On Tue, Jun 03, 2025 at 04:40:24PM +0200, Ralf Glaser wrote: > Add boolean filesAnalyzed property without which > https://tools.spdx.org/app/validate/ > will not recognize the SPDX-SBOM as valid.
Hmm, that is strange. If I read the spec[1] correctly then this property is optional. And setting it to false seems incorrect as well: "If set to false, the package must not contain any files." Michael [1] https://spdx.org/rdf/spdx-terms-v2.3/#d4e2963 > Signed-off-by: Ralf Glaser <[email protected]> > --- > scripts/report/spdx.py | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/scripts/report/spdx.py b/scripts/report/spdx.py > index 96e56af19..f6fc371f8 100644 > --- a/scripts/report/spdx.py > +++ b/scripts/report/spdx.py > @@ -64,6 +64,29 @@ class _String(_Property): > def init(self, source): > return source > > +class _Bool(_Property): > + """ > + A scalar bool property for an SPDX object > + """ > + > + def __init__(self, **kwargs): > + super().__init__(**kwargs) > + > + def set_property(self, attrs, name): > + def get_helper(obj): > + return obj._spdx[name] > + > + def set_helper(obj, value): > + obj._spdx[name] = value > + > + def del_helper(obj): > + del obj._spdx[name] > + > + attrs[name] = property(get_helper, set_helper, del_helper) > + > + def init(self, source): > + return source > + > > class _Object(_Property): > """ > @@ -247,6 +270,7 @@ class SPDXPackage(SPDXObject): > packageFileName = _String() > annotations = _ObjectList(SPDXAnnotation) > checksums = _ObjectList(SPDXChecksum) > + filesAnalyzed = _Bool(default=False) > > > class SPDXFile(SPDXObject): > -- > 2.49.0 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
