Hello Dick, Thank you for pointing out. I added the figure of externalDocumentRefs. https://qiita.com/nori0428/items/b1892da6bd30ed6efff4#externaldocumentrefs
And as far as I've checked the current schema, https://github.com/spdx/spdx-spec/blob/development/v2.3.1/schemas/spdx-schema.json#L74-L110 there seems not to be any specifications for the SECURITY advisory object. e.g. referenceCategory, referenceLocator etc. I would appreciate it if you could check it. Best, -- kobota > -----Original Message----- > From: Dick Brooks <[email protected]> > Sent: Tuesday, March 14, 2023 9:04 PM > To: Kobota, Norio (SGC) <[email protected]>; [email protected] > Subject: RE: [spdx-tech] SPDX v2.3 JSON schema diagram > > Norio, > > This is excellent work, thank you. > > I did not see the externalRefs SECURITY advisory object in the model, see > Appendix K for examples; > INVALID URI REMOVED > -use/*k19-linking-to-an-sbom-vul__;Iw!!JmoZiZGBv3RvKRSx!-nI2uaq8rF6w > NOr1nmwq32AvUbf_gNeombvCh7b_ZDJvYU_whzhuRwi7UPL8-NVOj5M-in5j > vR2ZVmb5pxbxWMKgBBY$ [spdx[.]github[.]io] > nerability-report-for-a-software-product-per-nist-executive-order-14028 > > > Thanks, > > Dick Brooks > > Active Member of the CISA Critical Manufacturing Sector, > Sector Coordinating Council - A Public-Private Partnership > > Never trust software, always verify and report! T > http://www.reliableenergyanalytics.com > oZiZGBv3RvKRSx!-nI2uaq8rF6wNOr1nmwq32AvUbf_gNeombvCh7b_ZDJvYU > _whzhuRwi7UPL8-NVOj5M-in5jvR2ZVmb5pxbxLj9eBQM$ [reliableenergyana > lytics[.]com] > Email: [email protected] > Tel: +1 978-696-1788 > > -----Original Message----- > From: [email protected] <[email protected]> On Behalf Of > Norio > Kobota > Sent: Tuesday, March 14, 2023 5:17 AM > To: [email protected] > Subject: [spdx-tech] SPDX v2.3 JSON schema diagram > > Dear SPDX tech communities, > > Thank you for providing a lot of useful documents about SPDX! > We, OpenChain Japan SBOM-sg members, illustrated the v2.3 JSON schema a > little easier to see. > INVALID URI REMOVED > 0ed6efff4__;!!JmoZiZGBv3RvKRSx!-nI2uaq8rF6wNOr1nmwq32AvUbf_gNeom > bvCh7b_ZDJvYU_whzhuRwi7UPL8-NVOj5M-in5jvR2ZVmb5pxbxk2ApmFU$ [ > qiita[.]com] > I hope you can check it and let me ask a question. > We assume that v3.0 is also slightly different in model and implementation, > so are there any discussions that are considering JSON schema for v3.0? > > Best regards, > -- kobota @ OpenChain JWG SBOM-sg > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5038): https://lists.spdx.org/g/Spdx-tech/message/5038 Mute This Topic: https://lists.spdx.org/mt/97600265/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
