Hi Suman, There is a branch in the tools-golang repository <https://github.com/spdx/tools-golang/tree/spdx3/spdx/v3/v3_0> that was used to tag a release candidate <https://github.com/spdx/tools-golang/releases/tag/v0.6.0-rc2> with more idiomatic Golang support for SPDX 3, including conversion *from* 2.3 to 3.x. It does not include *backwards* conversion, which it sounds like you are interested in pursuing as a GSOC project and would be very helpful.
-Keith On Tue, Mar 31, 2026 at 3:22 PM Suman Mandal via lists.spdx.org < [email protected]> wrote: > Hi everyone, > > I’m Suman, currently exploring the SPDX ecosystem and particularly > interested in SBOM tooling and validation, especially in the context of the > GSoC ideas around SPDX 3.0/3.1. > > I’ve been working with Go and cloud-native systems, and recently started > building a small CLI project (chainrisk) focused on supply-chain risk > analysis for container ecosystems. > > While going through the SPDX repositories, I noticed that: > > - > > tools-golang supports SPDX 2.x > - > > spdx-go-model provides low-level bindings for SPDX 3.x > > but there doesn’t seem to be high-level Go tooling yet for SPDX 3.x (e.g., > parsing, validation, or developer-friendly APIs). > > I wanted to ask: > > - > > Would extending Go support for SPDX 3.x (building higher-level tooling > on top of existing bindings) be considered a valuable direction for the > community, particularly in the context of the SBOM conformance checker > project? > - > > Or is the expectation to primarily build on top of the existing > Python/Java ecosystem for such tooling? > > I’m particularly interested in exploring a Go-based approach that > integrates well with cloud-native workflows (CLI tools, CI/CD pipelines), > and wanted to check if this direction aligns with current priorities. > > Looking forward to your guidance and happy to start contributing in this > area. > > Thanks! > > — > Suman Mandal > GitHub: https://github.com/jijo-OO7 > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2149): https://lists.spdx.org/g/spdx/message/2149 Mute This Topic: https://lists.spdx.org/mt/118603023/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
