Skip to main content

Week 1 meeting and activities

(May 28,2024)

Attendees

Discussions

  • I presented the basic SPDX v3.0 JSON-ld format report to the mentors.
  • Got a feedback for the implementation of the required fields and profiles in the reports .
  • Also was asked to validate the reports generated using the SPDX python tool.
  • Next Step: Work on Licensing profile in JSON-ld reports.

Core and software profile use cases

  • Core profile

    • The Core profile describes the foundational classes and properties that are used by all profiles of the SPDX model.
  • Software profile

    • The Software profile contains information about files, packages, SBOMs, snippets, and artifacts of the software application.

The model image for the Core+Software profile. I have implemented the following use cases as required by the organization for this profile:

  • Person
  • Agent
  • Tool
  • File
  • Package
  • Person with full CreationInfo
  • Package with ExternalIdentifier
  • Relationship with Package containing Files
  • SpdxDocument with Files

Updates

  • Started working on SPDX v3.0 JSON-ld format report generation.
  • In this week, I targeted to implement Core and Software profiles in this format.