + ] + }, + "else": { + "const": "Not a security_VexJustificationType" + } }, "security_VexJustificationType_derived": { "anyOf": [ @@ -2588,43 +2954,43 @@ ] }, "prop_security_VulnAssessmentRelationship_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_security_VulnAssessmentRelationship_security_assessedElement": { - "$ref": "#/$defs/software_SoftwareArtifact_derived" + "$ref": "#/$defs/software_SoftwareArtifact_derived" }, "prop_security_VulnAssessmentRelationship_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VulnAssessmentRelationship_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "simplelicensing_AnyLicenseInfo_derived": { "anyOf": [ @@ -2658,21 +3024,31 @@ ] }, "simplelicensing_LicenseExpression": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "simplelicensing_LicenseExpression" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "simplelicensing_LicenseExpression" + } }, - { "$ref": "#/$defs/simplelicensing_LicenseExpression_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/simplelicensing_LicenseExpression_props" } + ] + }, + "else": { + "const": "Not a simplelicensing_LicenseExpression" + } }, "simplelicensing_LicenseExpression_derived": { "anyOf": [ @@ -2693,7 +3069,7 @@ "type": "object", "properties": { "simplelicensing_customIdToUri": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -2716,31 +3092,41 @@ ] }, "prop_simplelicensing_LicenseExpression_simplelicensing_customIdToUri": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseExpression": { - "type": "string" + "type": "string" }, "prop_simplelicensing_LicenseExpression_simplelicensing_licenseListVersion": { - "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "type": "string" + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" }, "simplelicensing_SimpleLicensingText": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "simplelicensing_SimpleLicensingText" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "simplelicensing_SimpleLicensingText" + } }, - { "$ref": "#/$defs/simplelicensing_SimpleLicensingText_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/simplelicensing_SimpleLicensingText_props" } + ] + }, + "else": { + "const": "Not a simplelicensing_SimpleLicensingText" + } }, "simplelicensing_SimpleLicensingText_derived": { "anyOf": [ @@ -2771,23 +3157,33 @@ ] }, "prop_simplelicensing_SimpleLicensingText_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "software_ContentIdentifier": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_ContentIdentifier" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_ContentIdentifier" } }, - { "$ref": "#/$defs/software_ContentIdentifier_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_ContentIdentifier_props" } + ] + }, + "else": { + "const": "Not a software_ContentIdentifier" + } }, "software_ContentIdentifier_derived": { "anyOf": [ @@ -2822,29 +3218,39 @@ ] }, "prop_software_ContentIdentifier_software_contentIdentifierType": { - "enum": [ - "gitoid", - "swhid" - ] + "enum": [ + "gitoid", + "swhid" + ] }, "prop_software_ContentIdentifier_software_contentIdentifierValue": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "software_ContentIdentifierType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_ContentIdentifierType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_ContentIdentifierType" } }, - { "$ref": "#/$defs/software_ContentIdentifierType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_ContentIdentifierType_props" } + ] + }, + "else": { + "const": "Not a software_ContentIdentifierType" + } }, "software_ContentIdentifierType_derived": { "anyOf": [ @@ -2871,20 +3277,30 @@ ] }, "software_FileKindType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_FileKindType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_FileKindType" } }, - { "$ref": "#/$defs/software_FileKindType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_FileKindType_props" } + ] + }, + "else": { + "const": "Not a software_FileKindType" + } }, "software_FileKindType_derived": { "anyOf": [ @@ -2911,20 +3327,30 @@ ] }, "software_SbomType": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_SbomType" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_SbomType" } }, - { "$ref": "#/$defs/software_SbomType_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_SbomType_props" } + ] + }, + "else": { + "const": "Not a software_SbomType" + } }, "software_SbomType_derived": { "anyOf": [ @@ -2955,20 +3381,30 @@ ] }, "software_SoftwarePurpose": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "software_SoftwarePurpose" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_SoftwarePurpose" } }, - { "$ref": "#/$defs/software_SoftwarePurpose_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/software_SoftwarePurpose_props" } + ] + }, + "else": { + "const": "Not a software_SoftwarePurpose" + } }, "software_SoftwarePurpose_derived": { "anyOf": [ @@ -3022,21 +3458,31 @@ ] }, "build_Build": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "build_Build" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "build_Build" + } }, - { "$ref": "#/$defs/build_Build_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/build_Build_props" } + ] + }, + "else": { + "const": "Not a build_Build" + } }, "build_Build_derived": { "anyOf": [ @@ -3069,7 +3515,7 @@ "$ref": "#/$defs/prop_build_Build_build_buildType" }, "build_configSourceDigest": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3079,7 +3525,7 @@ ] }, "build_configSourceEntrypoint": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3089,7 +3535,7 @@ ] }, "build_configSourceUri": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3099,7 +3545,7 @@ ] }, "build_environment": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3109,7 +3555,7 @@ ] }, "build_parameter": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3126,64 +3572,74 @@ ] }, "prop_build_Build_build_buildEndTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_build_Build_build_buildId": { - "type": "string" + "type": "string" }, "prop_build_Build_build_buildStartTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_build_Build_build_buildType": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_build_Build_build_configSourceDigest": { - "$ref": "#/$defs/Hash_derived" + "$ref": "#/$defs/Hash_derived" }, "prop_build_Build_build_configSourceEntrypoint": { - "type": "string" + "type": "string" }, "prop_build_Build_build_configSourceUri": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_build_Build_build_environment": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_build_Build_build_parameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "Agent": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Agent" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Agent" + } }, - { "$ref": "#/$defs/Agent_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Agent_props" } + ] + }, + "else": { + "const": "Not a Agent" + } }, "Agent_derived": { "anyOf": [ @@ -3212,21 +3668,31 @@ ] }, "Annotation": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Annotation" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Annotation" + } }, - { "$ref": "#/$defs/Annotation_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Annotation_props" } + ] + }, + "else": { + "const": "Not a Annotation" + } }, "Annotation_derived": { "anyOf": [ @@ -3267,20 +3733,20 @@ ] }, "prop_Annotation_annotationType": { - "enum": [ - "other", - "review" - ] + "enum": [ + "other", + "review" + ] }, "prop_Annotation_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_Annotation_statement": { - "type": "string" + "type": "string" }, "prop_Annotation_subject": { - "$ref": "#/$defs/Element_derived" + "$ref": "#/$defs/Element_derived" }, "Artifact_derived": { "anyOf": [ @@ -3309,7 +3775,7 @@ "$ref": "#/$defs/prop_Artifact_builtTime" }, "originatedBy": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3322,7 +3788,7 @@ "$ref": "#/$defs/prop_Artifact_releaseTime" }, "standardName": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3335,7 +3801,7 @@ "$ref": "#/$defs/prop_Artifact_suppliedBy" }, "supportLevel": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3352,75 +3818,85 @@ ] }, "prop_Artifact_builtTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_originatedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_releaseTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_Artifact_standardName": { - "type": "string" + "type": "string" }, "prop_Artifact_suppliedBy": { - "$ref": "#/$defs/Agent_derived" + "$ref": "#/$defs/Agent_derived" }, "prop_Artifact_supportLevel": { - "enum": [ - "deployed", - "development", - "endOfSupport", - "limitedSupport", - "noAssertion", - "noSupport", - "support" - ] + "enum": [ + "deployed", + "development", + "endOfSupport", + "limitedSupport", + "noAssertion", + "noSupport", + "support" + ] }, "prop_Artifact_validUntilTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] - }, - "Bundle": { + "type": "string", "allOf": [ { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Bundle" } - ] - } - }, - "required": ["spdxId"] + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" }, - { "$ref": "#/$defs/Bundle_props" } + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } ] }, + "Bundle": { + "if": { + "type": "object", + "properties": { + "type": { + "const": "Bundle" + } + }, + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Bundle_props" } + ] + }, + "else": { + "const": "Not a Bundle" + } + }, "Bundle_derived": { "anyOf": [ { @@ -3449,23 +3925,33 @@ ] }, "prop_Bundle_context": { - "type": "string" + "type": "string" }, "Hash": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "Hash" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "Hash" } }, - { "$ref": "#/$defs/Hash_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/Hash_props" } + ] + }, + "else": { + "const": "Not a Hash" + } }, "Hash_derived": { "anyOf": [ @@ -3500,50 +3986,60 @@ ] }, "prop_Hash_algorithm": { - "enum": [ - "adler32", - "blake2b256", - "blake2b384", - "blake2b512", - "blake3", - "crystalsDilithium", - "crystalsKyber", - "falcon", - "md2", - "md4", - "md5", - "md6", - "other", - "sha1", - "sha224", - "sha256", - "sha384", - "sha3_224", - "sha3_256", - "sha3_384", - "sha3_512", - "sha512" - ] + "enum": [ + "adler32", + "blake2b256", + "blake2b384", + "blake2b512", + "blake3", + "crystalsDilithium", + "crystalsKyber", + "falcon", + "md2", + "md4", + "md5", + "md6", + "other", + "sha1", + "sha224", + "sha256", + "sha384", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512", + "sha512" + ] }, "prop_Hash_hashValue": { - "type": "string" + "type": "string" }, "LifecycleScopedRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "LifecycleScopedRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "LifecycleScopedRelationship" + } }, - { "$ref": "#/$defs/LifecycleScopedRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/LifecycleScopedRelationship_props" } + ] + }, + "else": { + "const": "Not a LifecycleScopedRelationship" + } }, "LifecycleScopedRelationship_derived": { "anyOf": [ @@ -3571,31 +4067,41 @@ ] }, "prop_LifecycleScopedRelationship_scope": { - "enum": [ - "build", - "design", - "development", - "other", - "runtime", - "test" - ] + "enum": [ + "build", + "design", + "development", + "other", + "runtime", + "test" + ] }, "Organization": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Organization" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Organization" + } }, - { "$ref": "#/$defs/Organization_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Organization_props" } + ] + }, + "else": { + "const": "Not a Organization" + } }, "Organization_derived": { "anyOf": [ @@ -3621,21 +4127,31 @@ ] }, "Person": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Person" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Person" + } }, - { "$ref": "#/$defs/Person_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Person_props" } + ] + }, + "else": { + "const": "Not a Person" + } }, "Person_derived": { "anyOf": [ @@ -3660,21 +4176,31 @@ ] }, "SoftwareAgent": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "SoftwareAgent" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "SoftwareAgent" + } }, - { "$ref": "#/$defs/SoftwareAgent_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/SoftwareAgent_props" } + ] + }, + "else": { + "const": "Not a SoftwareAgent" + } }, "SoftwareAgent_derived": { "anyOf": [ @@ -3699,21 +4225,31 @@ ] }, "expandedlicensing_ConjunctiveLicenseSet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ConjunctiveLicenseSet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ConjunctiveLicenseSet" + } }, - { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ConjunctiveLicenseSet_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ConjunctiveLicenseSet" + } }, "expandedlicensing_ConjunctiveLicenseSet_derived": { "anyOf": [ @@ -3734,7 +4270,7 @@ "type": "object", "properties": { "expandedlicensing_member": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 2, @@ -3752,24 +4288,34 @@ ] }, "prop_expandedlicensing_ConjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_CustomLicenseAddition": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_CustomLicenseAddition" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_CustomLicenseAddition" + } }, - { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_CustomLicenseAddition_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_CustomLicenseAddition" + } }, "expandedlicensing_CustomLicenseAddition_derived": { "anyOf": [ @@ -3794,21 +4340,31 @@ ] }, "expandedlicensing_DisjunctiveLicenseSet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_DisjunctiveLicenseSet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_DisjunctiveLicenseSet" + } }, - { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_DisjunctiveLicenseSet_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_DisjunctiveLicenseSet" + } }, "expandedlicensing_DisjunctiveLicenseSet_derived": { "anyOf": [ @@ -3829,7 +4385,7 @@ "type": "object", "properties": { "expandedlicensing_member": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 2, @@ -3847,7 +4403,7 @@ ] }, "prop_expandedlicensing_DisjunctiveLicenseSet_expandedlicensing_member": { - "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" + "$ref": "#/$defs/simplelicensing_AnyLicenseInfo_derived" }, "expandedlicensing_ExtendableLicense_derived": { "anyOf": [ @@ -3874,21 +4430,31 @@ ] }, "expandedlicensing_IndividualLicensingInfo": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_IndividualLicensingInfo" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_IndividualLicensingInfo" + } }, - { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_IndividualLicensingInfo_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_IndividualLicensingInfo" + } }, "expandedlicensing_IndividualLicensingInfo_derived": { "anyOf": [ @@ -3949,7 +4515,7 @@ "$ref": "#/$defs/prop_expandedlicensing_License_expandedlicensing_obsoletedBy" }, "expandedlicensing_seeAlso": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -3975,48 +4541,58 @@ ] }, "prop_expandedlicensing_License_expandedlicensing_isDeprecatedLicenseId": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isFsfLibre": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_isOsiApproved": { - "type": "boolean" + "type": "boolean" }, "prop_expandedlicensing_License_expandedlicensing_licenseXml": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_obsoletedBy": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_seeAlso": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseHeader": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_expandedlicensing_standardLicenseTemplate": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_License_simplelicensing_licenseText": { - "type": "string" + "type": "string" }, "expandedlicensing_ListedLicense": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_ListedLicense" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_ListedLicense" + } }, - { "$ref": "#/$defs/expandedlicensing_ListedLicense_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_ListedLicense_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_ListedLicense" + } }, "expandedlicensing_ListedLicense_derived": { "anyOf": [ @@ -4047,27 +4623,37 @@ ] }, "prop_expandedlicensing_ListedLicense_expandedlicensing_deprecatedVersion": { - "type": "string" + "type": "string" }, "prop_expandedlicensing_ListedLicense_expandedlicensing_listVersionAdded": { - "type": "string" + "type": "string" }, "expandedlicensing_OrLaterOperator": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_OrLaterOperator" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_OrLaterOperator" + } }, - { "$ref": "#/$defs/expandedlicensing_OrLaterOperator_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_OrLaterOperator_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_OrLaterOperator" + } }, "expandedlicensing_OrLaterOperator_derived": { "anyOf": [ @@ -4098,24 +4684,34 @@ ] }, "prop_expandedlicensing_OrLaterOperator_expandedlicensing_subjectLicense": { - "$ref": "#/$defs/expandedlicensing_License_derived" + "$ref": "#/$defs/expandedlicensing_License_derived" }, "expandedlicensing_WithAdditionOperator": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_WithAdditionOperator" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_WithAdditionOperator" + } }, - { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_WithAdditionOperator_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_WithAdditionOperator" + } }, "expandedlicensing_WithAdditionOperator_derived": { "anyOf": [ @@ -4150,26 +4746,36 @@ ] }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectAddition": { - "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" + "$ref": "#/$defs/expandedlicensing_LicenseAddition_derived" }, "prop_expandedlicensing_WithAdditionOperator_expandedlicensing_subjectExtendableLicense": { - "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" + "$ref": "#/$defs/expandedlicensing_ExtendableLicense_derived" }, "extension_CdxPropertiesExtension": { - "allOf": [ - { - "type": "object", - "properties": { - "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, - "type": { - "oneOf": [ - { "const": "extension_CdxPropertiesExtension" } - ] - } + "if": { + "type": "object", + "properties": { + "type": { + "const": "extension_CdxPropertiesExtension" } }, - { "$ref": "#/$defs/extension_CdxPropertiesExtension_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "@id": { "$ref": "#/$defs/BlankNodeOrIRI" }, + "type": { "type": "string" } + } + }, + { "$ref": "#/$defs/extension_CdxPropertiesExtension_props" } + ] + }, + "else": { + "const": "Not a extension_CdxPropertiesExtension" + } }, "extension_CdxPropertiesExtension_derived": { "anyOf": [ @@ -4190,7 +4796,7 @@ "type": "object", "properties": { "extension_cdxProperty": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -4208,24 +4814,34 @@ ] }, "prop_extension_CdxPropertiesExtension_extension_cdxProperty": { - "$ref": "#/$defs/extension_CdxPropertyEntry_derived" + "$ref": "#/$defs/extension_CdxPropertyEntry_derived" }, "security_CvssV2VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV2VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV2VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV2VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV2VulnAssessmentRelationship" + } }, "security_CvssV2VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4260,35 +4876,45 @@ ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV2VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV3VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV3VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV3VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV3VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV3VulnAssessmentRelationship" + } }, "security_CvssV3VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4327,44 +4953,54 @@ ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV3VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_CvssV4VulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_CvssV4VulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_CvssV4VulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_CvssV4VulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_CvssV4VulnAssessmentRelationship" + } }, "security_CvssV4VulnAssessmentRelationship_derived": { "anyOf": [ @@ -4403,44 +5039,54 @@ ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_score": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_severity": { - "enum": [ - "critical", - "high", - "low", - "medium", - "none" - ] + "enum": [ + "critical", + "high", + "low", + "medium", + "none" + ] }, "prop_security_CvssV4VulnAssessmentRelationship_security_vectorString": { - "type": "string" + "type": "string" }, "security_EpssVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_EpssVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_EpssVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_EpssVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_EpssVulnAssessmentRelationship" + } }, "security_EpssVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4475,44 +5121,54 @@ ] }, "prop_security_EpssVulnAssessmentRelationship_security_percentile": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] + "anyOf": [ + { + "type": "number" + }, + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } + ] }, "prop_security_EpssVulnAssessmentRelationship_security_probability": { - "oneOf": [ - { - "type": "number" - }, - { - "type": "string", - "pattern": "^-?[0-9]+(\\.[0-9]*)?$" - } - ] - }, - "security_ExploitCatalogVulnAssessmentRelationship": { - "allOf": [ + "anyOf": [ { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_ExploitCatalogVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "type": "number" }, - { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship_props" } + { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]*)?$" + } ] }, + "security_ExploitCatalogVulnAssessmentRelationship": { + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_ExploitCatalogVulnAssessmentRelationship" + } + }, + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_ExploitCatalogVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_ExploitCatalogVulnAssessmentRelationship" + } + }, "security_ExploitCatalogVulnAssessmentRelationship_derived": { "anyOf": [ { @@ -4550,33 +5206,43 @@ ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_catalogType": { - "enum": [ - "kev", - "other" - ] + "enum": [ + "kev", + "other" + ] }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_exploited": { - "type": "boolean" + "type": "boolean" }, "prop_security_ExploitCatalogVulnAssessmentRelationship_security_locator": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "security_SsvcVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_SsvcVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_SsvcVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_SsvcVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_SsvcVulnAssessmentRelationship" + } }, "security_SsvcVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4607,12 +5273,12 @@ ] }, "prop_security_SsvcVulnAssessmentRelationship_security_decisionType": { - "enum": [ - "act", - "attend", - "track", - "trackStar" - ] + "enum": [ + "act", + "attend", + "track", + "trackStar" + ] }, "security_VexVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4646,27 +5312,37 @@ ] }, "prop_security_VexVulnAssessmentRelationship_security_statusNotes": { - "type": "string" + "type": "string" }, "prop_security_VexVulnAssessmentRelationship_security_vexVersion": { - "type": "string" + "type": "string" }, "security_Vulnerability": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_Vulnerability" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_Vulnerability" + } }, - { "$ref": "#/$defs/security_Vulnerability_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_Vulnerability_props" } + ] + }, + "else": { + "const": "Not a security_Vulnerability" + } }, "security_Vulnerability_derived": { "anyOf": [ @@ -4700,37 +5376,37 @@ ] }, "prop_security_Vulnerability_security_modifiedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_publishedTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_Vulnerability_security_withdrawnTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "software_SoftwareArtifact_derived": { "anyOf": [ @@ -4755,7 +5431,7 @@ "type": "object", "properties": { "software_additionalPurpose": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4765,7 +5441,7 @@ ] }, "software_attributionText": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4775,7 +5451,7 @@ ] }, "software_contentIdentifier": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -4795,96 +5471,106 @@ ] }, "prop_software_SoftwareArtifact_software_additionalPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "prop_software_SoftwareArtifact_software_attributionText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_contentIdentifier": { - "$ref": "#/$defs/software_ContentIdentifier_derived" + "$ref": "#/$defs/software_ContentIdentifier_derived" }, "prop_software_SoftwareArtifact_software_copyrightText": { - "type": "string" + "type": "string" }, "prop_software_SoftwareArtifact_software_primaryPurpose": { - "enum": [ - "application", - "archive", - "bom", - "configuration", - "container", - "data", - "device", - "deviceDriver", - "diskImage", - "documentation", - "evidence", - "executable", - "file", - "filesystemImage", - "firmware", - "framework", - "install", - "library", - "manifest", - "model", - "module", - "operatingSystem", - "other", - "patch", - "platform", - "requirement", - "source", - "specification", - "test" - ] + "enum": [ + "application", + "archive", + "bom", + "configuration", + "container", + "data", + "device", + "deviceDriver", + "diskImage", + "documentation", + "evidence", + "executable", + "file", + "filesystemImage", + "firmware", + "framework", + "install", + "library", + "manifest", + "model", + "module", + "operatingSystem", + "other", + "patch", + "platform", + "requirement", + "source", + "specification", + "test" + ] }, "Bom": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "Bom" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "Bom" + } }, - { "$ref": "#/$defs/Bom_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/Bom_props" } + ] + }, + "else": { + "const": "Not a Bom" + } }, "Bom_derived": { "anyOf": [ @@ -4910,21 +5596,31 @@ ] }, "expandedlicensing_CustomLicense": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "expandedlicensing_CustomLicense" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "expandedlicensing_CustomLicense" + } }, - { "$ref": "#/$defs/expandedlicensing_CustomLicense_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/expandedlicensing_CustomLicense_props" } + ] + }, + "else": { + "const": "Not a expandedlicensing_CustomLicense" + } }, "expandedlicensing_CustomLicense_derived": { "anyOf": [ @@ -4949,21 +5645,31 @@ ] }, "security_VexAffectedVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexAffectedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexAffectedVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexAffectedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexAffectedVulnAssessmentRelationship" + } }, "security_VexAffectedVulnAssessmentRelationship_derived": { "anyOf": [ @@ -4997,36 +5703,46 @@ ] }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatement": { - "type": "string" + "type": "string" }, "prop_security_VexAffectedVulnAssessmentRelationship_security_actionStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] - }, - "security_VexFixedVulnAssessmentRelationship": { + "type": "string", "allOf": [ { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexFixedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" }, - { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship_props" } + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } ] }, + "security_VexFixedVulnAssessmentRelationship": { + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexFixedVulnAssessmentRelationship" + } + }, + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexFixedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexFixedVulnAssessmentRelationship" + } + }, "security_VexFixedVulnAssessmentRelationship_derived": { "anyOf": [ { @@ -5050,21 +5766,31 @@ ] }, "security_VexNotAffectedVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexNotAffectedVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexNotAffectedVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexNotAffectedVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexNotAffectedVulnAssessmentRelationship" + } }, "security_VexNotAffectedVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5098,44 +5824,54 @@ ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatement": { - "type": "string" + "type": "string" }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_impactStatementTime": { - "type": "string", - "allOf": [ - { - "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" - }, - { - "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" - } - ] + "type": "string", + "allOf": [ + { + "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]:[0-6][0-9](Z|[+-][0-9]{2}:[0-9]{2})$" + }, + { + "pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" + } + ] }, "prop_security_VexNotAffectedVulnAssessmentRelationship_security_justificationType": { - "enum": [ - "componentNotPresent", - "inlineMitigationsAlreadyExist", - "vulnerableCodeCannotBeControlledByAdversary", - "vulnerableCodeNotInExecutePath", - "vulnerableCodeNotPresent" - ] + "enum": [ + "componentNotPresent", + "inlineMitigationsAlreadyExist", + "vulnerableCodeCannotBeControlledByAdversary", + "vulnerableCodeNotInExecutePath", + "vulnerableCodeNotPresent" + ] }, "security_VexUnderInvestigationVulnAssessmentRelationship": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "security_VexUnderInvestigationVulnAssessmentRelationship" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "security_VexUnderInvestigationVulnAssessmentRelationship" + } }, - { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/security_VexUnderInvestigationVulnAssessmentRelationship_props" } + ] + }, + "else": { + "const": "Not a security_VexUnderInvestigationVulnAssessmentRelationship" + } }, "security_VexUnderInvestigationVulnAssessmentRelationship_derived": { "anyOf": [ @@ -5160,21 +5896,31 @@ ] }, "software_File": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_File" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_File" + } }, - { "$ref": "#/$defs/software_File_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_File_props" } + ] + }, + "else": { + "const": "Not a software_File" + } }, "software_File_derived": { "anyOf": [ @@ -5205,31 +5951,41 @@ ] }, "prop_software_File_contentType": { - "pattern": "^[^\\/]+\\/[^\\/]+$", - "type": "string" + "pattern": "^[^\\/]+\\/[^\\/]+$", + "type": "string" }, "prop_software_File_software_fileKind": { - "enum": [ - "directory", - "file" - ] + "enum": [ + "directory", + "file" + ] }, "software_Package": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Package" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Package" + } }, - { "$ref": "#/$defs/software_Package_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Package_props" } + ] + }, + "else": { + "const": "Not a software_Package" + } }, "software_Package_derived": { "anyOf": [ @@ -5271,36 +6027,46 @@ ] }, "prop_software_Package_software_downloadLocation": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_homePage": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageUrl": { - "$ref": "#/$defs/anyURI" + "$ref": "#/$defs/anyURI" }, "prop_software_Package_software_packageVersion": { - "type": "string" + "type": "string" }, "prop_software_Package_software_sourceInfo": { - "type": "string" + "type": "string" }, "software_Sbom": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Sbom" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Sbom" + } }, - { "$ref": "#/$defs/software_Sbom_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Sbom_props" } + ] + }, + "else": { + "const": "Not a software_Sbom" + } }, "software_Sbom_derived": { "anyOf": [ @@ -5321,7 +6087,7 @@ "type": "object", "properties": { "software_sbomType": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5335,31 +6101,41 @@ ] }, "prop_software_Sbom_software_sbomType": { - "enum": [ - "analyzed", - "build", - "deployed", - "design", - "runtime", - "source" - ] + "enum": [ + "analyzed", + "build", + "deployed", + "design", + "runtime", + "source" + ] }, "software_Snippet": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "software_Snippet" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "software_Snippet" + } }, - { "$ref": "#/$defs/software_Snippet_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/software_Snippet_props" } + ] + }, + "else": { + "const": "Not a software_Snippet" + } }, "software_Snippet_derived": { "anyOf": [ @@ -5396,30 +6172,40 @@ ] }, "prop_software_Snippet_software_byteRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_lineRange": { - "$ref": "#/$defs/PositiveIntegerRange_derived" + "$ref": "#/$defs/PositiveIntegerRange_derived" }, "prop_software_Snippet_software_snippetFromFile": { - "$ref": "#/$defs/software_File_derived" + "$ref": "#/$defs/software_File_derived" }, "ai_AIPackage": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "ai_AIPackage" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "ai_AIPackage" + } }, - { "$ref": "#/$defs/ai_AIPackage_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/ai_AIPackage_props" } + ] + }, + "else": { + "const": "Not