Norio, This is excellent work, thank you.
I did not see the externalRefs SECURITY advisory object in the model, see Appendix K for examples; https://spdx.github.io/spdx-spec/v2.3/how-to-use/#k19-linking-to-an-sbom-vul nerability-report-for-a-software-product-per-nist-executive-order-14028 Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership Never trust software, always verify and report! T http://www.reliableenergyanalytics.com Email: [email protected] Tel: +1 978-696-1788 -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Norio Kobota Sent: Tuesday, March 14, 2023 5:17 AM To: [email protected] Subject: [spdx-tech] SPDX v2.3 JSON schema diagram Dear SPDX tech communities, Thank you for providing a lot of useful documents about SPDX! We, OpenChain Japan SBOM-sg members, illustrated the v2.3 JSON schema a little easier to see. https://qiita.com/nori0428/items/b1892da6bd30ed6efff4 I hope you can check it and let me ask a question. We assume that v3.0 is also slightly different in model and implementation, so are there any discussions that are considering JSON schema for v3.0? Best regards, -- kobota @ OpenChain JWG SBOM-sg -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5034): https://lists.spdx.org/g/Spdx-tech/message/5034 Mute This Topic: https://lists.spdx.org/mt/97600265/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
