Home

Awesome

spdx-3-serialization-prototype-playground

TEMPORARY repo to contain different draft examples for SPDX 3.0 serializations.

This repository is an open playground to experiment with different serialization formats and approaches for the SPDX 3.0 spec.

Once we have decided on the officially supported SPDX serializations, they will be documented in other repositories and this repository will be deleted.

Directory Structure

Each serialization approach will be in a separate sub-directory. The sub-directory will contain a README.md file with background on the serialization approach, a description on the different examples, and a link to any tools that can parse these files.

Contributing

All contributions are licensed under CC0 - please sign-off any commits.

New serialization approaches should be in their own directories with an appropriate README.md file.

We will do a minimum review of new proposals before merging.

Suggestions to existing serialization approaches will be reviewed by the contributors of the original serializations approach before merging.

Operating Principles

  1. The logical model is the single authoritative source for SPDXv3 content. All examples submitted to the playground should correspond to the given model examples to allow for easy comparison. The initial set of examples is from the SPDX v3 serialization README (see use cases).
  2. The contributor for each serialization method is responsible for creating the examples and test code for that method.
  3. The barrier to entry should be minimal. A contributor may create as many or as few examples as they deem appropriate for defining the method.
  4. Although examples may be initially submitted to illustrate ideas before code has been developed to process them, serializing and parsing code will eventually be necessary to demonstrate that the examples correctly reflect the model.

See USING for more detail on the creation and use of model templates, logical examples, and serialized examples.

Individual Element Examples

Logical ExamplesRDFXMLJSON-LDJSON1JSON2JSON3ProtobufCBORYAMLText1
--- Agents ---
Agent1oo
Person1 with minimal CreationInfooo
Person2 with full CreationInfooo
Person3 with no CreationInfo???oo
Organization1oo
Tool1 not an Agentoo
--- Annotations ---
Annotation1oo
--- Artifacts ---
Package1oo
Package2 with ExternalIdentifiero
Package3 with ExternalReferenceo
File1oo
File2oo
Snippet1o
--- Relationships ---
Relationship1 Pkg1, File1, File2o
Relationship2 with time properties
LifecycleScopeRelationship1
AssessmentRelationship1
SoftwareDependencyRelationship1
--- Collections ---
Bom2
Sbom1 with two Files
Sbom2 with Pkg1, File1, File2, Rel1o
Bundle1
Bundle2 of Person1, Person2
--- SpdxDocuments ---
SpdxDocument1 with two Fileso
SpdxDocument2 with two Sbomso
SpdxDocument3 with NamespaceMap
SpdxDocument4 with ExternalMap
SpdxDocument5 v2.3 exampleo
--- Licensing ---
License1 single artifact
CustomLicense1 single artifact
LicenseExpression1 single artifact
LicenseExpression2 single artifact
LicenseExpression3 two artifacts
--- Security ---
--- Build ---

NOTE: need list of element types required by each licensing use case, specify which artifact examples

Multiple Element Examples

ExampleRDFXMLJSON-LDJSON1JSON2JSON3ProtobufCBORYAMLText1
Payload1 - File1, File2o
Payload2 - Sbom1, Sbom2o
Payload3 - v2.3o