Hey Community, this is mine first post. I am working on BSI:2.0 compliance for implementation of sbomqs. In
This is my understanding of how files and components are connected to each other: To know whether components contains any files or not. This can be answered from filesAnalyzed value. If filesAnalyzed is true , that means component contains files, and if filesAnalyzed is false that means component doesn't contain any files. Now the second part is, to know what all files does component contains ? This can be answered from hasFiles (as shown in below examples) fields. It lists all files name. In short, it list all files that component contains. Now to get detail information of each files listed in hasFiles , it is described in Files section. Here each file is detailed described with information such as file name , checksums , hasFiles , file type , and many more. And that how we can trace files attached with component and their detailed description. Below is the example containing all fields that I referred above. https://github.com/spdx/ntia-conformance-checker/blob/main/tests/data/no_elements_missing/SPDXJSONExample-v2.3.spdx.json#L111C1-L112C1 Now the challenge is: - In the official doc ( https://spdx.github.io/spdx-spec/v2.3/package-information/ ) with version 2.2 or 2.3 there is no such hasFiles field. As a result, now I don't have the answer of this question: W hat all files does component contains ? And that's what my doubt or say question is. So, yeah looking forward to hear from the community :) In the BSI:2.0 ( https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03183/BSI-TR-03183-2-2_0_0.pdf?__blob=publicationFile&v=3 ) , there are four fields are directly dependent on this concept of files: * filename * executable * archieve * structured -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1939): https://lists.spdx.org/g/spdx/message/1939 Mute This Topic: https://lists.spdx.org/mt/109699026/21656 Mute #spdx:https://lists.spdx.org/g/spdx/mutehashtag/spdx Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