a ai_AIPackage" + } }, "ai_AIPackage_derived": { "anyOf": [ @@ -5443,7 +6229,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_autonomyType" }, "ai_domain": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5456,7 +6242,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_energyConsumption" }, "ai_hyperparameter": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5475,7 +6261,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_limitation" }, "ai_metric": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5485,7 +6271,7 @@ ] }, "ai_metricDecisionThreshold": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5495,7 +6281,7 @@ ] }, "ai_modelDataPreprocessing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5505,7 +6291,7 @@ ] }, "ai_modelExplainability": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5518,7 +6304,7 @@ "$ref": "#/$defs/prop_ai_AIPackage_ai_safetyRiskAssessment" }, "ai_standardCompliance": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5528,7 +6314,7 @@ ] }, "ai_typeOfModel": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5545,79 +6331,89 @@ ] }, "prop_ai_AIPackage_ai_autonomyType": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_ai_AIPackage_ai_domain": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_energyConsumption": { - "$ref": "#/$defs/ai_EnergyConsumption_derived" + "$ref": "#/$defs/ai_EnergyConsumption_derived" }, "prop_ai_AIPackage_ai_hyperparameter": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_informationAboutApplication": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_informationAboutTraining": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_limitation": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_metric": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_metricDecisionThreshold": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "prop_ai_AIPackage_ai_modelDataPreprocessing": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_modelExplainability": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_safetyRiskAssessment": { - "enum": [ - "high", - "low", - "medium", - "serious" - ] + "enum": [ + "high", + "low", + "medium", + "serious" + ] }, "prop_ai_AIPackage_ai_standardCompliance": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_typeOfModel": { - "type": "string" + "type": "string" }, "prop_ai_AIPackage_ai_useSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "dataset_DatasetPackage": { - "allOf": [ - { - "type": "object", - "properties": { - "spdxId": { "$ref": "#/$defs/IRI" }, - "type": { - "oneOf": [ - { "const": "dataset_DatasetPackage" } - ] - } - }, - "required": ["spdxId"] + "if": { + "type": "object", + "properties": { + "type": { + "const": "dataset_DatasetPackage" + } }, - { "$ref": "#/$defs/dataset_DatasetPackage_props" } - ] + "required": ["type"] + }, + "then": { + "allOf": [ + { + "type": "object", + "properties": { + "spdxId": { "$ref": "#/$defs/IRI" }, + "type": { "type": "string" } + }, + "required": ["spdxId"] + }, + { "$ref": "#/$defs/dataset_DatasetPackage_props" } + ] + }, + "else": { + "const": "Not a dataset_DatasetPackage" + } }, "dataset_DatasetPackage_derived": { "anyOf": [ @@ -5638,7 +6434,7 @@ "type": "object", "properties": { "dataset_anonymizationMethodUsed": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5654,7 +6450,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_dataCollectionProcess" }, "dataset_dataPreprocessing": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5673,7 +6469,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_datasetSize" }, "dataset_datasetType": { - "oneOf": [ + "anyOf": [ { "type": "array", "minItems": 1, @@ -5693,7 +6489,7 @@ "$ref": "#/$defs/prop_dataset_DatasetPackage_dataset_intendedUse" }, "dataset_knownBias": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5703,7 +6499,7 @@ ] }, "dataset_sensor": { - "oneOf": [ + "anyOf": [ { "type": "array", "items": { @@ -5720,74 +6516,74 @@ ] }, "prop_dataset_DatasetPackage_dataset_anonymizationMethodUsed": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_confidentialityLevel": { - "enum": [ - "amber", - "clear", - "green", - "red" - ] + "enum": [ + "amber", + "clear", + "green", + "red" + ] }, "prop_dataset_DatasetPackage_dataset_dataCollectionProcess": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_dataPreprocessing": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetAvailability": { - "enum": [ - "clickthrough", - "directDownload", - "query", - "registration", - "scrapingScript" - ] + "enum": [ + "clickthrough", + "directDownload", + "query", + "registration", + "scrapingScript" + ] }, "prop_dataset_DatasetPackage_dataset_datasetNoise": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_datasetSize": { - "type": "integer", - "minimum": 0 + "type": "integer", + "minimum": 0 }, "prop_dataset_DatasetPackage_dataset_datasetType": { - "enum": [ - "audio", - "categorical", - "graph", - "image", - "noAssertion", - "numeric", - "other", - "sensor", - "structured", - "syntactic", - "text", - "timeseries", - "timestamp", - "video" - ] + "enum": [ + "audio", + "categorical", + "graph", + "image", + "noAssertion", + "numeric", + "other", + "sensor", + "structured", + "syntactic", + "text", + "timeseries", + "timestamp", + "video" + ] }, "prop_dataset_DatasetPackage_dataset_datasetUpdateMechanism": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_hasSensitivePersonalInformation": { - "enum": [ - "no", - "noAssertion", - "yes" - ] + "enum": [ + "no", + "noAssertion", + "yes" + ] }, "prop_dataset_DatasetPackage_dataset_intendedUse": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_knownBias": { - "type": "string" + "type": "string" }, "prop_dataset_DatasetPackage_dataset_sensor": { - "$ref": "#/$defs/DictionaryEntry_derived" + "$ref": "#/$defs/DictionaryEntry_derived" }, "IRI": { "type": "string", @@ -5798,7 +6594,7 @@ "pattern": "^_:.+" }, "BlankNodeOrIRI": { - "oneOf": [ + "anyOf": [ { "$ref": "#/$defs/IRI" }, { "$ref": "#/$defs/BlankNode" } ] @@ -5810,7 +6606,7 @@ "type": "object", "properties": { "type": { - "oneOf": [ + "anyOf": [ { "$ref": "#/$defs/IRI" }, { "enum": [ From 5f3620a529069d544db60cc2f4161f3969a35f55 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Fri, 21 Nov 2025 14:33:20 -0800 Subject: [PATCH 70/94] Update schema to match generated schema Signed-off-by: Gary O'Neall --- resources/spdx-schema-v3.0.1.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/resources/spdx-schema-v3.0.1.json b/resources/spdx-schema-v3.0.1.json index 13f4636..bd7a3b5 100644 --- a/resources/spdx-schema-v3.0.1.json +++ b/resources/spdx-schema-v3.0.1.json @@ -603,6 +603,16 @@ } ] }, + "extension": { + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/$defs/prop_Element_extension" + } + } + ] + }, "externalIdentifier": { "anyOf": [ { @@ -658,6 +668,9 @@ "prop_Element_extension": { "$ref": "#/$defs/extension_Extension_derived" }, + "prop_Element_extension": { + "$ref": "#/$defs/extension_Extension_derived" + }, "prop_Element_externalIdentifier": { "$ref": "#/$defs/ExternalIdentifier_derived" }, From ec1f6634d27c8f9042e0d620277a674b141837e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 18:12:47 +0000 Subject: [PATCH 71/94] Bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 Bumps [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](https://github.com/apache/maven-source-plugin/compare/maven-source-plugin-3.3.1...maven-source-plugin-3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7335130..de31612 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ org.apache.maven.plugins maven-source-plugin - 3.3.1 + 3.4.0 attach-sources From 0ce3002985543d6fb02f17127a3bb1cc3d77c974 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 3 Dec 2025 09:00:57 -0800 Subject: [PATCH 72/94] Update SPDX library versions Signed-off-by: Gary O'Neall --- pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index de31612..92dec7d 100644 --- a/pom.xml +++ b/pom.xml @@ -118,17 +118,17 @@ org.spdx java-spdx-library - 2.0.1 + 2.0.2 org.spdx spdx-jackson-store - 2.0.3 + 2.0.4 org.spdx spdx-rdf-store - 2.0.1 + 2.0.2 org.spdx @@ -138,12 +138,12 @@ org.spdx spdx-tagvalue-store - 2.0.1 + 2.0.2 org.spdx spdx-v3jsonld-store - 1.0.1 + 1.0.2 com.networknt From a097f097e745fd1083d8995cb88d86dbd51ae2ff Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 