Skip to content

TEMPORARY repo to contain different draft examples for SPDX 3.0 serializations

License

Notifications You must be signed in to change notification settings

umm0/spdx-3-serialization-prototype-playground

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

88 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

spdx-3-serialization-prototype-playground

TEMPORARY repo to contain different draft examples for SPDX 3.0 serializations.

This repository is an open playground to experiment with different serialization formats and approaches for the SPDX 3.0 spec.

Once we have decided on the officially supported SPDX serializations, they will be documented in other repositories and this repository will be deleted.

Directory Structure

Each serialization approach will be in a separate sub-directory. The sub-directory will contain a README.md file with background on the serialization approach, a description on the different examples, and a link to any tools that can parse these files.

Contributing

All contributions are licensed under CC0 - please sign-off any commits.

New serialization approaches should be in their own directories with an appropriate README.md file.

We will do a minimum review of new proposals before merging.

Suggestions to existing serialization approaches will be reviewed by the contributors of the original serializations approach before merging.

Operating Principles

  1. The logical model is the single authoritative source for SPDXv3 content. All examples submitted to the playground should correspond to the given model examples to allow for easy comparison. The initial set of examples is from the SPDX v3 serialization README (see use cases).
  2. The contributor for each serialization method is responsible for creating the examples and test code for that method.
  3. The barrier to entry should be minimal. A contributor may create as many or as few examples as they deem appropriate for defining the method.
  4. Although examples may be initially submitted to illustrate ideas before code has been developed to process them, serializing and parsing code will eventually be necessary to demonstrate that the examples correctly reflect the model.

See USING for more detail on the creation and use of model templates, logical examples, and serialized examples.

Individual Element Examples

  • The code for each serialization method translates between the logical examples and the corresponding serialized examples in both directions, demonstrating the ability of the serialization method to correctly implement the model. This enables translation of serialized data from any format to any other by reading and writing logical values.
Logical Examples RDF XML JSON-LD JSON1 JSON2 JSON3 Protobuf CBOR YAML Text1
--- Agents ---
Agent1 o o
Person1 with minimal CreationInfo o o
Person2 with full CreationInfo o o
Person3 with no CreationInfo??? o o
Organization1 o o
Tool1 not an Agent o o
--- Annotations ---
Annotation1 o o
--- Artifacts ---
Package1 o o
Package2 with ExternalIdentifier o
Package3 with ExternalReference o
File1 o o
File2 o o
Snippet1 o
--- Relationships ---
Relationship1 Pkg1, File1, File2 o
Relationship2 with time properties
LifecycleScopeRelationship1
AssessmentRelationship1
SoftwareDependencyRelationship1
--- Collections ---
Bom2
Sbom1 with two Files
Sbom2 with Pkg1, File1, File2, Rel1 o
Bundle1
Bundle2 of Person1, Person2
--- SpdxDocuments ---
SpdxDocument1 with two Files o
SpdxDocument2 with two Sboms o
SpdxDocument3 with NamespaceMap
SpdxDocument4 with ExternalMap
SpdxDocument5 v2.3 example o
--- Licensing ---
License1 single artifact
CustomLicense1 single artifact
LicenseExpression1 single artifact
LicenseExpression2 single artifact
LicenseExpression3 two artifacts
--- Security ---
--- Build ---

NOTE: need list of element types required by each licensing use case, specify which artifact examples

Multiple Element Examples

  • An element set is the list of individual element example values that are included in a Payload.
  • A Payload is the result of combining the element set into serialized data in a method-specific manner.
  • The code for a method translates between the Payload and its element set in both directions.
Example RDF XML JSON-LD JSON1 JSON2 JSON3 Protobuf CBOR YAML Text1
Payload1 - File1, File2 o
Payload2 - Sbom1, Sbom2 o
Payload3 - v2.3 o

About

TEMPORARY repo to contain different draft examples for SPDX 3.0 serializations

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%