Hi Max,
I noticed some of the same issues. I just pinged William to see if he had a contact we could work directly with or if he had any advice since he worked at GitHub in the past. I’ll let you know what I find out. Gary From: [email protected] <[email protected]> On Behalf Of Kate Stewart Sent: Wednesday, March 29, 2023 11:53 AM To: Maximilian Huber <[email protected]> Cc: SPDX Outreach Mailing List <[email protected]> Subject: Re: Github can now export SPDX SBOMs Thanks Max, Yes, let's raise up feedback. I'll look and see if I can find a direct email to Justin. Thanks, Kate On Wed, Mar 29, 2023 at 11:08 AM Maximilian Huber <[email protected] <mailto:[email protected]> > wrote: Hey Kate, Sadly I already have a found some issues which make these files non-compliant. E.g. - usage of non-SPDX licenses in expressions (E.g. LGPL-3.0) - documentDescribes points to something, which is not contained in the document - the example I am currently looking at fails to validate with: Analysis exception processing SPDX file: Error parsing JSON field for ID SPDXRef-maven-org.owasp:dependency-check-maven-8.0.1: Empty license expression Less problematic: - No relations between described elements (actually no relations at all) Maybe we should voice our feedback early. Best Max On Wed, 2023-03-29 at 10:36 -0500, Kate Stewart wrote: > Sebastian, Jack, Alexios > > Not sure if you've spotted this yet or not, but > https://github.blog/2023-03-28-introducing-self-service-sboms/ > > This is a major enabler for making things easier for developers > working with repos on github, to produce SBOMs in SPDX format. > > Can the outreach committee look at promoting it to developers, and > making others aware of this capability? Who is on point for > promoting this sort of thing these days? > > Thanks, > Kate > > -- TNG Technology Consulting GmbH, Beta-Str. 13a, 85774 Unterföhring Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Thomas Endres Aufsichtsratsvorsitzender: Christoph Stock Sitz: Unterföhring * Amtsgericht München * HRB 135082 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#762): https://lists.spdx.org/g/Spdx-outreach/message/762 Mute This Topic: https://lists.spdx.org/mt/97931258/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-outreach/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