3 Dec 2025 09:28:43 -0800 Subject: [PATCH 73/94] [maven-release-plugin] prepare release v2.0.3 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 92dec7d..0d38483 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.3-SNAPSHOT + 2.0.3 jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - master + v2.0.3 Github From de4734dd6d36df9002b66136117cf3859e5447c8 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 3 Dec 2025 09:28:58 -0800 Subject: [PATCH 74/94] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 0d38483..a1309e7 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.3 + 2.0.4-SNAPSHOT jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - v2.0.3 + master Github From 77a41decbe94825424267827180ba738f8cb53cf Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Fri, 5 Dec 2025 10:23:53 -0800 Subject: [PATCH 75/94] Revert json-schema-validator version to 1.5.9 Fixes #257 Version 2.0.0 of the json-schema-validator introduces a very significant performance degredation Signed-off-by: Gary O'Neall --- .../examples/ExpandedLicenseExampleV3.java | 22 +++++++-------- .../org/spdx/examples/FullSpdxV3Example.java | 21 +++++++-------- pom.xml | 2 +- src/main/java/org/spdx/tools/Verify.java | 27 ++++++++++--------- 4 files changed, 36 insertions(+), 36 deletions(-) diff --git a/examples/org/spdx/examples/ExpandedLicenseExampleV3.java b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java index 030b1b2..5b07d11 100644 --- a/examples/org/spdx/examples/ExpandedLicenseExampleV3.java +++ b/examples/org/spdx/examples/ExpandedLicenseExampleV3.java @@ -3,7 +3,7 @@ * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + *
* Example of serializing a single expanded license */ @@ -12,10 +12,10 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; -import com.networknt.schema.Error; -import com.networknt.schema.Schema; -import com.networknt.schema.SchemaRegistry; -import com.networknt.schema.SpecificationVersion; +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion.VersionFlag; +import com.networknt.schema.ValidationMessage; import org.spdx.core.DefaultModelStore; import org.spdx.core.IModelCopyManager; import org.spdx.library.LicenseInfoFactory; @@ -37,6 +37,7 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.Set; import static org.spdx.tools.Verify.JSON_SCHEMA_RESOURCE_V3; @@ -158,18 +159,17 @@ public static void main(String[] args) throws Exception { try (OutputStream outStream = new FileOutputStream(outFile)) { modelStore.serialize(outStream, doc); } - SchemaRegistry schemaRegistry = - SchemaRegistry.withDefaultDialect(SpecificationVersion.DRAFT_2020_12); - Schema schema; + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); + JsonSchema schema; try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { - schema = schemaRegistry.getSchema(is); + schema = jsonSchemaFactory.getSchema(is); } JsonNode root; try (InputStream is = new FileInputStream(outFile)) { root = JSON_MAPPER.readTree(is); } - List messages = schema.validate(root); - for (Error msg:messages) { + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { warnings.add(msg.toString()); } if (!warnings.isEmpty()) { diff --git a/examples/org/spdx/examples/FullSpdxV3Example.java b/examples/org/spdx/examples/FullSpdxV3Example.java index fd1b269..132b3a6 100644 --- a/examples/org/spdx/examples/FullSpdxV3Example.java +++ b/examples/org/spdx/examples/FullSpdxV3Example.java @@ -3,7 +3,7 @@ * SPDX-FileCopyrightText: Copyright (c) 2025 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + *
* Full example of an SPDX document using all classes */ @@ -12,10 +12,10 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; -import com.networknt.schema.Error; -import com.networknt.schema.Schema; -import com.networknt.schema.SchemaRegistry; -import com.networknt.schema.SpecificationVersion; +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion.VersionFlag; +import com.networknt.schema.ValidationMessage; import org.spdx.core.DefaultModelStore; import org.spdx.core.IModelCopyManager; import org.spdx.core.InvalidSPDXAnalysisException; @@ -838,18 +838,17 @@ public static void main(String[] args) throws Exception { } // Validate using the schema - SchemaRegistry schemaRegistry = - SchemaRegistry.withDefaultDialect(SpecificationVersion.DRAFT_2020_12); - Schema schema; + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); + JsonSchema schema; try (InputStream is = Verify.class.getResourceAsStream("/" + JSON_SCHEMA_RESOURCE_V3)) { - schema = schemaRegistry.getSchema(is); + schema = jsonSchemaFactory.getSchema(is); } JsonNode root; try (InputStream is = new FileInputStream(outFile)) { root = JSON_MAPPER.readTree(is); } - List messages = schema.validate(root); - for (Error msg:messages) { + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { warnings.add(msg.toString()); } if (!warnings.isEmpty()) { diff --git a/pom.xml b/pom.xml index a1309e7..2034dbe 100644 --- a/pom.xml +++ b/pom.xml @@ -148,7 +148,7 @@ com.networknt json-schema-validator - 2.0.0 + 1.5.9 org.slf4j diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java index 80b4f75..00ff30e 100644 --- a/src/main/java/org/spdx/tools/Verify.java +++ b/src/main/java/org/spdx/tools/Verify.java @@ -2,13 +2,13 @@ * SPDX-FileCopyrightText: Copyright (c) 2015 Source Auditor Inc. * SPDX-FileType: SOURCE * SPDX-License-Identifier: Apache-2.0 - * + *
* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + *
* https://www.apache.org/licenses/LICENSE-2.0 - * + *
* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,6 +26,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Objects; +import java.util.Set; import com.fasterxml.jackson.core.JsonParseException; @@ -39,10 +40,11 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; -import com.networknt.schema.Schema; -import com.networknt.schema.SchemaRegistry; -import com.networknt.schema.SpecificationVersion; -import com.networknt.schema.Error; + +import com.networknt.schema.JsonSchema; +import com.networknt.schema.JsonSchemaFactory; +import com.networknt.schema.SpecVersion.VersionFlag; +import com.networknt.schema.ValidationMessage; /** * Verifies an SPDX document and lists any verification errors @@ -171,18 +173,17 @@ public static List verify(String filePath, SerFileType fileType) throws } else { jsonSchemaResource = JSON_SCHEMA_RESOURCE_V3; } - SchemaRegistry schemaRegistry = - SchemaRegistry.withDefaultDialect(SpecificationVersion.DRAFT_2020_12); - Schema schema; + JsonSchemaFactory jsonSchemaFactory = JsonSchemaFactory.getInstance(VersionFlag.V202012); + JsonSchema schema; try (InputStream is = Verify.class.getResourceAsStream("/" + jsonSchemaResource)) { - schema = schemaRegistry.getSchema(is); + schema = jsonSchemaFactory.getSchema(is); } JsonNode root; try (InputStream is = new FileInputStream(file)) { root = JSON_MAPPER.readTree(is); } - List messages = schema.validate(root); - for (Error msg:messages) { + Set messages = schema.validate(root); + for (ValidationMessage msg:messages) { retval.add(msg.toString()); } } catch (IOException e) { From 93c22b84e78c74d436f88ff95c7aaa0f2bfe5eb7 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Fri, 5 Dec 2025 11:11:30 -0800 Subject: [PATCH 76/94] [maven-release-plugin] prepare release v2.0.4 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 2034dbe..d0d5684 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.4-SNAPSHOT + 2.0.4 jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - master + v2.0.4 Github From 085d5b4c55cb4a9304ec24407734275a1d07b67f Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Fri, 5 Dec 2025 11:11:37 -0800 Subject: [PATCH 77/94] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index d0d5684..2458f23 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.4 + 2.0.5-SNAPSHOT jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - v2.0.4 + master Github From 9bba4eb85557f3c2689da5f14d5e19a027586a8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 16:01:09 +0000 Subject: [PATCH 78/94] Bump org.spdx:spdx-spreadsheet-store from 2.0.1 to 2.0.2 Bumps [org.spdx:spdx-spreadsheet-store](https://github.com/spdx/spdx-spreadsheet-store) from 2.0.1 to 2.0.2. - [Commits](https://github.com/spdx/spdx-spreadsheet-store/commits) --- updated-dependencies: - dependency-name: org.spdx:spdx-spreadsheet-store dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2458f23..03c021d 100644 --- a/pom.xml +++ b/pom.xml @@ -133,7 +133,7 @@ org.spdx spdx-spreadsheet-store - 2.0.1 + 2.0.2 org.spdx From a0feec8295a003077f99864ea2961365b79126ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jan 2026 20:16:04 +0000 Subject: [PATCH 79/94] Bump org.sonatype.central:central-publishing-maven-plugin Bumps [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin) from 0.9.0 to 0.10.0. - [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits) --- updated-dependencies: - dependency-name: org.sonatype.central:central-publishing-maven-plugin dependency-version: 0.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 03c021d..97cbd82 100644 --- a/pom.xml +++ b/pom.xml @@ -205,7 +205,7 @@ org.sonatype.central central-publishing-maven-plugin - 0.9.0 + 0.10.0 true central From 515493fb1bc287b95cb49cd4e53983e48f99aad6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jan 2026 20:15:55 +0000 Subject: [PATCH 80/94] Bump org.owasp:dependency-check-maven from 12.1.9 to 12.2.0 Bumps [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) from 12.1.9 to 12.2.0. - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/dependency-check/DependencyCheck/compare/v12.1.9...v12.2.0) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 97cbd82..fdf0b97 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ https://sonarcloud.io spdx tools-java - 12.1.9 + 12.2.0 11 -Xdoclint:none From 968beea74ade1ff11967b0cebb979c79c150c9a1 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Sat, 17 Jan 2026 19:08:53 -0800 Subject: [PATCH 81/94] Add sonar-maven-plugin version 5.5.0.6356 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index fdf0b97..91625f9 100644 --- a/pom.xml +++ b/pom.xml @@ -361,6 +361,11 @@ deploy + + org.sonarsource.scanner.maven + sonar-maven-plugin + 5.5.0.6356 + From c7e8af736bff01b8f2f09bb4e71184cca209acd3 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Sun, 18 Jan 2026 09:59:06 +0100 Subject: [PATCH 82/94] feat(docker): Improve docker build and prevent double path in naming Signed-off-by: Helio Chissini de Castro --- .github/workflows/docker_deploy.yml | 37 +++++++++++++---------------- Dockerfile | 13 ++++------ 2 files changed, 22 insertions(+), 28 deletions(-) diff --git a/.github/workflows/docker_deploy.yml b/.github/workflows/docker_deploy.yml index 55ce713..26af21c 100644 --- a/.github/workflows/docker_deploy.yml +++ b/.github/workflows/docker_deploy.yml @@ -6,9 +6,14 @@ name: Docker Build on: + workflow_dispatch: + pull_request: + paths: + - Dockerfile + - .github/workflows/docker_deploy.yml push: paths-ignore: - - "**.md" + - '**.md' tags: - 'v*' env: @@ -24,22 +29,13 @@ jobs: steps: - name: Checkout main repository - uses: actions/checkout@v3 - - - name: Set environment variables - run: | - echo "ORG_BASE_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV - echo "TOOLS_JAVA_VERSION=${GITHUB_REF_NAME/v/}" >> $GITHUB_ENV - - name: Echoing current version - run: | - echo "$TOOLS_JAVA_VERSION" - echo $GITHUB_REF_NAME + uses: actions/checkout@v5 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -47,19 +43,20 @@ jobs: - name: Extract components metadata id: meta_base - uses: docker/metadata-action@v4 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v51.0.0 with: - images: | - ${{ env.REGISTRY }}/${{ env.ORG_BASE_NAME }}/tools-java + tags: | + type=ref,event=tag + type=semver,pattern={{version}} + type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }} + labels: org.opencontainers.image.licenses=Apache-2.0 - name: Build Container - uses: docker/build-push-action@v3 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . - push: true + push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }} load: false - build-args: | - TOOLS_JAVA_VERSION=${{ env.TOOLS_JAVA_VERSION }} tags: | ${{ steps.meta_base.outputs.tags }} labels: ${{ steps.meta_base.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index df1be6a..9b37ffb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,21 @@ # syntax=docker/dockerfile:1.4 # Set Java versions -ARG JAVA_VERSION=17 +ARG JAVA_VERSION=21 # Use Maven eclipse Temurin based -FROM maven:3.8-eclipse-temurin-$JAVA_VERSION as build - -ARG TOOLS_JAVA_VERSION=1.1.5-SNAPSHOT +FROM maven:3.9-eclipse-temurin-$JAVA_VERSION as build WORKDIR /build # BUILD RUN --mount=type=cache,target=/root/.m2 \ --mount=type=bind,source=$PWD,target=/build,rw \ - mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ + export TOOLS_JAVA_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) \ + && mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ && mkdir -p /usr/lib/java/spdx \ && cp target/tools-java-$TOOLS_JAVA_VERSION-jar-with-dependencies.jar /usr/lib/java/spdx/ - # Configure the wrapper script COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java @@ -25,11 +23,10 @@ COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java RUN sed -i "s/@@VERSION@@/$TOOLS_JAVA_VERSION/g" /usr/bin/tools-java \ && chmod +x /usr/bin/tools-java - # Deploy image FROM eclipse-temurin:$JAVA_VERSION as run COPY --from=build /usr/lib/java/spdx /usr/lib/java/spdx COPY --from=build /usr/bin/tools-java /usr/bin/tools-java -ENTRYPOINT [ "/usr/bin/tools-java" ] \ No newline at end of file +ENTRYPOINT [ "/usr/bin/tools-java" ] From 0e188d55b7e1e03a2729f94fc81ec8e5d71a3faa Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Sun, 18 Jan 2026 11:16:14 +0100 Subject: [PATCH 83/94] feat(docker): Enable multiarch image Signed-off-by: Helio Chissini de Castro --- .github/workflows/docker_deploy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/docker_deploy.yml b/.github/workflows/docker_deploy.yml index 26af21c..f35157a 100644 --- a/.github/workflows/docker_deploy.yml +++ b/.github/workflows/docker_deploy.yml @@ -31,6 +31,9 @@ jobs: - name: Checkout main repository uses: actions/checkout@v5 + - name: Setup QEMU + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 @@ -45,6 +48,8 @@ jobs: id: meta_base uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v51.0.0 with: + images: | + ${{ env.REGISTRY }}/${{ github.repository }} tags: | type=ref,event=tag type=semver,pattern={{version}} @@ -57,6 +62,7 @@ jobs: context: . push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }} load: false + platforms: linux/amd64,linux/arm64 tags: | ${{ steps.meta_base.outputs.tags }} labels: ${{ steps.meta_base.outputs.labels }} From e545a1b00da91a1ba7083c276c518cbe88215f6a Mon Sep 17 00:00:00 2001 From: Arthit Suriyawongkul Date: Mon, 19 Jan 2026 11:58:45 +0000 Subject: [PATCH 84/94] Add cooldown period for Maven updates in Dependabot Add 7 days cooldown period --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3cddd8c..ff70475 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,8 @@ version: 2 updates: - package-ecosystem: "maven" + cooldown: + default-days: 7 directory: "/" schedule: interval: "weekly" From 1f67a1901bb345724813a2fbee05e2e38bf0d694 Mon Sep 17 00:00:00 2001 From: Marc-Etienne Vargenau Date: Wed, 18 Feb 2026 11:08:28 +0100 Subject: [PATCH 85/94] Update READEME for release 2.0.4 Signed-off-by: Marc-Etienne Vargenau --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index e1258bf..b38af53 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ If you are a developer, there are examples in the [examples folder](examples/org The command line interface of the SPDX Tools can be used like this: - java -jar tools-java-2.0.2-jar-with-dependencies.jar + java -jar tools-java-2.0.4-jar-with-dependencies.jar ## SPDX format converters @@ -54,18 +54,18 @@ The following converter tools support SPDX format: Example to convert a SPDX file from Tag to RDF format: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: * use the file extension `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD + java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities @@ -75,13 +75,13 @@ The following tools can be used to compare one or more SPDX documents: Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - java -jar tools-java-2.0.2-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.4-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN * CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.2-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.4-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer @@ -91,7 +91,7 @@ The following tool can be used to "Pretty Print" an SPDX document. Sample usage: - java -jar tools-java-2.0.2-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.4-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier @@ -101,7 +101,7 @@ The following tool can be used to verify an SPDX document: Sample usage: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.4-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators @@ -111,7 +111,7 @@ The following tool can be used to generate an SPDX verification code from a dire Sample usage: - java -jar tools-java-2.0.2-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.4-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool From 144c5b4116da77672188836d7a10b7f0dec6b032 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Feb 2026 16:21:12 +0000 Subject: [PATCH 86/94] Bump org.apache.maven.plugins:maven-compiler-plugin Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.14.1 to 3.15.0. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.14.1...maven-compiler-plugin-3.15.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-version: 3.15.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 91625f9..45e2e92 100644 --- a/pom.xml +++ b/pom.xml @@ -242,7 +242,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.14.1 + 3.15.0 ${project.build.sourceEncoding} true From db3152e5a5c1a48dc23a78b2251e73acde67d0c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 16:01:03 +0000 Subject: [PATCH 87/94] Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.1 Bumps [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) from 3.2.0 to 3.3.1. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.2.0...maven-release-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 45e2e92..521e7c2 100644 --- a/pom.xml +++ b/pom.xml @@ -354,7 +354,7 @@ org.apache.maven.plugins maven-release-plugin - 3.2.0 + 3.3.1 v@{project.version} release From 811f274b17b570a992e5027bc4e6911a52c7c891 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Thu, 12 Mar 2026 16:04:49 -0700 Subject: [PATCH 88/94] Update SPDX Java library versions Signed-off-by: Gary O'Neall --- pom.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 521e7c2..2285584 100644 --- a/pom.xml +++ b/pom.xml @@ -118,32 +118,32 @@ org.spdx java-spdx-library - 2.0.2 + 2.0.3 org.spdx spdx-jackson-store - 2.0.4 + 2.0.5 org.spdx spdx-rdf-store - 2.0.2 + 2.0.3 org.spdx spdx-spreadsheet-store - 2.0.2 + 2.0.3 org.spdx spdx-tagvalue-store - 2.0.2 + 2.0.3 org.spdx spdx-v3jsonld-store - 1.0.2 + 1.0.3 com.networknt From 5adac70c8d826fa60ce8260e2eaeaac78355dfed Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Thu, 12 Mar 2026 16:13:48 -0700 Subject: [PATCH 89/94] [maven-release-plugin] prepare release v2.0.5 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 2285584..478a004 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.5-SNAPSHOT + 2.0.5 jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - master + v2.0.5 Github From db1efba804a08a099699425033c81a36bd51f2fd Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Thu, 12 Mar 2026 16:13:53 -0700 Subject: [PATCH 90/94] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 478a004..24fc310 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.spdx tools-java - 2.0.5 + 2.0.6-SNAPSHOT jar tools-java @@ -32,7 +32,7 @@ https://github.com/spdx/tools-java scm:git:git@github.com:spdx/tools-java.git scm:git:git@github.com:spdx/tools-java.git - v2.0.5 + master Github From 2b3cd5d1e78767d4a126b58f4949138dcf49daab Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Fri, 13 Mar 2026 13:15:04 -0700 Subject: [PATCH 91/94] Update spdx-v3-jsonld-store to version 1.0.4 Signed-off-by: Gary O'Neall --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 24fc310..e49e0af 100644 --- a/pom.xml +++ b/pom.xml @@ -143,7 +143,7 @@ org.spdx spdx-v3jsonld-store - 1.0.3 + 1.0.4 com.networknt From b928e8e28fa5e836e1af7cb465877b27a6a87efe Mon Sep 17 00:00:00 2001 From: Marc-Etienne Vargenau Date: Wed, 25 Mar 2026 10:30:14 +0100 Subject: [PATCH 92/94] Update README for release 2.0.5 Signed-off-by: Marc-Etienne Vargenau --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index b38af53..97761ab 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ If you are a developer, there are examples in the [examples folder](examples/org The command line interface of the SPDX Tools can be used like this: - java -jar tools-java-2.0.4-jar-with-dependencies.jar + java -jar tools-java-2.0.5-jar-with-dependencies.jar ## SPDX format converters @@ -54,18 +54,18 @@ The following converter tools support SPDX format: Example to convert a SPDX file from Tag to RDF format: - java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: * use the file extension `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: - java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD + java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities @@ -75,13 +75,13 @@ The following tools can be used to compare one or more SPDX documents: Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - java -jar tools-java-2.0.4-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.5-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN * CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.4-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.5-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer @@ -91,7 +91,7 @@ The following tool can be used to "Pretty Print" an SPDX document. Sample usage: - java -jar tools-java-2.0.4-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier @@ -101,7 +101,7 @@ The following tool can be used to verify an SPDX document: Sample usage: - java -jar tools-java-2.0.4-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.5-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators @@ -111,7 +111,7 @@ The following tool can be used to generate an SPDX verification code from a dire Sample usage: - java -jar tools-java-2.0.4-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.5-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool From 7b4f769314e959daa200e366cdc0a043bebf521b Mon Sep 17 00:00:00 2001 From: Marc-Etienne Vargenau Date: Wed, 15 Apr 2026 15:31:19 +0200 Subject: [PATCH 93/94] Allow .spdx3.json extension when converting from SPDX 2 to SPDX 3 Fixes https://github.com/spdx/tools-java/issues/278 Untested, please test before merging. Signed-off-by: Marc-Etienne Vargenau --- README.md | 2 +- src/main/java/org/spdx/tools/SpdxToolsHelper.java | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97761ab..93713aa 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ The file formats can optionally be provided as the 3rd and 4th parameter for the To convert from SPDX 2 to SPDX 3.0.1: -* use the file extension `.jsonld.json` or `.jsonld`; +* use the file extension `.spdx3.json` or `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: java -jar tools-java-2.0.5-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD diff --git a/src/main/java/org/spdx/tools/SpdxToolsHelper.java b/src/main/java/org/spdx/tools/SpdxToolsHelper.java index dfa9402..59ab84e 100644 --- a/src/main/java/org/spdx/tools/SpdxToolsHelper.java +++ b/src/main/java/org/spdx/tools/SpdxToolsHelper.java @@ -70,6 +70,7 @@ public enum SerFileType { static Map EXT_TO_FILETYPE; static { HashMap temp = new HashMap<>(); + temp.put("spdx3.json", SerFileType.JSONLD); temp.put("jsonld.json", SerFileType.JSONLD); temp.put("jsonld", SerFileType.JSONLD); temp.put("json", SerFileType.JSON); @@ -159,10 +160,14 @@ public static SerFileType fileToFileType(File file) if (fileName.endsWith("rdf.ttl")) { ext = "rdf.ttl"; } - }if ("json".equals(ext)) { + } + if ("json".equals(ext)) { if (fileName.endsWith("jsonld.json")) { ext = "jsonld.json"; } + if (fileName.endsWith("spdx3.json")) { + ext = "spdx3.json"; + } } SerFileType retval = EXT_TO_FILETYPE.get(ext); if (SerFileType.JSON.equals(retval)) { From fdd3ff3b49031fadceaea7ce84d1b2a47e9c853d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Apr 2026 16:22:38 +0000 Subject: [PATCH 94/94] Bump org.owasp:dependency-check-maven from 12.2.0 to 12.2.1 Bumps [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) from 12.2.0 to 12.2.1. - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/dependency-check/DependencyCheck/compare/v12.2.0...v12.2.1) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.2.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e49e0af..f9b3299 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ https://sonarcloud.io spdx tools-java - 12.2.0 + 12.2.1 11 -Xdoclint:none